rmap.connect('home', '/', controller='home', action='index')

    rmap.connect('about', '/about', controller='home', action='about')

    rmap.connect('repo_switcher_data', '/_repos', controller='home',

                 action='repo_switcher_data')

    rmap.connect('rst_help',

                 "http://docutils.sourceforge.net/docs/user/rst/quickref.html",

                 _static=True)

    rmap.connect('kallithea_project_url', "https://kallithea-scm.org/", _static=True)

    rmap.connect('issues_url', 'https://bitbucket.org/conservancy/kallithea/issues', _static=True)

    #ADMIN REPOSITORY ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/repos') as m:

        m.connect("repos", "/repos",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("repos", "/repos",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_repo", "/create_repository",

                  action="create_repository", conditions=dict(method=["GET"]))

        m.connect("put_repo", "/repos/{repo_name:.*?}",

                  action="update", conditions=dict(method=["PUT"],

                  function=check_repo))

        m.connect("delete_repo", "/repos/{repo_name:.*?}",

                  action="delete", conditions=dict(method=["DELETE"],

                  ))

    #ADMIN REPOSITORY GROUPS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/repo_groups') as m:

        m.connect("repos_groups", "/repo_groups",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("repos_groups", "/repo_groups",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_repos_group", "/repo_groups/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

                  action="update", conditions=dict(method=["PUT"],

                                                   function=check_group))

        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_group))

        #EXTRAS REPO GROUP ROUTES

        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

                  action="edit",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

                  action="edit_repo_group_advanced",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="edit_repo_group_perms",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="update_perms",

                  conditions=dict(method=["PUT"], function=check_group))

        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="delete_perms",

                  conditions=dict(method=["DELETE"], function=check_group))

        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}",

                  action="delete", conditions=dict(method=["DELETE"],

                                                   function=check_group_skip_path))

    #ADMIN USER ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/users') as m:

        m.connect("users", "/users",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("users", "/users",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("formatted_users", "/users.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_user", "/users/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_user", "/users/{id}",

                  action="update", conditions=dict(method=["PUT"]))

        m.connect("delete_user", "/users/{id}",

                  action="delete", conditions=dict(method=["DELETE"]))

        m.connect("edit_user", "/users/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]))

        #EXTRAS USER ROUTES

        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

                  action="edit_advanced", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="edit_api_keys", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="add_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="delete_api_key", conditions=dict(method=["DELETE"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="edit_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="update_perms", conditions=dict(method=["PUT"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="edit_emails", conditions=dict(method=["GET"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="add_email", conditions=dict(method=["PUT"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="delete_email", conditions=dict(method=["DELETE"]))

        m.connect("edit_user_ips", "/users/{id}/edit/ips",

                  action="edit_ips", conditions=dict(method=["GET"]))

        m.connect("edit_user_ips", "/users/{id}/edit/ips",

                  action="add_ip", conditions=dict(method=["PUT"]))

        m.connect("edit_user_ips", "/users/{id}/edit/ips",

                  action="delete_ip", conditions=dict(method=["DELETE"]))

    #ADMIN USER GROUPS REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/user_groups') as m:

        m.connect("users_groups", "/user_groups",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("users_groups", "/user_groups",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_users_group", "/user_groups/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_users_group", "/user_groups/{id}",

                  action="update", conditions=dict(method=["PUT"]))

        m.connect("delete_users_group", "/user_groups/{id}",

                  action="delete", conditions=dict(method=["DELETE"]))

        m.connect("edit_users_group", "/user_groups/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]),

                  function=check_user_group)

        #EXTRAS USER GROUP ROUTES

        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

                  action="edit_default_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

        m.connect("my_account_perms", "/my_account/perms",

                  action="my_account_perms", conditions=dict(method=["GET"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails", conditions=dict(method=["GET"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails_add", conditions=dict(method=["POST"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails_delete", conditions=dict(method=["DELETE"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys", conditions=dict(method=["GET"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys_add", conditions=dict(method=["POST"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys_delete", conditions=dict(method=["DELETE"]))

    #NOTIFICATION REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/notifications') as m:

        m.connect("notifications", "/notifications",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("notifications_mark_all_read", "/notifications/mark_all_read",

                  action="mark_all_read", conditions=dict(method=["GET"]))

        m.connect("formatted_notifications", "/notifications.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("/notifications/{notification_id}",

                  action="update", conditions=dict(method=["PUT"]))

        m.connect("/notifications/{notification_id}",

                  action="delete", conditions=dict(method=["DELETE"]))

        m.connect("notification", "/notifications/{notification_id}",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_notification", "/notifications/{notification_id}.{format}",

                  action="show", conditions=dict(method=["GET"]))

