"""

        try:

            file_node = cs.get_node(path)

            if file_node.is_dir():

                raise RepositoryError('given path is a directory')

        except ChangesetDoesNotExistError:

            msg = _('Such revision does not exist for this repository')

            h.flash(msg, category='error')

            raise HTTPNotFound()

        except RepositoryError as e:

            h.flash(safe_str(e), category='error')

            raise HTTPNotFound()

        return file_node

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def index(self, repo_name, revision, f_path, annotate=False):

        # redirect to given revision from form if given

        post_revision = request.POST.get('at_rev', None)

        if post_revision:

            cs = self.__get_cs(post_revision) # FIXME - unused!

        c.revision = revision

        c.changeset = self.__get_cs(revision)

        c.branch = request.GET.get('branch', None)

        c.f_path = f_path

        c.annotate = annotate

        cur_rev = c.changeset.revision

        c.fulldiff = request.GET.get('fulldiff')

        # prev link

        try:

            prev_rev = c.db_repo_scm_instance.get_changeset(cur_rev).prev(c.branch)

            c.url_prev = url('files_home', repo_name=c.repo_name,

                         revision=prev_rev.raw_id, f_path=f_path)

            if c.branch:

                c.url_prev += '?branch=%s' % c.branch

        except (ChangesetDoesNotExistError, VCSError):

            c.url_prev = '#'

        # next link

        try:

            next_rev = c.db_repo_scm_instance.get_changeset(cur_rev).next(c.branch)

            c.url_next = url('files_home', repo_name=c.repo_name,

                     revision=next_rev.raw_id, f_path=f_path)

            if c.branch:

                c.url_next += '?branch=%s' % c.branch

        except (ChangesetDoesNotExistError, VCSError):

            c.url_next = '#'

        # files or dirs

        try:

            c.file = c.changeset.get_node(f_path)

            if c.file.is_file():

                c.load_full_history = False

                #determine if we're on branch head

                _branches = c.db_repo_scm_instance.branches

                c.on_branch_head = revision in _branches.keys() + _branches.values()

                _hist = []

                c.file_history = []

                if c.load_full_history:

                    c.file_history, _hist = self._get_node_history(c.changeset, f_path)

                c.authors = []

                for a in set([x.author for x in _hist]):

                    c.authors.append((h.email(a), h.person(a)))

            else:

                c.authors = c.file_history = []

        except RepositoryError as e:

            h.flash(safe_str(e), category='error')

            raise HTTPNotFound()

        if request.environ.get('HTTP_X_PARTIAL_XHR'):

            return render('files/files_ypjax.html')

        # TODO: tags and bookmarks?

        c.revision_options = [(c.changeset.raw_id,

                              _('%s at %s') % (c.changeset.branch, h.short_id(c.changeset.raw_id)))] + \

            [(n, b) for b, n in c.db_repo_scm_instance.branches.items()]

        if c.db_repo_scm_instance.closed_branches:

            prefix = _('(closed)') + ' '

            c.revision_options += [('-', '-')] + \

                [(n, prefix + b) for b, n in c.db_repo_scm_instance.closed_branches.items()]

        return render('files/files.html')

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def history(self, repo_name, revision, f_path):

        changeset = self.__get_cs(revision)

        _file = changeset.get_node(f_path)

        if _file.is_file():

            file_history, _hist = self._get_node_history(changeset, f_path)

            res = []

            for obj in file_history:

                res.append({

                    'text': obj[1],

                    'children': [{'id': o[0], 'text': o[1]} for o in obj[0]]

                })

            data = {

                'more': False,

                'results': res

            }

            return data

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def authors(self, repo_name, revision, f_path):

        changeset = self.__get_cs(revision)

        _file = changeset.get_node(f_path)

        if _file.is_file():

            file_history, _hist = self._get_node_history(changeset, f_path)

            c.authors = []

            for a in set([x.author for x in _hist]):

                c.authors.append((h.email(a), h.person(a)))

            return render('files/files_history_box.html')

