# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.repo

~~~~~~~~~~~~~~~~~~~~

Repository model for kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jun 5, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import shutil

import logging

import traceback

from datetime import datetime

from sqlalchemy.orm import subqueryload

from kallithea.lib.utils import make_ui, is_valid_repo_uri

from kallithea.lib.vcs.backends import get_backend

from kallithea.lib.utils2 import LazyProperty, safe_str, safe_unicode, \

    remove_prefix, obfuscate_url_pw, get_current_authuser

from kallithea.lib.caching_query import FromCache

from kallithea.lib.hooks import log_delete_repository

from kallithea.model.db import Repository, UserRepoToPerm, UserGroupRepoToPerm, \

    UserRepoGroupToPerm, UserGroupRepoGroupToPerm, User, Permission, Session, \

    Statistics, UserGroup, Ui, RepoGroup, RepositoryField

from kallithea.lib import helpers as h

from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionLevel

from kallithea.lib.exceptions import AttachedForksError

from kallithea.model.scm import UserGroupList

log = logging.getLogger(__name__)

class RepoModel(object):

    URL_SEPARATOR = Repository.url_sep()

    def _create_default_perms(self, repository, private):

        # create default permission

        default = 'repository.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('repository.'):

                default = p.permission.permission_name

                break

        default_perm = 'repository.none' if private else default

        repo_to_perm = UserRepoToPerm()

        repo_to_perm.permission = Permission.get_by_key(default_perm)

        repo_to_perm.repository = repository

        repo_to_perm.user_id = def_user.user_id

        Session().add(repo_to_perm)

        return repo_to_perm

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        q = Ui.query().filter(Ui.ui_key == '/').one()

        return q.ui_value

    def get(self, repo_id, cache=False):

        repo = Repository.query() \

            .filter(Repository.repo_id == repo_id)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_id))

        return repo.scalar()

    def get_repo(self, repository):

        return Repository.guess_instance(repository)

    def get_by_repo_name(self, repo_name, cache=False):

        repo = Repository.query() \

            .filter(Repository.repo_name == repo_name)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_name))

        return repo.scalar()

    def get_all_user_repos(self, user):

        """

        Gets all repositories that user have at least read access

        :param user:

        """

        from kallithea.lib.auth import AuthUser

        user = User.guess_instance(user)

        repos = AuthUser(dbuser=user).permissions['repositories']

        access_check = lambda r: r[1] in ['repository.read',

                                          'repository.write',

                                          'repository.admin']

        repos = [x[0] for x in filter(access_check, repos.items())]

        return Repository.query().filter(Repository.repo_name.in_(repos))

    def get_users_js(self):

        users = User.query() \

            .filter(User.active == True) \

            .order_by(User.name, User.lastname) \

            .all()

        return [

            {

                'id': u.user_id,

            if admin:

                row.update({

                    "action": repo_actions(repo.repo_name),

                    "owner": owner_actions(repo.owner_id,

                                           h.person(repo.owner))

                })

            repos_data.append(row)

        return {

            "sort": "name",

            "dir": "asc",

            "records": repos_data

        }

    def _get_defaults(self, repo_name):

        """

        Gets information about repository, and returns a dict for

        usage in forms

        :param repo_name:

        """

        repo_info = Repository.get_by_repo_name(repo_name)

        if repo_info is None:

            return None

        defaults = repo_info.get_dict()

        defaults['repo_name'] = repo_info.just_name

        defaults['repo_group'] = repo_info.group_id

        for strip, k in [(0, 'repo_type'), (1, 'repo_enable_downloads'),

                         (1, 'repo_description'), (1, 'repo_enable_locking'),

                         (1, 'repo_landing_rev'), (0, 'clone_uri'),

                         (1, 'repo_private'), (1, 'repo_enable_statistics')]:

            attr = k

            if strip:

                attr = remove_prefix(k, 'repo_')

            val = defaults[attr]

            if k == 'repo_landing_rev':

                val = ':'.join(defaults[attr])

            defaults[k] = val

            if k == 'clone_uri':

                defaults['clone_uri_hidden'] = repo_info.clone_uri_hidden

        # fill owner

        if repo_info.owner:

            defaults.update({'owner': repo_info.owner.username})

        else:

            replacement_user = User.query().filter(User.admin ==

                                                   True).first().username

            defaults.update({'owner': replacement_user})

        # fill repository users

        for p in repo_info.repo_to_perm:

            defaults.update({'u_perm_%s' % p.user.username:

                                 p.permission.permission_name})

        # fill repository groups

        for p in repo_info.users_group_to_perm:

            defaults.update({'g_perm_%s' % p.users_group.users_group_name:

                                 p.permission.permission_name})

        return defaults

    def update(self, repo, **kwargs):

        try:

            cur_repo = Repository.guess_instance(repo)

            org_repo_name = cur_repo.repo_name

            if 'owner' in kwargs:

                cur_repo.owner = User.get_by_username(kwargs['owner'])

            if 'repo_group' in kwargs:

                assert kwargs['repo_group'] != u'-1', kwargs # RepoForm should have converted to None

                cur_repo.group = RepoGroup.get(kwargs['repo_group'])

                cur_repo.repo_name = cur_repo.get_new_name(cur_repo.just_name)

            log.debug('Updating repo %s with params:%s', cur_repo, kwargs)

            for k in ['repo_enable_downloads',

                      'repo_description',

                      'repo_enable_locking',

                      'repo_landing_rev',

                      'repo_private',

                      'repo_enable_statistics',

                      ]:

