rights, or regular users that cannot specify different userid than theirs

either users_group or user associated to that repository. This command can be 

executed only using api_key belonging to user with admin 

rights or regular user that have at least read access to repository.

Lists all existing repositories. This command can be executed only using 

api_key belonging to user with admin rights or regular user that have 

admin, write or read access to repository.

Creates a repository. If repository name contains "/", all needed repository

groups will be created. For example "foo/bar/baz" will create groups 

"foo", "bar" (with "foo" as parent), and create "baz" repository with 

"bar" as group. This command can be executed only using api_key belonging to user with admin 

rights or regular user that have create repository permission. Regular users

cannot specify owner parameter

                "owner" :            "<onwer_name_or_id = Optional(=apiuser)>",

Creates a fork of given repo. In case of using celery this will

asynchronous. This command can be executed only using api_key belonging to

user with admin rights or regular user that have fork permission, and at least

read access to forking repository. Regular users cannot specify owner parameter.

                "owner":            "<username or user_id = Optional(=apiuser)>",

Deletes a repository. This command can be executed only using api_key belonging to user with admin 

rights or regular user that have admin access to repository.

from rhodecode.model import meta

from rhodecode.lib.compat import izip_longest, json

            #make sure normal user does not pass someone else userid, 

            #he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                    'userid is not the same as your user'

            raise JSONRPCError('repository `%s` does not exist' % (repoid))

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            #make sure normal user does not pass someone else userid, 

            #he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                    'userid is not the same as your user'

        if isinstance(userid, Optional):

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            # check if we have admin permission for this repo !

            if HasRepoPermissionAnyApi('repository.admin')(user=apiuser,

                                            repo_name=repo.repo_name) is False:

                raise JSONRPCError('repository `%s` does not exist' % (repoid))

        result = []

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            repos = RepoModel().get_all_user_repos(user=apiuser)

        else:

            repos = RepoModel().get_all()

        for repo in repos:

    def create_repo(self, apiuser, repo_name, owner=Optional(OAttr('apiuser')),

                    repo_type=Optional('hg'),

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            if not isinstance(owner, Optional):

                #forbid setting owner for non-admins

                raise JSONRPCError(

                    'Only RhodeCode admin can specify `owner` param'

                )

        if isinstance(owner, Optional):

            owner = apiuser.user_id

    @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')

    def fork_repo(self, apiuser, repoid, fork_name, owner=Optional(OAttr('apiuser')),

        if HasPermissionAnyApi('hg.admin')(user=apiuser):

            pass

        elif HasRepoPermissionAnyApi('repository.admin',

                                     'repository.write',

                                     'repository.read')(user=apiuser,

                                                        repo_name=repo.repo_name):

            if not isinstance(owner, Optional):

                #forbid setting owner for non-admins

                raise JSONRPCError(

                    'Only RhodeCode admin can specify `owner` param'

                )

        else:

            raise JSONRPCError('repository `%s` does not exist' % (repoid))

        if isinstance(owner, Optional):

            owner = apiuser.user_id

        owner = get_user_or_error(owner)

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            # check if we have admin permission for this repo !

            if HasRepoPermissionAnyApi('repository.admin')(user=apiuser,

                                            repo_name=repo.repo_name) is False:

                 raise JSONRPCError('repository `%s` does not exist' % (repoid))

    def get_all_user_repos(self, user):

        """

        Get's all repositories that user have at least read access

        :param user:

        :type user:

        """

        from rhodecode.lib.auth import AuthUser

        user = self._get_user(user)

        repos = AuthUser(user_id=user.user_id).permissions['repositories']

        access_check = lambda r: r[1] in ['repository.read',

                                          'repository.write',

                                          'repository.admin']

        repos = [x[0] for x in filter(access_check, repos.items())]

        return Repository.query().filter(Repository.repo_name.in_(repos))

def create_repo(repo_name, repo_type, owner=None):

    cur_user = UserModel().get_by_username(owner or TEST_USER_ADMIN_LOGIN)

        self.test_user = UserModel().create_or_update(

        self.TEST_USER_LOGIN = self.test_user.username

        self.apikey_regular = self.test_user.api_key

        id_, params = _build_data(self.apikey, 'get_repo')

        expected = 'Missing non optional `repoid` arg in JSON DATA'

    def test_api_get_user_without_giving_userid(self):

        id_, params = _build_data(self.apikey, 'get_user')

        response = api_call(self, params)

        usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)

        ret = usr.get_api_data()

        ret['permissions'] = AuthUser(usr.user_id).permissions

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user_without_giving_userid_non_admin(self):

        id_, params = _build_data(self.apikey_regular, 'get_user')

        response = api_call(self, params)

        usr = UserModel().get_by_username(self.TEST_USER_LOGIN)

        ret = usr.get_api_data()

        ret['permissions'] = AuthUser(usr.user_id).permissions

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user_with_giving_userid_non_admin(self):

        id_, params = _build_data(self.apikey_regular, 'get_user',

                                  userid=self.TEST_USER_LOGIN)

        response = api_call(self, params)

        expected = 'userid is not the same as your user'

        self._compare_error(id_, expected, given=response.body)

    def test_api_lock_repo_lock_aquire_by_non_admin(self):

        repo_name = 'api_delete_me'

        create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)

        try:

            id_, params = _build_data(self.apikey_regular, 'lock',

                                      repoid=repo_name,

                                      locked=True)

            response = api_call(self, params)

            expected = ('User `%s` set lock state for repo `%s` to `%s`'