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def rawfile(self, repo_name, revision, f_path):

        cs = self.__get_cs(revision)

        file_node = self.__get_filenode(cs, f_path)

        response.content_disposition = 'attachment; filename=%s' % \

            safe_str(f_path.split(Repository.url_sep())[-1])

        response.content_type = file_node.mimetype

        return file_node.content

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def raw(self, repo_name, revision, f_path):

        cs = self.__get_cs(revision)

        file_node = self.__get_filenode(cs, f_path)

        raw_mimetype_mapping = {

            # map original mimetype to a mimetype used for "show as raw"

            # you can also provide a content-disposition to override the

            # default "attachment" disposition.

            # orig_type: (new_type, new_dispo)

            # show images inline:

            'image/x-icon': ('image/x-icon', 'inline'),

            'image/png': ('image/png', 'inline'),

            'image/gif': ('image/gif', 'inline'),

            'image/jpeg': ('image/jpeg', 'inline'),

            'image/svg+xml': ('image/svg+xml', 'inline'),

        }

        mimetype = file_node.mimetype

        try:

            mimetype, dispo = raw_mimetype_mapping[mimetype]

        except KeyError:

            # we don't know anything special about this, handle it safely

            if file_node.is_binary:

                # do same as download raw for binary files

                mimetype, dispo = 'application/octet-stream', 'attachment'

            else:

                # do not just use the original mimetype, but force text/plain,

                # otherwise it would serve text/html and that might be unsafe.

                # Note: underlying vcs library fakes text/plain mimetype if the

                # mimetype can not be determined and it thinks it is not

                # binary.This might lead to erroneous text display in some

                # cases, but helps in other cases, like with text files

                # without extension.

                mimetype, dispo = 'text/plain', 'inline'

        if dispo == 'attachment':

            dispo = 'attachment; filename=%s' % \

                        safe_str(f_path.split(os.sep)[-1])

        response.content_disposition = dispo

        response.content_type = mimetype

        return file_node.content

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')

    def delete(self, repo_name, revision, f_path):

        repo = c.db_repo

        if repo.enable_locking and repo.locked[0]:

            h.flash(_('This repository has been locked by %s on %s')

                % (h.person_by_id(repo.locked[0]),

                   h.fmt_date(h.time_to_datetime(repo.locked[1]))),

                'warning')

            raise HTTPFound(location=h.url('files_home',

                                  repo_name=repo_name, revision='tip'))

        # check if revision is a branch identifier- basically we cannot

        # create multiple heads via file editing

        _branches = repo.scm_instance.branches

        # check if revision is a branch name or branch hash

        if revision not in _branches.keys() + _branches.values():

            h.flash(_('You can only delete files with revision '

                      'being a valid branch'), category='warning')

            raise HTTPFound(location=h.url('files_home',

                                  repo_name=repo_name, revision='tip',

                                  f_path=f_path))

        r_post = request.POST

        c.cs = self.__get_cs(revision)

        c.file = self.__get_filenode(c.cs, f_path)

            raise HTTPForbidden()

        assert pull_request.other_repo.repo_name == repo_name

        #only owner or admin can update it

        owner = pull_request.owner_id == request.authuser.user_id

        repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)

        if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner):

            raise HTTPForbidden()

        _form = PullRequestPostForm()().to_python(request.POST)

        reviewer_ids = set(int(s) for s in _form['review_members'])

        org_reviewer_ids = set(int(s) for s in _form['org_review_members'])

        current_reviewer_ids = set(prr.user_id for prr in pull_request.reviewers)

        other_added = [User.get(u) for u in current_reviewer_ids - org_reviewer_ids]

        other_removed = [User.get(u) for u in org_reviewer_ids - current_reviewer_ids]

        if other_added:

            h.flash(_('Meanwhile, the following reviewers have been added: %s') %

                    (', '.join(u.username for u in other_added)),

                    category='warning')

        if other_removed:

            h.flash(_('Meanwhile, the following reviewers have been removed: %s') %

                    (', '.join(u.username for u in other_removed)),

                    category='warning')

        if _form['updaterev']:

