repo_count)

            })

        c.data = json.dumps({

            "totalRecords": total_records,

            "startIndex": 0,

            "sort": None,

            "dir": "asc",

            "records": repo_groups_data

        })

        return render('admin/repo_groups/repo_groups.html')

    def create(self):

        self.__load_defaults()

        # permissions for can create group based on parent_id are checked

        # here in the Form

        repo_group_form = RepoGroupForm(repo_groups=c.repo_groups)

        try:

            form_result = repo_group_form.to_python(dict(request.POST))

            gr = RepoGroupModel().create(

                group_name=form_result['group_name'],

                group_description=form_result['group_description'],

                owner=self.authuser.user_id, # TODO: make editable

                copy_permissions=form_result['group_copy_permissions']

            )

            Session().commit()

            #TODO: in futureaction_logger(, '', '', '', self.sa)

        except formencode.Invalid as errors:

            return htmlfill.render(

                render('admin/repo_groups/repo_group_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of repository group %s') \

                    % request.POST.get('group_name'), category='error')

            #TODO: maybe we should get back to the main view, not the admin one

            raise HTTPFound(location=url('repos_groups', parent_group=parent_group_id))

        h.flash(_('Created repository group %s') % gr.group_name,

                category='success')

        raise HTTPFound(location=url('repos_group_home', group_name=gr.group_name))

    def new(self):

        if HasPermissionAny('hg.admin')('group create'):

            #we're global admin, we're ok and we can create TOP level groups

            pass

        else:

            # we pass in parent group into creation form, thus we know

            # what would be the group, we can check perms here !

            group_id = safe_int(request.GET.get('parent_group'))

            group = RepoGroup.get(group_id) if group_id else None

            group_name = group.group_name if group else None

            if HasRepoGroupPermissionAny('group.admin')(group_name, 'group create'):

                pass

            else:

                raise HTTPForbidden()

        self.__load_defaults()

        return render('admin/repo_groups/repo_group_add.html')

        if alias == 'hg':

            repo = backend(repo_full_path, create=False,

                           baseui=self._ui)

        else:

            repo = backend(repo_full_path, create=False)

        return repo

    def __json__(self):

        return dict(landing_rev = self.landing_rev)

class RepoGroup(Base, BaseDbModel):

    __tablename__ = 'groups'

    __table_args__ = (

        CheckConstraint('group_id != group_parent_id', name='ck_groups_no_self_parent'),

        _table_args_default_dict,

    )

    __mapper_args__ = {'order_by': 'group_name'} # TODO: Deprecated as of SQLAlchemy 1.1.

    SEP = ' » '

    group_id = Column(Integer(), primary_key=True)

    group_name = Column(Unicode(255), nullable=False, unique=True) # full path

    group_description = Column(Unicode(10000), nullable=False)

    enable_locking = Column(Boolean(), nullable=False, default=False)

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    owner = relationship('User')

    @classmethod

    def query(cls, sorted=False):

        """Add RepoGroup-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(RepoGroup, cls).query()

        if sorted:

            q = q.order_by(func.lower(RepoGroup.group_name))

        return q

    def __init__(self, group_name='', parent_group=None):

    return _UserGroupForm

def RepoGroupForm(edit=False, old_data=None, repo_groups=None,

                   can_create_in_root=False):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                         v.SlugifyName(),

                         v.ValidRegex(msg=_('Name must not contain only digits'))(r'(?!^\d+$)^.+$'))

        group_description = v.UnicodeString(strip=True, min=1,

                                            not_empty=False)

        group_copy_permissions = v.StringBoolean(if_missing=False)

        if edit:

            #FIXME: do a special check that we cannot move a group to one of

            #its children

            pass

                              v.OneOf(repo_group_ids, hideList=False,

                                      testValueList=True,

                                      if_missing=None, not_empty=True),

                              v.Int(min=-1, not_empty=True))

        enable_locking = v.StringBoolean(if_missing=False)

        chained_validators = [v.ValidRepoGroup(edit, old_data)]

    return _RepoGroupForm

def RegisterForm(edit=False, old_data=None):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(

            v.ValidUsername(edit, old_data),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        password = All(

            v.ValidPassword(),

            v.UnicodeString(strip=False, min=6, not_empty=True)

