# -*- coding: utf-8 -*-

"""

    rhodecode.model.user_group

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    users groups model for RhodeCode

    :created_on: Jan 25, 2011

    :author: marcink

    :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

import shutil

import datetime

from rhodecode.lib.utils2 import LazyProperty

from rhodecode.model import BaseModel

from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \

    User, Permission, UsersGroupRepoGroupToPerm, UsersGroup, Repository

log = logging.getLogger(__name__)

class ReposGroupModel(BaseModel):

    cls = RepoGroup

    def __get_users_group(self, users_group):

        return self._get_instance(UsersGroup, users_group,

                                  callback=UsersGroup.get_by_group_name)

    def _get_repos_group(self, repos_group):

        return self._get_instance(RepoGroup, repos_group,

                                  callback=RepoGroup.get_by_group_name)

    @LazyProperty

    def repos_path(self):

        """

        Get's the repositories root path from database

        """

        q = RhodeCodeUi.get_by_key('/')

        return q.ui_value

    def _create_default_perms(self, new_group):

        # create default permission

        repo_group_to_perm = UserRepoGroupToPerm()

        default_perm = 'group.read'

        for p in User.get_by_username('default').user_perms:

            if p.permission.permission_name.startswith('group.'):

                default_perm = p.permission.permission_name

                break

        repo_group_to_perm.permission_id = self.sa.query(Permission)\

                .filter(Permission.permission_name == default_perm)\

                .one().permission_id

        repo_group_to_perm.group = new_group

        repo_group_to_perm.user_id = User.get_by_username('default').user_id

        self.sa.add(repo_group_to_perm)

    def __create_group(self, group_name):

        """

        makes repositories group on filesystem

        :param repo_name:

        :param parent_id:

        """

        create_path = os.path.join(self.repos_path, group_name)

        log.debug('creating new group in %s' % create_path)

        if os.path.isdir(create_path):

            raise Exception('That directory already exists !')

        os.makedirs(create_path)

    def __rename_group(self, old, new):

        """

        Renames a group on filesystem

        :param group_name:

        """

        if old == new:

            log.debug('skipping group rename')

            return

        log.debug('renaming repos group from %s to %s' % (old, new))

        old_path = os.path.join(self.repos_path, old)

        new_path = os.path.join(self.repos_path, new)

        log.debug('renaming repos paths from %s to %s' % (old_path, new_path))

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already '

                            'existing dir %s' % new_path)

        shutil.move(old_path, new_path)

    def __delete_group(self, group, force_delete=False):

        """

        Deletes a group from a filesystem

        :param group: instance of group from database

        :param force_delete: use shutil rmtree to remove all objects

        """

        paths = group.full_path.split(RepoGroup.url_sep())

        paths = os.sep.join(paths)

        rm_path = os.path.join(self.repos_path, paths)

        log.info("Removing group %s" % (rm_path))

        # delete only if that path really exists

        if os.path.isdir(rm_path):

            if force_delete:

                shutil.rmtree(rm_path)

            else:

                #archive that group`

                _now = datetime.datetime.now()

                _ms = str(_now.microsecond).rjust(6, '0')

                _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),

                                          group.name)

                shutil.move(rm_path, os.path.join(self.repos_path, _d))

    def create(self, group_name, group_description, parent=None, just_db=False):

        try:

            new_repos_group = RepoGroup()

            new_repos_group.group_description = group_description

            new_repos_group.parent_group = self._get_repos_group(parent)

            new_repos_group.group_name = new_repos_group.get_new_name(group_name)

            self.sa.add(new_repos_group)

            self._create_default_perms(new_repos_group)

            if not just_db:

                # we need to flush here, in order to check if database won't

                # throw any exceptions, create filesystem dirs at the very end

                self.sa.flush()

                self.__create_group(new_repos_group.group_name)

            return new_repos_group

        except:

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repos_group, perms_new=None,