            return self.create_new_iteration(pull_request,

                                      _form['updaterev'],

                                      _form['pullrequest_title'],

                                      _form['pullrequest_desc'],

                                      reviewer_ids)

        old_description = pull_request.description

        pull_request.title = _form['pullrequest_title']

        pull_request.description = _form['pullrequest_desc'].strip() or _('No description')

        pull_request.owner = User.get_by_username(_form['owner'])

        user = User.get(request.authuser.user_id)

        add_reviewer_ids = reviewer_ids - org_reviewer_ids - current_reviewer_ids

        remove_reviewer_ids = (org_reviewer_ids - reviewer_ids) & current_reviewer_ids

        try:

            PullRequestModel().mention_from_description(user, pull_request, old_description)

            PullRequestModel().add_reviewers(user, pull_request, add_reviewer_ids)

            PullRequestModel().remove_reviewers(user, pull_request, remove_reviewer_ids)

        except UserInvalidException as u:

            h.flash(_('Invalid reviewer "%s" specified') % u, category='error')

            raise HTTPBadRequest()

        Session().commit()

        h.flash(_('Pull request updated'), category='success')

        raise HTTPFound(location=pull_request.url())

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def delete(self, repo_name, pull_request_id):

        pull_request = PullRequest.get_or_404(pull_request_id)

        #only owner can delete it !

        if pull_request.owner_id == request.authuser.user_id:

            PullRequestModel().delete(pull_request)

            Session().commit()

            h.flash(_('Successfully deleted pull request'),

                    category='success')

            raise HTTPFound(location=url('my_pullrequests'))

        raise HTTPForbidden()

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def show(self, repo_name, pull_request_id, extra=None):

        repo_model = RepoModel()

        c.users_array = repo_model.get_users_js()

        c.user_groups_array = repo_model.get_user_groups_js()

        c.pull_request = PullRequest.get_or_404(pull_request_id)

        c.allowed_to_change_status = self._get_is_allowed_change_status(c.pull_request)

        cc_model = ChangesetCommentsModel()

        cs_model = ChangesetStatusModel()

        # pull_requests repo_name we opened it against

        # ie. other_repo must match

        if repo_name != c.pull_request.other_repo.repo_name:

            raise HTTPNotFound

        # load compare data into template context

        c.cs_repo = c.pull_request.org_repo

        (c.cs_ref_type,

         c.cs_ref_name,

         c.cs_rev) = c.pull_request.org_ref.split(':')

        c.a_repo = c.pull_request.other_repo

        (c.a_ref_type,

         c.a_ref_name,

         c.a_rev) = c.pull_request.other_ref.split(':') # a_rev is ancestor

        org_scm_instance = c.cs_repo.scm_instance # property with expensive cache invalidation check!!!

        try:

            c.cs_ranges = [org_scm_instance.get_changeset(x)

                           for x in c.pull_request.revisions]

        except ChangesetDoesNotExistError:

            c.cs_ranges = []

            h.flash(_('Revision %s not found in %s') % (x, c.cs_repo.repo_name),

                'error')

        c.cs_ranges_org = None # not stored and not important and moving target - could be calculated ...

        revs = [ctx.revision for ctx in reversed(c.cs_ranges)]

        c.jsdata = json.dumps(graph_data(org_scm_instance, revs))

        c.is_range = False

        try:

            if c.a_ref_type == 'rev': # this looks like a free range where target is ancestor

                cs_a = org_scm_instance.get_changeset(c.a_rev)

                root_parents = c.cs_ranges[0].parents

                c.is_range = cs_a in root_parents

                #c.merge_root = len(root_parents) > 1 # a range starting with a merge might deserve a warning

        except ChangesetDoesNotExistError: # probably because c.a_rev not found

            pass

        except IndexError: # probably because c.cs_ranges is empty, probably because revisions are missing

            pass

        avail_revs = set()

        avail_show = []

        c.cs_branch_name = c.cs_ref_name

        c.a_branch_name = None

        other_scm_instance = c.a_repo.scm_instance

        c.update_msg = ""

        c.update_msg_other = ""

        try:

            if not c.cs_ranges:

                c.update_msg = _('Error: changesets not found when displaying pull request from %s.') % c.cs_rev

            elif org_scm_instance.alias == 'hg' and c.a_ref_name != 'ancestor':

                if c.cs_ref_type != 'branch':

                    c.cs_branch_name = org_scm_instance.get_changeset(c.cs_ref_name).branch # use ref_type ?