                if k in kwargs:

                    setattr(cur_repo, remove_prefix(k, 'repo_'), kwargs[k])

            clone_uri = kwargs.get('clone_uri')

            if clone_uri is not None and clone_uri != cur_repo.clone_uri_hidden:

                # clone_uri is modified - if given a value, check it is valid

                if clone_uri != '':

                    # will raise exception on error

                    is_valid_repo_uri(cur_repo.repo_type, clone_uri, make_ui('db', clear_session=False))

                cur_repo.clone_uri = clone_uri

            if 'repo_name' in kwargs:

            # if private flag is set, reset default permission to NONE

            if kwargs.get('repo_private'):

                EMPTY_PERM = 'repository.none'

                RepoModel().grant_user_permission(

                    repo=cur_repo, user='default', perm=EMPTY_PERM

                )

                # handle extra fields

            for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),

                                kwargs):

                k = RepositoryField.un_prefix_key(field)

                ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo)

                if ex_field:

                    ex_field.field_value = kwargs[field]

            if org_repo_name != cur_repo.repo_name:

                # rename repository

                self._rename_filesystem_repo(old=org_repo_name, new=cur_repo.repo_name)

            return cur_repo

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _create_repo(self, repo_name, repo_type, description, owner,

                     private=False, clone_uri=None, repo_group=None,

                     landing_rev='rev:tip', fork_of=None,

                     copy_fork_permissions=False, enable_statistics=False,

                     enable_locking=False, enable_downloads=False,

                     copy_group_permissions=False, state=Repository.STATE_PENDING):

        """

        Create repository inside database with PENDING state. This should only be

        executed by create() repo, with exception of importing existing repos.

        """

        from kallithea.model.scm import ScmModel

        owner = User.guess_instance(owner)

        fork_of = Repository.guess_instance(fork_of)

        repo_group = RepoGroup.guess_instance(repo_group)

        try:

            repo_name = safe_unicode(repo_name)

            description = safe_unicode(description)

            # repo name is just a name of repository

            # while repo_name_full is a full qualified name that is combined

            # with name and path of group

            repo_name_full = repo_name

            repo_name = repo_name.split(self.URL_SEPARATOR)[-1]

            new_repo = Repository()

            new_repo.repo_state = state

            new_repo.enable_statistics = False

            new_repo.repo_name = repo_name_full

            new_repo.repo_type = repo_type

            new_repo.owner = owner

            new_repo.group = repo_group

            new_repo.description = description or repo_name

            new_repo.private = private

            if clone_uri:

                # will raise exception on error

                is_valid_repo_uri(repo_type, clone_uri, make_ui('db', clear_session=False))

            new_repo.clone_uri = clone_uri

            new_repo.landing_rev = landing_rev

            new_repo.enable_statistics = enable_statistics

            new_repo.enable_locking = enable_locking

            new_repo.enable_downloads = enable_downloads

            if repo_group:

                new_repo.enable_locking = repo_group.enable_locking

            if fork_of:

                parent_repo = fork_of

                new_repo.fork = parent_repo

            Session().add(new_repo)

            if fork_of and copy_fork_permissions:

                repo = fork_of

                user_perms = UserRepoToPerm.query() \

                    .filter(UserRepoToPerm.repository == repo).all()

                group_perms = UserGroupRepoToPerm.query() \

                    .filter(UserGroupRepoToPerm.repository == repo).all()

                for perm in user_perms:

                    UserRepoToPerm.create(perm.user, new_repo, perm.permission)

                for perm in group_perms:

                    UserGroupRepoToPerm.create(perm.users_group, new_repo,

                                               perm.permission)

            elif repo_group and copy_group_permissions:

                user_perms = UserRepoGroupToPerm.query() \

                    .filter(UserRepoGroupToPerm.group == repo_group).all()

                group_perms = UserGroupRepoGroupToPerm.query() \

                    .filter(UserGroupRepoGroupToPerm.group == repo_group).all()

                for perm in user_perms:

                    perm_name = perm.permission.permission_name.replace('group.', 'repository.')

                    perm_obj = Permission.get_by_key(perm_name)

                    UserRepoToPerm.create(perm.user, new_repo, perm_obj)

                for perm in group_perms:

                    perm_name = perm.permission.permission_name.replace('group.', 'repository.')

                    perm_obj = Permission.get_by_key(perm_name)

                    UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)

            else:

                self._create_default_perms(new_repo, private)

            # now automatically start following this repository as owner

            ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id)

            # we need to flush here, in order to check if database won't

            # throw any exceptions, create filesystem dirs at the very end

            Session().flush()

            return new_repo

        except Exception:

            log.error(traceback.format_exc())

            raise

    def create(self, form_data, cur_user):

        """

        Create repository using celery tasks

        :param form_data:

        :param cur_user:

        """

        from kallithea.lib.celerylib import tasks

        return tasks.create_repo(form_data, cur_user)

    def _update_permissions(self, repo, perms_new=None, perms_updates=None,

                            check_perms=True):

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        # update permissions

        for member, perm, member_type in perms_updates:

            if member_type == 'user':

                # this updates existing one

                self.grant_user_permission(

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.repo_group