    #ADMIN GIST

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/gists') as m:

        m.connect("gists", "/gists",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("gists", "/gists",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_gist", "/gists/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("/gists/{gist_id}",

                  action="delete", conditions=dict(method=["DELETE"]))

        m.connect("edit_gist", "/gists/{gist_id}/edit",

                  action="edit", conditions=dict(method=["GET", "POST"]))

        m.connect("edit_gist_check_revision", "/gists/{gist_id}/edit/check_revision",

                  action="check_revision", conditions=dict(method=["POST"]))

        m.connect("gist", "/gists/{gist_id}",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("gist_rev", "/gists/{gist_id}/{revision}",

                  revision="tip",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_gist", "/gists/{gist_id}/{revision}/{format}",

                  revision="tip",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_gist_file", "/gists/{gist_id}/{revision}/{format}/{f_path:.*}",

                  revision='tip',

                  action="show", conditions=dict(method=["GET"]))

    #ADMIN MAIN PAGES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/admin') as m:

        m.connect('admin_home', '', action='index')

        m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',

                  action='add_repo')

    #==========================================================================

    # API V2

    #==========================================================================

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='api/api') as m:

        m.connect('api', '/api')

    #USER JOURNAL

    rmap.connect('journal', '%s/journal' % ADMIN_PREFIX,

                 controller='journal', action='index')

    rmap.connect('journal_rss', '%s/journal/rss' % ADMIN_PREFIX,

                 controller='journal', action='journal_rss')

    rmap.connect('journal_atom', '%s/journal/atom' % ADMIN_PREFIX,

                 controller='journal', action='journal_atom')

    rmap.connect('public_journal', '%s/public_journal' % ADMIN_PREFIX,

                 controller='journal', action="public_journal")

    rmap.connect('public_journal_rss', '%s/public_journal/rss' % ADMIN_PREFIX,

                 controller='journal', action="public_journal_rss")

    rmap.connect('public_journal_rss_old', '%s/public_journal_rss' % ADMIN_PREFIX,

                 controller='journal', action="public_journal_rss")

        self.__load_defaults()

        gist_form = GistForm([x[0] for x in c.lifetime_values])()

        try:

            form_result = gist_form.to_python(dict(request.POST))

            #TODO: multiple files support, from the form

            filename = form_result['filename'] or Gist.DEFAULT_FILENAME

            nodes = {

                filename: {

                    'content': form_result['content'],

                    'lexer': form_result['mimetype']  # None is autodetect

                }

            }

            _public = form_result['public']

            gist_type = Gist.GIST_PUBLIC if _public else Gist.GIST_PRIVATE

            gist = GistModel().create(

                description=form_result['description'],

                owner=c.authuser.user_id,

                gist_mapping=nodes,

                gist_type=gist_type,

                lifetime=form_result['lifetime']

            )

            Session().commit()

            new_gist_id = gist.gist_access_id

        except formencode.Invalid as errors:

            defaults = errors.value

            return formencode.htmlfill.render(

                render('admin/gists/new.html'),

                defaults=defaults,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception as e:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during gist creation'), category='error')

            raise HTTPFound(location=url('new_gist'))

        raise HTTPFound(location=url('gist', gist_id=new_gist_id))

    @LoginRequired()

    @NotAnonymous()

    def new(self, format='html'):

        self.__load_defaults()

        return render('admin/gists/new.html')

    @LoginRequired()

    @NotAnonymous()

    def delete(self, gist_id):

        gist = GistModel().get_gist(gist_id)

        owner = gist.gist_owner == c.authuser.user_id

        if h.HasPermissionAny('hg.admin')() or owner:

            GistModel().delete(gist)

            Session().commit()

            h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success')

        else:

            raise HTTPForbidden()

        raise HTTPFound(location=url('gists'))

    @LoginRequired()

    def show(self, gist_id, revision='tip', format='html', f_path=None):

        c.gist = Gist.get_or_404(gist_id)

        #check if this gist is not expired

        if c.gist.gist_expires != -1:

            if time.time() > c.gist.gist_expires:

                log.error('Gist expired at %s',

                          time_to_datetime(c.gist.gist_expires))

                raise HTTPNotFound()

        try:

            c.file_changeset, c.files = GistModel().get_gist_files(gist_id,

                                                            revision=revision)

        except VCSError:

            log.error(traceback.format_exc())

            raise HTTPNotFound()

        if format == 'raw':

            content = '\n\n'.join([f.content for f in c.files if (f_path is None or safe_unicode(f.path) == f_path)])

            response.content_type = 'text/plain'

            return content

        return render('admin/gists/show.html')