                c.a_branch_name = c.a_ref_name

                if c.a_ref_type != 'branch':

                    try:

                        c.a_branch_name = other_scm_instance.get_changeset(c.a_ref_name).branch # use ref_type ?

                    except EmptyRepositoryError:

                        c.a_branch_name = 'null' # not a branch name ... but close enough

                # candidates: descendants of old head that are on the right branch

                #             and not are the old head itself ...

                #             and nothing at all if old head is a descendant of target ref name

                if not c.is_range and other_scm_instance._repo.revs('present(%s)::&%s', c.cs_ranges[-1].raw_id, c.a_branch_name):

                    c.update_msg = _('This pull request has already been merged to %s.') % c.a_branch_name

                elif c.pull_request.is_closed():

                    c.update_msg = _('This pull request has been closed and can not be updated.')

                else: # look for descendants of PR head on source branch in org repo

                    avail_revs = org_scm_instance._repo.revs('%s:: & branch(%s)',

                                                             revs[0], c.cs_branch_name)

                    if len(avail_revs) > 1: # more than just revs[0]

                        # also show changesets that not are descendants but would be merged in

                        targethead = other_scm_instance.get_changeset(c.a_branch_name).raw_id

                        if org_scm_instance.path != other_scm_instance.path:

                            # Note: org_scm_instance.path must come first so all

                            # valid revision numbers are 100% org_scm compatible

                            # - both for avail_revs and for revset results

                            hgrepo = unionrepo.unionrepository(org_scm_instance.baseui,

                                                               org_scm_instance.path,

                                                               other_scm_instance.path)

                        else:

                            hgrepo = org_scm_instance._repo

                        show = set(hgrepo.revs('::%ld & !::parents(%s) & !::%s',

                                               avail_revs, revs[0], targethead))

                        c.update_msg = _('The following additional changes are available on %s:') % c.cs_branch_name

                    else:

                        show = set()

                        avail_revs = set() # drop revs[0]

                        c.update_msg = _('No additional changesets found for iterating on this pull request.')

                    # TODO: handle branch heads that not are tip-most

                    brevs = org_scm_instance._repo.revs('%s - %ld - %s', c.cs_branch_name, avail_revs, revs[0])

                    if brevs:

                        # also show changesets that are on branch but neither ancestors nor descendants

                        show.update(org_scm_instance._repo.revs('::%ld - ::%ld - ::%s', brevs, avail_revs, c.a_branch_name))

                        show.add(revs[0]) # make sure graph shows this so we can see how they relate

                        c.update_msg_other = _('Note: Branch %s has another head: %s.') % (c.cs_branch_name,

                            h.short_id(org_scm_instance.get_changeset((max(brevs))).raw_id))

                    avail_show = sorted(show, reverse=True)

            elif org_scm_instance.alias == 'git':

                c.cs_repo.scm_instance.get_changeset(c.cs_rev) # check it exists - raise ChangesetDoesNotExistError if not

                c.update_msg = _("Git pull requests don't support iterating yet.")

        except ChangesetDoesNotExistError:

            c.update_msg = _('Error: some changesets not found when displaying pull request from %s.') % c.cs_rev

        c.avail_revs = avail_revs

        c.avail_cs = [org_scm_instance.get_changeset(r) for r in avail_show]

        c.avail_jsdata = json.dumps(graph_data(org_scm_instance, avail_show))

        raw_ids = [x.raw_id for x in c.cs_ranges]

        c.cs_comments = c.cs_repo.get_comments(raw_ids)

        c.statuses = c.cs_repo.statuses(raw_ids)

            log.info('repository %s not found, creating now', name)

            added.append(name)

            desc = (repo.description

                    if repo.description != 'unknown'

                    else '%s repository' % name)

            new_repo = repo_model._create_repo(

                repo_name=name,

                repo_type=repo.alias,

                description=desc,

                repo_group=getattr(group, 'group_id', None),

                owner=user,

                enable_locking=enable_locking,

                enable_downloads=enable_downloads,

                enable_statistics=enable_statistics,

                private=private,

                state=Repository.STATE_CREATED

            )

            sa.commit()

