_('Disabled')),

            ('hg.register.manual_activate',

                _('Allowed with manual account activation')),

            ('hg.register.auto_activate',

                _('Allowed with automatic account activation')), ]

        c.repo_create_choices = [('hg.create.none', _('Disabled')),

                                 ('hg.create.repository', _('Enabled'))]

        c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),

                                       ('hg.usergroup.create.true', _('Enabled'))]

                    [x[0] for x in c.group_perms_choices],

                    [x[0] for x in c.user_group_perms_choices],

                    [x[0] for x in c.repo_create_choices],

                    [x[0] for x in c.repo_group_create_choices],

                    [x[0] for x in c.user_group_create_choices],

                    [x[0] for x in c.fork_choices],

            try:

                form_result = _form.to_python(dict(request.POST))

                form_result.update({'perm_user_name': id})

                PermissionModel().update(form_result)

                Session().commit()

                if p.permission.permission_name.startswith('hg.usergroup.'):

                    defaults['default_user_group_create'] = p.permission.permission_name

                if p.permission.permission_name.startswith('hg.register.'):

                    defaults['default_register'] = p.permission.permission_name

                if p.permission.permission_name.startswith('hg.fork.'):

                    defaults['default_fork'] = p.permission.permission_name

            return htmlfill.render(

                render('admin/permissions/permissions.html'),

                defaults=defaults,

                                                           .get(k), [''])[0]

                user_attrs = {

                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

                 'email': get_ldap_attr('ldap_attr_email'),

                }

                # don't store LDAP password since we don't need it. Override

                # with some random generated password

                _password = PasswordGenerator().gen_password(length=8)

                # create this user on the fly if it doesn't exist in rhodecode

    user = User.get_by_username(username)

    if user is None:

        user_attrs = {

            'name': username,

            'lastname': None,

            'email': None,

        }

        user = UserModel().create_for_container_auth(username, user_attrs)

        if not user:

            return None

        log.info('User %s was created by container authentication' % username)

        ('hg.create.none', _('Repository creation disabled')),

        ('hg.create.repository', _('Repository creation enabled')),

        ('hg.fork.none', _('Repository forking disabled')),

        ('hg.fork.repository', _('Repository forking enabled')),

    ]

    #definition of system default permissions for DEFAULT user

    DEFAULT_USER_PERMISSIONS = [

        'repository.read',

        'group.read',

        'usergroup.read',

        'hg.create.repository',

        'hg.fork.repository',

        'hg.register.manual_activate',

    ]

    # defines which permissions are more important higher the more important

    # Weight defines which permissions are more important.

    # The higher number the more important.

    PERM_WEIGHTS = {

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

                           user_group_perms_choices, create_choices,

                           repo_group_create_choices, user_group_create_choices,

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default_repo = v.StringBoolean(if_missing=False)

        overwrite_default_group = v.StringBoolean(if_missing=False)

        overwrite_default_user_group = v.StringBoolean(if_missing=False)

        default_repo_create = v.OneOf(create_choices)

        default_user_group_create = v.OneOf(user_group_create_choices)

        #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet

        default_fork = v.OneOf(fork_choices)

        default_register = v.OneOf(register_choices)

    return _DefaultPermissionsForm

def CustomDefaultPermissionsForm():

    class _CustomDefaultPermissionsForm(formencode.Schema):

        filter_extra_fields = True

            #create fresh set of permissions

            for def_perm_key in ['default_repo_perm', 'default_group_perm',

                                 'default_user_group_perm',

                                 'default_repo_create',

                                 #'default_repo_group_create', #not implemented yet

                                 'default_user_group_create',

                p = _make_new(perm_user, form_result[def_perm_key])

                self.sa.add(p)

            #stage 3 update all default permissions for repos if checked

            if form_result['overwrite_default_repo'] == True:

                _def_name = form_result['default_repo_perm'].split('repository.')[-1]

                    <label for="default_register">${_('Registration')}:</label>

                </div>

                <div class="select">

                    ${h.select('default_register','',c.register_choices)}

                </div>

             </div>

            <div class="buttons">

              ${h.submit('save',_('Save'),class_="ui-btn large")}

              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

            </div>

        </div>

    </div>