        )

        password_confirmation = All(

            v.ValidPassword(),

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    #check if we have permissions to alter this usergroup

                    req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')

                    if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

        return updates

    def update(self, repo_group, form_data):

        try:

            repo_group = self._get_repo_group(repo_group)

            old_path = repo_group.full_path

            # change properties

            repo_group.group_description = form_data['group_description']

            repo_group.enable_locking = form_data['enable_locking']

            repo_group.group_name = repo_group.get_new_name(form_data['group_name'])

            new_path = repo_group.full_path

            self.sa.add(repo_group)

            # iterate over all members of this groups and do fixes

            # set locking if given

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repo_group.recursive_groups_and_repos():

                #set the value from it's parent

                obj.enable_locking = repo_group.enable_locking

                if isinstance(obj, RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s' \

                                % (obj.group_name, new_name))

                    obj.group_name = new_name

                elif isinstance(obj, Repository):

                    # we need to get all repositories from this new group and

                    # rename them accordingly to new group path

                    new_name = obj.get_new_name(obj.just_name)

                    log.debug('Fixing repo %s to new name %s' \

                                % (obj.repo_name, new_name))

                else:

                    klass = get_backend(path[0])

                    if path[0] == 'hg' and path[0] in BACKENDS.keys():

                        repos[name] = klass(safe_str(path[1]), baseui=baseui)

                    if path[0] == 'git' and path[0] in BACKENDS.keys():

                        repos[name] = klass(path[1])

            except OSError:

                continue

        log.debug('found %s paths with repositories', len(repos))

        return repos

    def get_repos(self, repos):

        """Return the repos the user has access to"""

        return RepoList(repos)

    def get_repo_groups(self, groups=None):

        """Return the repo groups the user has access to

        If no groups are specified, use top level groups.

        """

        if groups is None:

            groups = RepoGroup.query() \

        return RepoGroupList(groups)

    def mark_for_invalidation(self, repo_name):

        """

        Mark caches of this repo invalid in the database.

        :param repo_name: the repo for which caches should be marked invalid

        """

        CacheInvalidation.set_invalidate(repo_name)

        repo = Repository.get_by_repo_name(repo_name)

        if repo is not None:

            repo.update_changeset_cache()

    def toggle_following_repo(self, follow_repo_id, user_id):

        f = self.sa.query(UserFollowing) \

            .filter(UserFollowing.follows_repo_id == follow_repo_id) \

            .filter(UserFollowing.user_id == user_id).scalar()

        if f is not None:

            try:

                self.sa.delete(f)

                action_logger(UserTemp(user_id),

                              'stopped_following_repo',

            if old_ugname != value or not edit:

                is_existing_group = UserGroup.get_by_group_name(value,

                                                        case_insensitive=True)

                if is_existing_group:

                    msg = M(self, 'group_exist', state, usergroup=value)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(users_group_name=msg)

                    )

            if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:

                msg = M(self, 'invalid_usergroup_name', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(users_group_name=msg)

                )

    return _validator

def ValidRepoGroup(edit=False, old_data=None):

    old_data = old_data or {}

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'group_exists': _('Group "%(group_name)s" already exists'),

            'repo_exists':

                _('Repository with name "%(group_name)s" already exists')

        }

        def validate_python(self, value, state):

            # TODO WRITE VALIDATIONS

            group_name = value.get('group_name')

            # slugify repo group just in case :)

            slug = repo_name_slug(group_name)

            # check for parent of self

            parent_of_self = lambda: (

            )

            if edit and parent_of_self():

                raise formencode.Invalid(msg, value, state,

                )

            old_gname = None

            if edit:

                old_gname = RepoGroup.get(old_data.get('group_id')).group_name

            if old_gname != group_name or not edit:

                # check group

                gr = RepoGroup.query() \

                      .filter(RepoGroup.group_name == slug) \

                      .scalar()

                if gr is not None:

                    msg = M(self, 'group_exists', state, group_name=slug)

                    raise formencode.Invalid(msg, value, state,

                            error_dict=dict(group_name=msg)

                    )

                # check for same repo

                repo = Repository.query() \

                      .filter(Repository.repo_name == slug) \

                      .scalar()

                if repo is not None:

                    msg = M(self, 'repo_exists', state, group_name=slug)

                    raise formencode.Invalid(msg, value, state,

                            error_dict=dict(group_name=msg)

                    )

    return _validator

def ValidPassword():

    class _validator(formencode.validators.FancyValidator):