            # we added that repo just now, and make sure it has githook

            # installed, and updated server info

            if new_repo.repo_type == 'git':

                git_repo = new_repo.scm_instance

                ScmModel().install_git_hooks(git_repo)

                # update repository server-info

                log.debug('Running update server info')

                git_repo._update_server_info()

            new_repo.update_changeset_cache()

        elif install_git_hooks:

            if db_repo.repo_type == 'git':

                ScmModel().install_git_hooks(db_repo.scm_instance, force_create=overwrite_git_hooks)

    removed = []

    # remove from database those repositories that are not in the filesystem

    unicode_initial_repo_list = set(safe_unicode(name) for name in initial_repo_list)

    for repo in sa.query(Repository).all():

        if repo.repo_name not in unicode_initial_repo_list:

            if remove_obsolete:

                log.debug("Removing non-existing repository found in db `%s`",

                          repo.repo_name)

                try:

                    RepoModel(sa).delete(repo, forks='detach', fs_remove=False)

                    sa.commit()

                except Exception:

                    #don't hold further removals on error

                    log.error(traceback.format_exc())

                    sa.rollback()

            removed.append(repo.repo_name)

    return added, removed

def load_rcextensions(root_path):

    import kallithea

    from kallithea.config import conf

    path = os.path.join(root_path, 'rcextensions', '__init__.py')

    if os.path.isfile(path):

        rcext = create_module('rc', path)

        EXT = kallithea.EXTENSIONS = rcext

        log.debug('Found rcextensions now loading %s...', rcext)

        # Additional mappings that are not present in the pygments lexers

        conf.LANGUAGES_EXTENSIONS_MAP.update(getattr(EXT, 'EXTRA_MAPPINGS', {}))

        #OVERRIDE OUR EXTENSIONS FROM RC-EXTENSIONS (if present)

        if getattr(EXT, 'INDEX_EXTENSIONS', []):

            log.debug('settings custom INDEX_EXTENSIONS')

            conf.INDEX_EXTENSIONS = getattr(EXT, 'INDEX_EXTENSIONS', [])

        #ADDITIONAL MAPPINGS

        log.debug('adding extra into INDEX_EXTENSIONS')

        conf.INDEX_EXTENSIONS.extend(getattr(EXT, 'EXTRA_INDEX_EXTENSIONS', []))

        # auto check if the module is not missing any data, set to default if is

        # this will help autoupdate new feature of rcext module

        #from kallithea.config import rcextensions

        #for k in dir(rcextensions):

        #    if not k.startswith('_') and not hasattr(EXT, k):

        #        setattr(EXT, k, getattr(rcextensions, k))

#==============================================================================

# TEST FUNCTIONS AND CREATORS

#==============================================================================

def create_test_index(repo_location, config, full_index):

    """

    Makes default test index

    :param config: test config

    :param full_index:

    """

    from kallithea.lib.indexers.daemon import WhooshIndexingDaemon

    from kallithea.lib.pidlock import DaemonLock, LockHeld

    index_location = os.path.join(config['app_conf']['index_dir'])

    if not os.path.exists(index_location):

        os.makedirs(index_location)

    try:

        l = DaemonLock(file_=os.path.join(dirname(index_location), 'make_index.lock'))

        WhooshIndexingDaemon(index_location=index_location,

                             repo_location=repo_location) \

            .run(full_index=full_index)

        l.release()

    except LockHeld:

        pass

def create_test_env(repos_test_path, config):

    """

