_key, pos = args

                        new_perms_group[pos][_key] = v

            # fill new permissions in order of how they were added

            for k in sorted(map(int, new_perms_group.keys())):

                perm_dict = new_perms_group[str(k)]

                new_member = perm_dict.get('name')

                new_perm = perm_dict.get('perm')

                new_type = perm_dict.get('type')

                if new_member and new_perm and new_type:

                    perms_new.add((new_member, new_perm, new_type))

            for k, v in value.iteritems():

                if k.startswith('u_perm_') or k.startswith('g_perm_'):

                    member = k[7:]

                    t = {'u': 'user',

                         'g': 'users_group'

                    }[k[0]]

                    if member == 'default':

                        if value.get('repo_private'):

                            # set none for default when updating to

                            # private repo

                            v = EMPTY_PERM

                    perms_update.add((member, v, t))

            value['perms_updates'] = list(perms_update)

            value['perms_new'] = list(perms_new)

            # update permissions

            for k, v, t in perms_new:

                try:

                    if t is 'user':

                        self.user_db = User.query()\

                            .filter(User.active == True)\

                            .filter(User.username == k).one()

                    if t is 'users_group':

                        self.user_db = UsersGroup.query()\

                            .filter(UsersGroup.users_group_active == True)\

                            .filter(UsersGroup.users_group_name == k).one()

                except Exception:

                    log.exception('Updated permission failed')

                    msg = M(self, 'perm_new_member_type', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(perm_new_member_name=msg)

                    )

            return value

    return _validator

        TestCase.__init__(self, *args, **kwargs)

    def log_user(self, username=TEST_USER_ADMIN_LOGIN,

                 password=TEST_USER_ADMIN_PASS):

        self._logged_username = username

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': username,

                                  'password': password})

        if 'invalid user name' in response.body:

            self.fail('could not login using %s %s' % (username, password))

        self.assertEqual(response.status, '302 Found')

        ses = response.session['rhodecode_user']

        self.assertEqual(ses.get('username'), username)

        response = response.follow()

        self.assertEqual(ses.get('is_authenticated'), True)

        return response.session['rhodecode_user']

    def _get_logged_user(self):

        return User.get_by_username(self._logged_username)

    def checkSessionFlash(self, response, msg):

        if not msg in response.session['flash'][0][1]:

            self.fail(

                'msg `%s` not found in session flash: got `%s` instead' % (

                      msg, response.session['flash'])

            )

## HELPERS ##

def _get_repo_create_params(**custom):

    defs = {

        'repo_name': None,

        'repo_type': 'hg',

        'clone_uri': '',

        'repo_group': '',

        'repo_description': 'DESC',

        'repo_private': False,

        'repo_landing_rev': 'tip'

    }

    defs.update(custom)

    if 'repo_name_full' not in custom:

        defs.update({'repo_name_full': defs['repo_name']})

    return defs

        #test if repository was created on filesystem

        try:

            vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name))

        except:

            self.fail('no repo %s in filesystem' % repo_name)

    def test_new(self):

        self.log_user()

        response = self.app.get(url('new_repo'))

    def test_new_as_xml(self):

        response = self.app.get(url('formatted_new_repo', format='xml'))

    def test_update(self):

        response = self.app.put(url('repo', repo_name=HG_REPO))

    def test_update_browser_fakeout(self):

        response = self.app.post(url('repo', repo_name=HG_REPO),

                                 params=dict(_method='put'))

    def test_delete_hg(self):

        self.log_user()

        repo_name = 'vcs_test_new_to_delete'

        description = 'description for newly created repo'

        response = self.app.post(url('repos'),

                        _get_repo_create_params(repo_private=False,

                                                repo_type='hg',

                                                repo_name=repo_name,

                                                repo_description=description))

        self.checkSessionFlash(response,

                               'created repository %s' % (repo_name))

        #test if the repo was created in the database

        new_repo = self.Session().query(Repository)\

            .filter(Repository.repo_name == repo_name).one()

        self.assertEqual(new_repo.repo_name, repo_name)

        self.assertEqual(new_repo.description, description)

        #test if repository is visible in the list ?

        response = response.follow()

        response.mustcontain(repo_name)

        #test if repository was created on filesystem

        try:

            vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name))

from rhodecode.tests import *

class TestSettingsController(TestController):

    def test_index(self):

        self.log_user()

        response = self.app.get(url(controller='settings', action='index',

                                    repo_name=HG_REPO))

        # Test response...

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode():

    # set permission to g0 recursive mode, all children including

    # other repos and groups should have this permission now set !

    recursive = True

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.write'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_inner_group():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_3'

    permissions_setup_func(group, 'group.none', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.none'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.none'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_deepest():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_1/g0_1_1'

    permissions_setup_func(group, 'group.write', recursive=recursive)