                       % (self.TEST_USER_LOGIN, repo_name, True))

            self._compare_ok(id_, expected, given=response.body)

        finally:

            destroy_repo(repo_name)

    def test_api_lock_repo_lock_aquire_non_admin_with_userid(self):

        repo_name = 'api_delete_me'

        create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)

        try:

            id_, params = _build_data(self.apikey_regular, 'lock',

                                      userid=TEST_USER_ADMIN_LOGIN,

                                      repoid=repo_name,

                                      locked=True)

            response = api_call(self, params)

            expected = 'userid is not the same as your user'

            self._compare_error(id_, expected, given=response.body)

        finally:

            destroy_repo(repo_name)

    def test_api_lock_repo_lock_aquire_non_admin_not_his_repo(self):

        id_, params = _build_data(self.apikey_regular, 'lock',

                                  repoid=self.REPO,

                                  locked=True)

        response = api_call(self, params)

        expected = 'repository `%s` does not exist' % (self.REPO)

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repo_by_non_admin(self):

        id_, params = _build_data(self.apikey, 'get_repo',

                                  repoid=self.REPO)

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(self.REPO)

        ret = repo.get_api_data()

        members = []

        for user in repo.repo_to_perm:

            perm = user.permission.permission_name

            user = user.user

            user_data = user.get_api_data()

            user_data['type'] = "user"

            user_data['permission'] = perm

            members.append(user_data)

        for users_group in repo.users_group_to_perm:

            perm = users_group.permission.permission_name

            users_group = users_group.users_group

            users_group_data = users_group.get_api_data()

            users_group_data['type'] = "users_group"

            users_group_data['permission'] = perm

            members.append(users_group_data)

        ret['members'] = members

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_repo_by_non_admin_no_permission_to_repo(self):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.none')

        id_, params = _build_data(self.apikey_regular, 'get_repo',

                                  repoid=self.REPO)

        response = api_call(self, params)

        expected = 'repository `%s` does not exist' % (self.REPO)

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repos_non_admin(self):

        id_, params = _build_data(self.apikey_regular, 'get_repos')

        response = api_call(self, params)

        result = []

        for repo in RepoModel().get_all_user_repos(self.TEST_USER_LOGIN):

            result.append(repo.get_api_data())

        ret = jsonify(result)

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_create_repo_dont_specify_owner(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                    repo_name=repo_name,

                                    repo_type='hg',

                                  )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'repo': jsonify(repo.get_api_data())

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                    repo_name=repo_name,

                                    repo_type='hg',

                                  )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'repo': jsonify(repo.get_api_data())

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin_specify_owner(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                    repo_name=repo_name,

                                    repo_type='hg',

                                    owner=owner

                                  )

        response = api_call(self, params)

        expected = 'Only RhodeCode admin can specify `owner` param'

        self._compare_error(id_, expected, given=response.body)

        destroy_repo(repo_name)

    def test_api_delete_repo_by_non_admin(self):

        repo_name = 'api_delete_me'

        create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)

        try:

            id_, params = _build_data(self.apikey_regular, 'delete_repo',

                                      repoid=repo_name,)

            response = api_call(self, params)

            ret = {

                'msg': 'Deleted repository `%s`' % repo_name,

                'success': True

            }

            expected = ret

            self._compare_ok(id_, expected, given=response.body)

        finally:

            destroy_repo(repo_name)

    def test_api_delete_repo_by_non_admin_no_permission(self):

        repo_name = 'api_delete_me'

        create_repo(repo_name, self.REPO_TYPE)

        try:

            id_, params = _build_data(self.apikey_regular, 'delete_repo',

                                      repoid=repo_name,)

            response = api_call(self, params)

            expected = 'repository `%s` does not exist' % (repo_name)

            self._compare_error(id_, expected, given=response.body)

        finally:

            destroy_repo(repo_name)

    def test_api_fork_repo_non_admin(self):

        fork_name = 'api-repo-fork'

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                    repoid=self.REPO,

                                    fork_name=fork_name,

                                  )

        response = api_call(self, params)

        ret = {

            'msg': 'Created fork of `%s` as `%s`' % (self.REPO,

                                                     fork_name),

            'success': True

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        destroy_repo(fork_name)

    def test_api_fork_repo_non_admin_specify_owner(self):

        fork_name = 'api-repo-fork'

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                    repoid=self.REPO,

                                    fork_name=fork_name,

                                    owner=TEST_USER_ADMIN_LOGIN,

                                  )

        response = api_call(self, params)

        expected = 'Only RhodeCode admin can specify `owner` param'

        self._compare_error(id_, expected, given=response.body)

        destroy_repo(fork_name)

    def test_api_fork_repo_non_admin_no_permission_to_fork(self):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.none')

        fork_name = 'api-repo-fork'

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                    repoid=self.REPO,

                                    fork_name=fork_name,

                                  )

        response = api_call(self, params)

        expected = 'repository `%s` does not exist' % (self.REPO)

        self._compare_error(id_, expected, given=response.body)

        destroy_repo(fork_name)