            'permission_denied': _("You don't have permissions "

                                   "to create a group in this location")

        }

        def to_python(self, value, state):

            #root location

            if value == -1:

                return None

            return value

        def validate_python(self, value, state):

            gr = RepoGroup.get(value)

            gr_name = gr.group_name if gr is not None else None # None means ROOT location

            if can_create_in_root and gr is None:

                #we can create in root, we're fine no validations required

                return

            forbidden_in_root = gr is None and not can_create_in_root

            val = HasRepoGroupPermissionAny('group.admin')

            forbidden = not val(gr_name, 'can create group validator')

            if forbidden_in_root or forbidden:

                msg = M(self, 'permission_denied', state)

                raise formencode.Invalid(msg, value, state,

                )

    return _validator

def ValidPerms(type_='repo'):

    if type_ == 'repo_group':

        EMPTY_PERM = 'group.none'

    elif type_ == 'repo':

        EMPTY_PERM = 'repository.none'

    elif type_ == 'user_group':

        EMPTY_PERM = 'usergroup.none'

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'perm_new_member_name':

                _('This username or user group name is not valid')

        }

        def to_python(self, value, state):

            perms_update = OrderedSet()

            perms_new = OrderedSet()

            # build a list of permission to update and new permission to create

    <!-- box / title -->

    <div class="panel-heading">

        ${self.breadcrumbs()}

    </div>

    <!-- end box / title -->

    ${h.form(url('repos_groups'))}

    <div class="form">

        <!-- fields -->

        <div class="form-horizontal">

            <div class="form-group">

                <label class="control-label" for="group_name">${_('Group name')}:</label>

                <div class="input">

                    ${h.text('group_name',class_='small')}

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="group_description">${_('Description')}:</label>

                <div class="textarea-repo editor">

                    ${h.textarea('group_description',cols=23,rows=5,class_="medium")}

                </div>

            </div>

            <div class="form-group">

                <div class="input">

                </div>

            </div>

            <div id="copy_perms" class="field">

                <label class="control-label" for="group_copy_permissions">${_('Copy parent group permissions')}:</label>

                <div class="checkboxes">

                    ${h.checkbox('group_copy_permissions',value="True")}

                    <span class="help-block">${_('Copy permission set from parent repository group.')}</span>

                </div>

            </div>

            <div class="form-group">

                <div class="buttons">

                    ${h.submit('save',_('Save'),class_="btn btn-default")}

                </div>

            </div>

        </div>

    </div>

    ${h.end_form()}

</div>

<script>

    $(document).ready(function(){

        var setCopyPermsOption = function(group_val){

            if(group_val != "-1"){

                $('#copy_perms').show();

            }

            else{

                $('#copy_perms').hide();

            }

        }

            'dropdownAutoWidth': true

        });

            setCopyPermsOption(e.val);

        });

        $('#group_name').focus();

    });

</script>

</%def>

## -*- coding: utf-8 -*-

${h.form(url('update_repos_group',group_name=c.repo_group.group_name))}

<div class="form">

    <!-- fields -->

    <div class="form-horizontal">

        <div class="form-group">

            <label class="control-label" for="group_name">${_('Group name')}:</label>

            <div class="input">

                ${h.text('group_name',class_='medium')}

            </div>

        </div>

        <div class="form-group">

            <label class="control-label" for="group_description">${_('Description')}:</label>

            <div class="textarea text-area editor">

                ${h.textarea('group_description',cols=23,rows=5,class_="medium")}

            </div>

        </div>

        <div class="form-group">

            <div class="input">

            </div>

        </div>

        <div class="form-group">

            <label class="control-label" for="enable_locking">${_('Enable locking')}:</label>

            <div class="checkboxes">

                ${h.checkbox('enable_locking',value="True")}

                <span class="help-block">${_('Enable lock-by-pulling on group. This option will be applied to all other groups and repositories inside')}</span>

            </div>

        </div>

        <div class="form-group">

            <div class="buttons">

                ${h.submit('save',_('Save'),class_="btn btn-default")}

                ${h.reset('reset',_('Reset'),class_="btn btn-default")}

            </div>

        </div>

    </div>

</div>

${h.end_form()}

${h.form(url('delete_repo_group', group_name=c.repo_group.group_name))}

<div class="form">

    <div class="form-horizontal">

        <div class="form-group">

            <div class="buttons">

                ${h.submit('remove_%s' % c.repo_group.group_name,_('Remove this group'),class_="btn btn-danger",onclick="return confirm('"+_('Confirm to delete this group')+"');")}