                            perms_updates=None, recursive=False):

        from rhodecode.model.repo import RepoModel

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                ReposGroupModel().grant_user_permission(

                    repos_group=obj, user=user, perm=perm

                )

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                ReposGroupModel().grant_users_group_permission(

                    repos_group=obj, group_name=users_group, perm=perm

                )

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_users_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        updates = []

        log.debug('Now updating permissions for %s in recursive mode:%s'

                  % (repos_group, recursive))

        for obj in repos_group.recursive_groups_and_repos():

            if not recursive:

                obj = repos_group

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for users group

                else:

                    _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            #if it's not recursive call

            # break the loop and don't proceed with other changes

            if not recursive:

                break

        return updates

    def update(self, repos_group_id, form_data):

        try:

            repos_group = RepoGroup.get(repos_group_id)

            recursive = form_data['recursive']

            # iterate over all members(if in recursive mode) of this groups and

            # set the permissions !

            # this can be potentially heavy operation

            self._update_permissions(repos_group, form_data['perms_new'],

                                     form_data['perms_updates'], recursive)

            old_path = repos_group.full_path

            # change properties

            repos_group.group_description = form_data['group_description']

            repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])

            repos_group.group_parent_id = form_data['group_parent_id']

            repos_group.enable_locking = form_data['enable_locking']

            repos_group.group_name = repos_group.get_new_name(form_data['group_name'])

            new_path = repos_group.full_path

            self.sa.add(repos_group)

            # iterate over all members of this groups and set the locking !

            # this can be potentially heavy operation

            for obj in repos_group.recursive_groups_and_repos():

                #set the value from it's parent

                obj.enable_locking = repos_group.enable_locking

                self.sa.add(obj)

            # we need to get all repositories from this new group and

            # rename them accordingly to new group path

            for r in repos_group.repositories:

                r.repo_name = r.get_new_name(r.just_name)

                self.sa.add(r)

            self.__rename_group(old_path, new_path)

            return repos_group

        except:

            log.error(traceback.format_exc())

            raise

    def delete(self, repos_group, force_delete=False):

        repos_group = self._get_repos_group(repos_group)

        try:

            self.sa.delete(repos_group)

            self.__delete_group(repos_group, force_delete)

        except:

            log.error('Error removing repos_group %s' % repos_group)

            raise

    def delete_permission(self, repos_group, obj, obj_type, recursive):

        """

        Revokes permission for repos_group for given obj(user or users_group),

        obj_type can be user or users group

        :param repos_group:

        :param obj: user or users group id

        :param obj_type: user or users group type

        :param recursive: recurse to all children of group

        """

        from rhodecode.model.repo import RepoModel

        repos_group = self._get_repos_group(repos_group)

        for el in repos_group.recursive_groups_and_repos():

            if not recursive:

                # if we don't recurse set the permission on only the top level

                # object

                el = repos_group

            if isinstance(el, RepoGroup):

                if obj_type == 'user':

                    ReposGroupModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'users_group':

                    ReposGroupModel().revoke_users_group_permission(el, group_name=obj)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            elif isinstance(el, Repository):

                if obj_type == 'user':

                    RepoModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'users_group':

                    RepoModel().revoke_users_group_permission(el, group_name=obj)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            #if it's not recursive call

            # break the loop and don't proceed with other changes

            if not recursive:

                break

    def grant_user_permission(self, repos_group, user, perm):

        """

        Grant permission for user on given repositories group, or update

        existing one if found

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        :param perm: Instance of Permission, or permission_name

        """

        repos_group = self._get_repos_group(repos_group)

        user = self._get_user(user)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UserRepoGroupToPerm)\

            .filter(UserRepoGroupToPerm.user == user)\

            .filter(UserRepoGroupToPerm.group == repos_group)\

            .scalar()

        if obj is None:

            # create new !

            obj = UserRepoGroupToPerm()

        obj.group = repos_group

        obj.user = user

        obj.permission = permission

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))

    def revoke_user_permission(self, repos_group, user):

        """