    @LoginRequired()

    @NotAnonymous()

    def edit(self, gist_id, format='html'):

        c.gist = Gist.get_or_404(gist_id)

        #check if this gist is not expired

        if c.gist.gist_expires != -1:

            if time.time() > c.gist.gist_expires:

                log.error('Gist expired at %s',

                          time_to_datetime(c.gist.gist_expires))

                raise HTTPNotFound()

        try:

            c.file_changeset, c.files = GistModel().get_gist_files(gist_id)

        except VCSError:

                                         'public': 'public',

                                         '_authentication_token': self.authentication_token()},

                                 status=200)

        response.mustcontain('Filename cannot be inside a directory')

    def test_access_expired_gist(self):

        self.log_user()

        gist = _create_gist('never-see-me')

        gist.gist_expires = 0  # 1970

        Session().add(gist)

        Session().commit()

        response = self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)

    def test_create_private(self):

        self.log_user()

        response = self.app.post(url('gists'),

                                 params={'lifetime': -1,

                                         'content': 'private gist test',

                                         'filename': 'private-foo',

                                         'private': 'private',

                                         '_authentication_token': self.authentication_token()},

                                 status=302)

        response = response.follow()

        response.mustcontain('added file: private-foo<')

        response.mustcontain('private gist test')

        response.mustcontain('<div class="btn btn-mini btn-warning disabled">Private Gist</div>')

    def test_create_with_description(self):

        self.log_user()

        response = self.app.post(url('gists'),

                                 params={'lifetime': -1,

                                         'content': 'gist test',

                                         'filename': 'foo-desc',

                                         'description': 'gist-desc',

                                         'public': 'public',

                                         '_authentication_token': self.authentication_token()},

                                 status=302)

        response = response.follow()

        response.mustcontain('added file: foo-desc')

        response.mustcontain('gist test')

        response.mustcontain('gist-desc')

        response.mustcontain('<div class="btn btn-mini btn-success disabled">Public Gist</div>')

    def test_new(self):

        self.log_user()

        response = self.app.get(url('new_gist'))

    def test_delete(self):

        self.log_user()

        gist = _create_gist('delete-me')

        response = self.app.post(url('gist', gist_id=gist.gist_id),

            params={'_method': 'delete', '_authentication_token': self.authentication_token()})

    def test_delete_normal_user_his_gist(self):

        self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)

        gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)

        response = self.app.post(url('gist', gist_id=gist.gist_id),

            params={'_method': 'delete', '_authentication_token': self.authentication_token()})

    def test_delete_normal_user_not_his_own_gist(self):

        self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)

        gist = _create_gist('delete-me')

        response = self.app.post(url('gist', gist_id=gist.gist_id), status=403,

            params={'_method': 'delete', '_authentication_token': self.authentication_token()})

    def test_show(self):

        gist = _create_gist('gist-show-me')

        response = self.app.get(url('gist', gist_id=gist.gist_access_id))

        response.mustcontain('added file: gist-show-me<')

        response.mustcontain('%s - created' % TEST_USER_ADMIN_LOGIN)

        response.mustcontain('gist-desc')

        response.mustcontain('<div class="btn btn-mini btn-success disabled">Public Gist</div>')

    def test_show_as_raw(self):

        gist = _create_gist('gist-show-me', content='GIST CONTENT')

        response = self.app.get(url('formatted_gist',

                                    gist_id=gist.gist_access_id, format='raw'))

        assert response.body == 'GIST CONTENT'

    def test_show_as_raw_individual_file(self):

        gist = _create_gist('gist-show-me-raw', content='GIST BODY')

        response = self.app.get(url('formatted_gist_file',

                                    gist_id=gist.gist_access_id, format='raw',

                                    revision='tip', f_path='gist-show-me-raw'))

        assert response.body == 'GIST BODY'

    def test_edit(self):

        response = self.app.get(url('edit_gist', gist_id=1))

from kallithea.tests import *

class TestRepoGroupsController(TestController):

    def test_index(self):

        self.log_user()

        response = self.app.get(url('repos_groups'))

        response.mustcontain('{"totalRecords": 0, "sort": null, "startIndex": 0, "dir": "asc", "records": []};')

    def test_new(self):

        self.log_user()

        response = self.app.get(url('new_repos_group'))

    def test_new_by_regular_user(self):

        self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)

        response = self.app.get(url('new_repos_group'), status=403)