~~~~~~~~~~~~~~~~~~~~~~~~~~

repo group model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jan 25, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import logging

import traceback

import shutil

import datetime

from kallithea.lib.utils2 import LazyProperty

from kallithea.model.db import RepoGroup, Session, Ui, UserRepoGroupToPerm, \

    User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository

log = logging.getLogger(__name__)

class RepoGroupModel(object):

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        q = Ui.get_by_key('paths', '/')

        return q.ui_value

    def _create_default_perms(self, new_group):

        # create default permission

        default_perm = 'group.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('group.'):

                default_perm = p.permission.permission_name

                break

        repo_group_to_perm = UserRepoGroupToPerm()

        repo_group_to_perm.permission = Permission.get_by_key(default_perm)

        repo_group_to_perm.group = new_group

        repo_group_to_perm.user_id = def_user.user_id

        Session().add(repo_group_to_perm)

        return repo_group_to_perm

    def _create_group(self, group_name):

        """

        makes repository group on filesystem

        :param repo_name:

        :param parent_id:

        """

        create_path = os.path.join(self.repos_path, group_name)

        log.debug('creating new group in %s', create_path)

        if os.path.isdir(create_path):

            raise Exception('That directory already exists !')

        os.makedirs(create_path)

        log.debug('Created group in %s', create_path)

    def _rename_group(self, old, new):

        """

        Renames a group on filesystem

        :param group_name:

        """

        if old == new:

            log.debug('skipping group rename')

            return

        log.debug('renaming repository group from %s to %s', old, new)

        old_path = os.path.join(self.repos_path, old)

        new_path = os.path.join(self.repos_path, new)

        log.debug('renaming repos paths from %s to %s', old_path, new_path)