            </div>

        </div>

    </div>

</div>

${h.end_form()}

<script>

    $(document).ready(function(){

            'dropdownAutoWidth': true

        });

    });

</script>

            repo_name=None,

            repo_type='hg',

            clone_uri='',

            repo_group=u'-1',

            repo_description=u'DESC',

            repo_private=False,

            repo_landing_rev='rev:tip',

            repo_copy_permissions=False,

            repo_state=Repository.STATE_CREATED,

        )

        defs.update(custom)

        if 'repo_name_full' not in custom:

            defs.update({'repo_name_full': defs['repo_name']})

        # fix the repo name if passed as repo_name_full

        if defs['repo_name']:

            defs['repo_name'] = defs['repo_name'].split('/')[-1]

        return defs

    def _get_group_create_params(self, **custom):

        defs = dict(

            group_name=None,

            group_description=u'DESC',

            perms_updates=[],

            perms_new=[],

            enable_locking=False,

            recursive=False

        )

        defs.update(custom)

        return defs

    def _get_user_create_params(self, name, **custom):

        defs = dict(

            username=name,

            password='qweqwe',

            email='%s+test@example.com' % name,

            firstname=u'TestUser',

            lastname=u'Test',

            active=True,

            admin=False,

            extern_type='internal',

            extern_name=None

        )

        defs.update(custom)

        return defs

        owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)

        RepoModel().create_fork(form_data, cur_user=owner)

        Session().commit()

        ScmModel().mark_for_invalidation(fork_name)

        r = Repository.get_by_repo_name(fork_name)

        assert r

        return r

    def destroy_repo(self, repo_name, **kwargs):

        RepoModel().delete(repo_name, **kwargs)

        Session().commit()

    def create_repo_group(self, name, **kwargs):

        if 'skip_if_exists' in kwargs:

            del kwargs['skip_if_exists']

            gr = RepoGroup.get_by_group_name(group_name=name)

            if gr:

                return gr

        form_data = self._get_group_create_params(group_name=name, **kwargs)

        owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)

        gr = RepoGroupModel().create(

            group_name=form_data['group_name'],

            group_description=form_data['group_name'],

        Session().commit()

        gr = RepoGroup.get_by_group_name(gr.group_name)

        return gr

    def destroy_repo_group(self, repogroupid):

        RepoGroupModel().delete(repogroupid)

        Session().commit()

    def create_user(self, name, **kwargs):

        if 'skip_if_exists' in kwargs:

            del kwargs['skip_if_exists']

            user = User.get_by_username(name)

            if user:

                return user

        form_data = self._get_user_create_params(name, **kwargs)

        user = UserModel().create(form_data)

        Session().commit()

        user = User.get_by_username(user.username)

        return user

    def destroy_user(self, userid):

        UserModel().delete(userid)

        Session().commit()

     |

     |__[g0_1] group g0_1 with 2 groups 0 repos

     |  |

     |  |__[g0_1_1] group g0_1_1 with 1 group 2 repos

     |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r1>

     |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r2>

     |  |__<g0/g0_1/g0_1_r1>

     |

     |__[g0_2] 2 repos

     |  |

     |  |__<g0/g0_2/g0_2_r1>

     |  |__<g0/g0_2/g0_2_r2>

     |

     |__[g0_3] 1 repo

        |

        |_<g0/g0_3/g0_3_r1>

        |_<g0/g0_3/g0_3_r2_private>

    """

    test_u1 = UserModel().create_or_update(

        username=u'test_u1', password=u'qweqwe',

        email=u'test_u1@example.com', firstname=u'test_u1', lastname=u'test_u1'