    Makes a fresh database and

    install test repository into tmp dir

    """

    from kallithea.lib.db_manage import DbManage

    from kallithea.tests.base import HG_REPO, GIT_REPO, TESTS_TMP_PATH

    # PART ONE create db

    dbconf = config['sqlalchemy.url']

    log.debug('making test db %s', dbconf)

    # create test dir if it doesn't exist

    if not os.path.isdir(repos_test_path):

        log.debug('Creating testdir %s', repos_test_path)

        os.makedirs(repos_test_path)

    dbmanage = DbManage(log_sql=True, dbconf=dbconf, root=config['here'],

                        tests=True)

    dbmanage.create_tables(override=True)

    # for tests dynamically set new root paths based on generated content

    dbmanage.create_settings(dbmanage.config_prompt(repos_test_path))

    dbmanage.create_default_user()

    dbmanage.admin_prompt()

    dbmanage.create_permissions()

    dbmanage.populate_default_permissions()

    meta.Session().commit()

    # PART TWO make test repo

    log.debug('making test vcs repositories')

    idx_path = config['app_conf']['index_dir']

    data_path = config['app_conf']['cache_dir']

    #clean index and data

    if idx_path and os.path.exists(idx_path):

        log.debug('remove %s', idx_path)

        shutil.rmtree(idx_path)

    if data_path and os.path.exists(data_path):

        log.debug('remove %s', data_path)

        shutil.rmtree(data_path)

    #CREATE DEFAULT TEST REPOS

    cur_dir = dirname(dirname(abspath(__file__)))

    tar = tarfile.open(os.path.join(cur_dir, 'tests', 'fixtures', "vcs_test_hg.tar.gz"))

    tar.extractall(os.path.join(TESTS_TMP_PATH, HG_REPO))

    tar.close()

    cur_dir = dirname(dirname(abspath(__file__)))

    tar = tarfile.open(os.path.join(cur_dir, 'tests', 'fixtures', "vcs_test_git.tar.gz"))

    tar.extractall(os.path.join(TESTS_TMP_PATH, GIT_REPO))

    tar.close()

    #LOAD VCS test stuff

    from kallithea.tests.vcs import setup_package

    setup_package()

def check_git_version():

    """

    Checks what version of git is installed in system, and issues a warning

    if it's too old for Kallithea to work properly.

    """

    from kallithea import BACKENDS

    from kallithea.lib.vcs.backends.git.repository import GitRepository

    from kallithea.lib.vcs.conf import settings

    from distutils.version import StrictVersion

    if 'git' not in BACKENDS:

        return None

    stdout, stderr = GitRepository._run_git_command(['--version'], _bare=True,

                                                    _safe=True)

    m = re.search("\d+.\d+.\d+", stdout)

    if m:

        ver = StrictVersion(m.group(0))

    else:

        ver = StrictVersion('0.0.0')

    req_ver = StrictVersion('1.7.4')

            parent_group = self._get_repo_group(parent)

            new_repo_group = RepoGroup()

            new_repo_group.owner = owner

            new_repo_group.group_description = group_description or group_name

            new_repo_group.parent_group = parent_group

            new_repo_group.group_name = new_repo_group.get_new_name(group_name)

            self.sa.add(new_repo_group)

            # create an ADMIN permission for owner except if we're super admin,

            # later owner should go into the owner field of groups

            if not owner.is_admin:

                self.grant_user_permission(repo_group=new_repo_group,

                                           user=owner, perm='group.admin')

            if parent_group and copy_permissions:

                # copy permissions from parent

                user_perms = UserRepoGroupToPerm.query() \

                    .filter(UserRepoGroupToPerm.group == parent_group).all()

                group_perms = UserGroupRepoGroupToPerm.query() \

                    .filter(UserGroupRepoGroupToPerm.group == parent_group).all()

                for perm in user_perms:

                    # don't copy over the permission for user who is creating

                    # this group, if he is not super admin he get's admin

                    # permission set above

                    if perm.user != owner or owner.is_admin:

                        UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)

                for perm in group_perms:

                    UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)

            else:

                perm_obj = self._create_default_perms(new_repo_group)

                self.sa.add(perm_obj)

            if not just_db:

                # we need to flush here, in order to check if database won't

                # throw any exceptions, create filesystem dirs at the very end

                self.sa.flush()

                self._create_group(new_repo_group.group_name)

            return new_repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repo_group, perms_new=None,

                            perms_updates=None, recursive=None,

                            check_perms=True):

        from kallithea.model.repo import RepoModel

        from kallithea.lib.auth import HasUserGroupPermissionAny

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_permission(repo_group=obj, user=user, perm=perm)

            elif isinstance(obj, Repository):

                # private repos will not allow to change the default permissions

                # using recursive mode

                if obj.private and user == User.DEFAULT_USER:

                    return

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_group_permission(repo_group=obj,

                                                  group_name=users_group,

                                                  perm=perm)

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        # start updates

        updates = []

        log.debug('Now updating permissions for %s in recursive mode:%s',

                  repo_group, recursive)

        for obj in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(obj, RepoGroup) and not obj == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(obj, Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                obj = repo_group

                # also we do a break at the end of this loop.

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for user group

                else:

                    #check if we have permissions to alter this usergroup

                    req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')

                    if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    #check if we have permissions to alter this usergroup

                    req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')

                    if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

        return updates

    def update(self, repo_group, form_data):

        try:

            repo_group = self._get_repo_group(repo_group)

            old_path = repo_group.full_path

            # change properties

            repo_group.group_description = form_data['group_description']

            repo_group.parent_group_id = form_data['parent_group_id']

            repo_group.enable_locking = form_data['enable_locking']

            repo_group.parent_group = RepoGroup.get(form_data['parent_group_id'])

            repo_group.group_name = repo_group.get_new_name(form_data['group_name'])

            new_path = repo_group.full_path

            self.sa.add(repo_group)

            # iterate over all members of this groups and do fixes

            # set locking if given

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repo_group.recursive_groups_and_repos():

                #set the value from it's parent

                obj.enable_locking = repo_group.enable_locking

                if isinstance(obj, RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s' \

                                % (obj.group_name, new_name))

                    obj.group_name = new_name

                elif isinstance(obj, Repository):

                    # we need to get all repositories from this new group and

                    # rename them accordingly to new group path

                    new_name = obj.get_new_name(obj.just_name)

                    log.debug('Fixing repo %s to new name %s' \

                                % (obj.repo_name, new_name))

                    obj.repo_name = new_name

                self.sa.add(obj)

            self._rename_group(old_path, new_path)

            return repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, repo_group, force_delete=False):

        repo_group = self._get_repo_group(repo_group)

        try:

            self.sa.delete(repo_group)

            self._delete_group(repo_group, force_delete)

        except Exception:

            log.error('Error removing repo_group %s', repo_group)

            raise

    def add_permission(self, repo_group, obj, obj_type, perm, recursive):

        from kallithea.model.repo import RepoModel

        repo_group = self._get_repo_group(repo_group)

        perm = self._get_perm(perm)

        for el in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(el, RepoGroup) and not el == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(el, Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                el = repo_group

                # also we do a break at the end of this loop.

            if isinstance(el, RepoGroup):

                if obj_type == 'user':

                    RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)

                elif obj_type == 'user_group':

                    RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            elif isinstance(el, Repository):

                # for repos we need to hotfix the name of permission

                _perm = perm.permission_name.replace('group.', 'repository.')

                if obj_type == 'user':

                    RepoModel().grant_user_permission(el, user=obj, perm=_perm)

                elif obj_type == 'user_group':

                    RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            else:

                raise Exception('el should be instance of Repository or '

                                'RepositoryGroup got %s instead' % type(el))

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

    def delete_permission(self, repo_group, obj, obj_type, recursive):

        """

        Revokes permission for repo_group for given obj(user or users_group),

        obj_type can be user or user group

        :param repo_group:

        :param obj: user or user group id

        :param obj_type: user or user group type

        :param recursive: recurse to all children of group

        """

        from kallithea.model.repo import RepoModel

        repo_group = self._get_repo_group(repo_group)

        for el in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':