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already '

                            'existing dir %s' % new_path)

        shutil.move(old_path, new_path)

    def _delete_group(self, group, force_delete=False):

        """

        Deletes a group from a filesystem

        :param group: instance of group from database

        :param force_delete: use shutil rmtree to remove all objects

        """

        paths = group.full_path.split(RepoGroup.url_sep())

        paths = os.sep.join(paths)

        rm_path = os.path.join(self.repos_path, paths)

        log.info("Removing group %s", rm_path)

        # delete only if that path really exists

        if os.path.isdir(rm_path):

            if force_delete:

                shutil.rmtree(rm_path)

            else:

                # archive that group

                _now = datetime.datetime.now()

                _ms = str(_now.microsecond).rjust(6, '0')

                _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),

                                          group.name)

                shutil.move(rm_path, os.path.join(self.repos_path, _d))

    def create(self, group_name, group_description, owner, parent=None,

               just_db=False, copy_permissions=False):

        try:

            owner = User.guess_instance(owner)

            parent_group = RepoGroup.guess_instance(parent)

            new_repo_group = RepoGroup()

            new_repo_group.owner = owner

            new_repo_group.group_description = group_description or group_name

            new_repo_group.parent_group = parent_group

            new_repo_group.group_name = new_repo_group.get_new_name(group_name)

            Session().add(new_repo_group)

            # create an ADMIN permission for owner except if we're super admin,

            # later owner should go into the owner field of groups

            if not owner.is_admin:

                self.grant_user_permission(repo_group=new_repo_group,

                                           user=owner, perm='group.admin')

            if parent_group and copy_permissions:

                # copy permissions from parent

                user_perms = UserRepoGroupToPerm.query() \

                    .filter(UserRepoGroupToPerm.group == parent_group).all()

                group_perms = UserGroupRepoGroupToPerm.query() \

                    .filter(UserGroupRepoGroupToPerm.group == parent_group).all()

                for perm in user_perms:

                    # don't copy over the permission for user who is creating

                    # this group, if he is not super admin he get's admin

                    # permission set above

                    if perm.user != owner or owner.is_admin:

                        UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)

                for perm in group_perms:

                    UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)

            else:

                self._create_default_perms(new_repo_group)

            if not just_db:

                # we need to flush here, in order to check if database won't

                # throw any exceptions, create filesystem dirs at the very end

                Session().flush()

                self._create_group(new_repo_group.group_name)

            return new_repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repo_group, perms_new=None,

                            perms_updates=None, recursive=None,

                            check_perms=True):

        from kallithea.model.repo import RepoModel

        from kallithea.lib.auth import HasUserGroupPermissionLevel

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_permission(repo_group=obj, user=user, perm=perm)

            elif isinstance(obj, Repository):

                user = User.guess_instance(user)

                # private repos will not allow to change the default permissions

                # using recursive mode

                if obj.private and user.is_default_user:

                    return

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_group_permission(repo_group=obj,

                                                  group_name=users_group,

                                                  perm=perm)

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        # start updates

        updates = []

        log.debug('Now updating permissions for %s in recursive mode:%s',

                  repo_group, recursive)

        for obj in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

                pass

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(obj, RepoGroup) and not obj == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(obj, Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                obj = repo_group

                # also we do a break at the end of this loop.

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for user group

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

        return updates

    def update(self, repo_group, kwargs):

        try:

            repo_group = RepoGroup.guess_instance(repo_group)

            old_path = repo_group.full_path

            # change properties

            if 'group_description' in kwargs:

                repo_group.group_description = kwargs['group_description']

            if 'parent_group_id' in kwargs:

                repo_group.parent_group_id = kwargs['parent_group_id']

            if 'enable_locking' in kwargs:

                repo_group.enable_locking = kwargs['enable_locking']

            if 'parent_group_id' in kwargs:

                assert kwargs['parent_group_id'] != u'-1', kwargs # RepoGroupForm should have converted to None

                repo_group.parent_group = RepoGroup.get(kwargs['parent_group_id'])

            if 'group_name' in kwargs:

            new_path = repo_group.full_path

            Session().add(repo_group)