    )

    g0 = fixture.create_repo_group(u'g0')

    g0_1_1_r1 = fixture.create_repo(u'g0/g0_1/g0_1_1/g0_1_1_r1', repo_group=g0_1_1)

    g0_1_1_r2 = fixture.create_repo(u'g0/g0_1/g0_1_1/g0_1_1_r2', repo_group=g0_1_1)

    g0_1_r1 = fixture.create_repo(u'g0/g0_1/g0_1_r1', repo_group=g0_1)

    g0_2_r1 = fixture.create_repo(u'g0/g0_2/g0_2_r1', repo_group=g0_2)

    g0_2_r2 = fixture.create_repo(u'g0/g0_2/g0_2_r2', repo_group=g0_2)

    g0_3_r1 = fixture.create_repo(u'g0/g0_3/g0_3_r1', repo_group=g0_3)

    g0_3_r2_private = fixture.create_repo(u'g0/g0_3/g0_3_r1_private',

                                          repo_group=g0_3, repo_private=True)

    return test_u1

def expected_count(group_name, objects=False):

    repo_group = RepoGroup.get_by_group_name(group_name=group_name)

    objs = repo_group.recursive_groups_and_repos()

    if objects:

        return objs

    return len(objs)

def _check_expected_count(items, repo_items, expected):

    should_be = len(items + repo_items)

    there_are = len(expected)

    assert should_be == there_are, ('%s != %s' % ((items + repo_items), expected))

def check_tree_perms(obj_name, repo_perm, prefix, expected_perm):

    assert repo_perm == expected_perm, ('obj:`%s` got perm:`%s` should:`%s`'

                                    % (obj_name, repo_perm, expected_perm))

import os

import pytest

from sqlalchemy.exc import IntegrityError

from kallithea.tests.base import *

from kallithea.tests.fixture import Fixture

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.repo import RepoModel

from kallithea.model.db import RepoGroup

from kallithea.model.meta import Session

fixture = Fixture()

def _update_group(id_, group_name, desc=u'desc', parent_id=None):

    form_data = fixture._get_group_create_params(group_name=group_name,

                                                 group_desc=desc,

    gr = RepoGroupModel().update(id_, form_data)

    return gr

def _update_repo(name, **kwargs):

    form_data = fixture._get_repo_create_params(**kwargs)

    if not 'repo_name' in kwargs:

        form_data['repo_name'] = name

    if not 'perms_new' in kwargs:

        form_data['perms_new'] = []

    if not 'perms_updates' in kwargs:

        form_data['perms_updates'] = []

    r = RepoModel().update(name, **form_data)

    return r

class TestRepoGroups(TestController):

    def setup_method(self, method):

        self.g1 = fixture.create_repo_group(u'test1', skip_if_exists=True)

        self.g2 = fixture.create_repo_group(u'test2', skip_if_exists=True)

        self.g3 = fixture.create_repo_group(u'test3', skip_if_exists=True)

    def teardown_method(self, method):

        """

        path = [TESTS_TMP_PATH] + list(path)

        path = os.path.join(*path)

        return os.path.isdir(path)

    def _check_folders(self):

        print os.listdir(TESTS_TMP_PATH)

    def __delete_group(self, id_):

        RepoGroupModel().delete(id_)

    def test_create_group(self):

        g = fixture.create_repo_group(u'newGroup')

        Session().commit()

        assert g.full_path == 'newGroup'

        assert self.__check_path('newGroup')

    def test_create_same_name_group(self):

        with pytest.raises(IntegrityError):

            fixture.create_repo_group(u'newGroup')

        Session().rollback()

    def test_same_subgroup(self):

        assert sg1.parent_group == self.g1

        assert sg1.full_path == 'test1/sub1'

        assert self.__check_path('test1', 'sub1')

        assert ssg1.parent_group == sg1

        assert ssg1.full_path == 'test1/sub1/subsub1'

        assert self.__check_path('test1', 'sub1', 'subsub1')

    def test_remove_group(self):

        sg1 = fixture.create_repo_group(u'deleteme')

        self.__delete_group(sg1.group_id)

        assert RepoGroup.get(sg1.group_id) == None

        assert not self.__check_path('deteteme')

        self.__delete_group(sg1.group_id)

        assert RepoGroup.get(sg1.group_id) == None

        assert not self.__check_path('test1', 'deteteme')

    def test_rename_single_group(self):

        sg1 = fixture.create_repo_group(u'initial')

        new_sg1 = _update_group(sg1.group_id, u'after')

        assert self.__check_path('after')

        assert RepoGroup.get_by_group_name(u'initial') == None

    def test_update_group_parent(self):

        new_sg1 = _update_group(sg1.group_id, u'after', parent_id=self.g1.group_id)

        assert self.__check_path('test1', 'after')