        Revoke permission for user on given repositories group

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        """

        repos_group = self._get_repos_group(repos_group)

        user = self._get_user(user)

        obj = self.sa.query(UserRepoGroupToPerm)\

            .filter(UserRepoGroupToPerm.user == user)\

            .filter(UserRepoGroupToPerm.group == repos_group)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repos_group, user))

    def grant_users_group_permission(self, repos_group, group_name, perm):

        """

        Grant permission for users group on given repositories group, or update

        existing one if found

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or users group name

        :param perm: Instance of Permission, or permission_name

        """

        repos_group = self._get_repos_group(repos_group)

        group_name = self.__get_users_group(group_name)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UsersGroupRepoGroupToPerm)\

            .filter(UsersGroupRepoGroupToPerm.group == repos_group)\

            .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\

            .scalar()

        if obj is None:

            # create new

            obj = UsersGroupRepoGroupToPerm()

        obj.group = repos_group

        obj.users_group = group_name

        obj.permission = permission

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))

    def revoke_users_group_permission(self, repos_group, group_name):

        """

        Revoke permission for users group on given repositories group

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or users group name

        """

        repos_group = self._get_repos_group(repos_group)

        group_name = self.__get_users_group(group_name)

        obj = self.sa.query(UsersGroupRepoGroupToPerm)\

            .filter(UsersGroupRepoGroupToPerm.group == repos_group)\

            .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm to %s on %s' % (repos_group, group_name))

<table id="permissions_manage" class="noborder">

    <tr>

        <td>${_('none')}</td>

        <td>${_('read')}</td>

        <td>${_('write')}</td>

        <td>${_('admin')}</td>

        <td>${_('member')}</td>

        <td></td>

    </tr>

    ## USERS

    %for r2p in c.repos_group.repo_group_to_perm:

        <tr id="id${id(r2p.user.username)}">

            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>

            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>

            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>

            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin')}</td>

            <td style="white-space: nowrap;">

                <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}

            </td>

            <td>

              %if r2p.user.username !='default':

                <span class="delete_icon action_button" onclick="ajaxActionUser(${r2p.user.user_id},'${'id%s'%id(r2p.user.username)}')">

                ${_('revoke')}

                </span>

              %endif

            </td>

        </tr>

    %endfor

    ## USERS GROUPS

    %for g2p in c.repos_group.users_group_to_perm:

        <tr id="id${id(g2p.users_group.users_group_name)}">

            <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>

            <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>

            <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>

            <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.admin')}</td>

            <td style="white-space: nowrap;">

                <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>${g2p.users_group.users_group_name}

            </td>

            <td>

                <span class="delete_icon action_button" onclick="ajaxActionUsersGroup(${g2p.users_group.users_group_id},'${'id%s'%id(g2p.users_group.users_group_name)}')">

                ${_('revoke')}

                </span>

            </td>

        </tr>

    %endfor

<%

    _tmpl = h.literal("""' \

        <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

        <td><input type="radio" value="group.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

        <td><input type="radio" value="group.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

        <td><input type="radio" value="group.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

        <td class="ac"> \

            <div class="perm_ac" id="perm_ac_{0}"> \

                <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

                <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

                <div id="perm_container_{0}"></div> \

            </div> \

        </td> \

        <td></td>'""")

    %>

    ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

    <tr class="new_members last_new_member" id="add_perm_input"></tr>

    <tr>

        <td colspan="6">

            <span id="add_perm" class="add_icon" style="cursor: pointer;">

            ${_('Add another member')}

            </span>

        </td>

    </tr>

    <tr>

        <td colspan="6">

           ${h.checkbox('recursive',value="True", label=_('apply to children'))}

        </td>

    </tr>

</table>

<script type="text/javascript">

function ajaxActionUser(user_id, field_id) {

    var sUrl = "${h.url('delete_repos_group_user_perm',group_name=c.repos_group.group_name)}";

    var callback = {

        success: function (o) {

            var tr = YUD.get(String(field_id));

            tr.parentNode.removeChild(tr);