            # iterate over all members of this groups and do fixes

            # set locking if given

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repo_group.recursive_groups_and_repos():

                # set the value from it's parent

                obj.enable_locking = repo_group.enable_locking

                if isinstance(obj, RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s' \

                                % (obj.group_name, new_name))

                    obj.group_name = new_name

                elif isinstance(obj, Repository):

                    # we need to get all repositories from this new group and

                    # rename them accordingly to new group path

                    new_name = obj.get_new_name(obj.just_name)

                    log.debug('Fixing repo %s to new name %s' \

                                % (obj.repo_name, new_name))

                    obj.repo_name = new_name

            self._rename_group(old_path, new_path)

            return repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, repo_group, force_delete=False):

        repo_group = RepoGroup.guess_instance(repo_group)

        try:

            Session().delete(repo_group)

            self._delete_group(repo_group, force_delete)

        except Exception:

            log.error('Error removing repo_group %s', repo_group)

            raise

    def add_permission(self, repo_group, obj, obj_type, perm, recursive):

        from kallithea.model.repo import RepoModel

        repo_group = RepoGroup.guess_instance(repo_group)

        perm = Permission.guess_instance(perm)

        for el in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

                pass

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(el, RepoGroup) and not el == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(el, Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                el = repo_group

                # also we do a break at the end of this loop.

            if isinstance(el, RepoGroup):

                if obj_type == 'user':

                    RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)

                elif obj_type == 'user_group':

                    RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            elif isinstance(el, Repository):

                # for repos we need to hotfix the name of permission

                _perm = perm.permission_name.replace('group.', 'repository.')

                if obj_type == 'user':

                    RepoModel().grant_user_permission(el, user=obj, perm=_perm)

                elif obj_type == 'user_group':

                    RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            else:

                raise Exception('el should be instance of Repository or '

                                'RepositoryGroup got %s instead' % type(el))

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

    def delete_permission(self, repo_group, obj, obj_type, recursive):

        """

        Revokes permission for repo_group for given obj(user or users_group),

        obj_type can be user or user group

        :param repo_group:

        :param obj: user or user group id

        :param obj_type: user or user group type

                                  root_path=path, )

        response = api_call(self, params)

        expected = 'failed to get repo: `%s` nodes' % self.REPO

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repo_nodes_bad_path(self):

        rev = 'tip'

        path = '/idontexits'

        id_, params = _build_data(self.apikey, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path, )

        response = api_call(self, params)

        expected = 'failed to get repo: `%s` nodes' % self.REPO

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repo_nodes_bad_ret_type(self):

        rev = 'tip'

        path = '/'

        ret_type = 'error'

        id_, params = _build_data(self.apikey, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path,

                                  ret_type=ret_type)

        response = api_call(self, params)

        expected = ('ret_type must be one of %s'

                    % (','.join(['files', 'dirs', 'all'])))

        self._compare_error(id_, expected, given=response.body)

    @parametrize('name,ret_type,grant_perm', [

        ('all', 'all', 'repository.write'),

        ('dirs', 'dirs', 'repository.admin'),

        ('files', 'files', 'repository.read'),

    ])

    def test_api_get_repo_nodes_by_regular_user(self, name, ret_type, grant_perm):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm=grant_perm)

        Session().commit()

        rev = 'tip'

        path = '/'

        id_, params = _build_data(self.apikey_regular, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path,

                                  ret_type=ret_type)

        response = api_call(self, params)

        # we don't the actual return types here since it's tested somewhere

        # else

        expected = response.json['result']

        try:

            self._compare_ok(id_, expected, given=response.body)

        finally:

            RepoModel().revoke_user_permission(self.REPO, self.TEST_USER_LOGIN)

    def test_api_create_repo(self):

        repo_name = u'api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo is not None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    @parametrize('repo_name', [

        u'',

        u'.',

        u'..',

        u':',

        u'/',

        u'<test>',

    ])

    def test_api_create_repo_bad_names(self, repo_name):

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,