        },

        failure: function (o) {

            alert("${_('Failed to remove user')}");

        },

    };

    var recursive = YUD.get('recursive').checked;

    var postData = '_method=delete&recursive={0}&user_id={1}'.format(recursive,user_id);

    var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);

};

function ajaxActionUsersGroup(users_group_id,field_id){

    var sUrl = "${h.url('delete_repos_group_users_group_perm',group_name=c.repos_group.group_name)}";

    var callback = {

        success:function(o){

            var tr = YUD.get(String(field_id));

            tr.parentNode.removeChild(tr);

        },

        failure:function(o){

            alert("${_('Failed to remove users group')}");

        },

    };

    var recursive = YUD.get('recursive').checked;

    var postData = '_method=delete&recursive={0}&users_group_id={1}'.format(recursive,users_group_id);

    var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);

};

YUE.onDOMReady(function () {

    if (!YUD.hasClass('perm_new_member_name', 'error')) {

        YUD.setStyle('add_perm_input', 'display', 'none');

    }

    YAHOO.util.Event.addListener('add_perm', 'click', function () {

    	addPermAction(${_tmpl}, ${c.users_array|n}, ${c.users_groups_array|n});

    });

});

</script>

import os

import unittest

import functools

from rhodecode.tests import *

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import RepoGroup, Repository, User

from rhodecode.model.user import UserModel

from rhodecode.lib.auth import AuthUser

from rhodecode.model.meta import Session

def _make_group(path, desc='desc', parent_id=None,

                 skip_if_exists=False):

    gr = RepoGroup.get_by_group_name(path)

    if gr and skip_if_exists:

        return gr

    if isinstance(parent_id, RepoGroup):

        parent_id = parent_id.group_id

    gr = ReposGroupModel().create(path, desc, parent_id)

    return gr

    return RepoModel().create_repo(name, repo_type, 'desc',

                                   TEST_USER_ADMIN_LOGIN,

def _destroy_project_tree(test_u1_id):

    Session.remove()

    repos_group = RepoGroup.get_by_group_name(group_name='g0')

    for el in reversed(repos_group.recursive_groups_and_repos()):

        if isinstance(el, Repository):

            RepoModel().delete(el)

        elif isinstance(el, RepoGroup):

            ReposGroupModel().delete(el, force_delete=True)

    u = User.get(test_u1_id)

    Session().delete(u)

    Session().commit()

def _create_project_tree():

    """

    Creates a tree of groups and repositories to test permissions

    structure

     [g0] - group `g0` with 3 subgroups

     |

     |__[g0_1] group g0_1 with 2 groups 0 repos

     |  |

     |  |__[g0_1_1] group g0_1_1 with 1 group 2 repos

     |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r1>

     |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r2>

     |  |__<g0/g0_1/g0_1_r1>

     |

     |__[g0_2] 2 repos

     |  |

     |  |__<g0/g0_2/g0_2_r1>

     |  |__<g0/g0_2/g0_2_r2>

     |

     |__[g0_3] 1 repo

        |

        |_<g0/g0_3/g0_3_r1>

    """

    test_u1 = UserModel().create_or_update(

        username=u'test_u1', password=u'qweqwe',

        email=u'test_u1@rhodecode.org', firstname=u'test_u1', lastname=u'test_u1'

    )

    g0 = _make_group('g0')

    g0_1 = _make_group('g0_1', parent_id=g0)

    g0_1_1 = _make_group('g0_1_1', parent_id=g0_1)

    g0_1_1_r1 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r1', repos_group=g0_1_1)

    g0_1_1_r2 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r2', repos_group=g0_1_1)

    g0_1_r1 = _make_repo('g0/g0_1/g0_1_r1', repos_group=g0_1)

    g0_2 = _make_group('g0_2', parent_id=g0)

    g0_2_r1 = _make_repo('g0/g0_2/g0_2_r1', repos_group=g0_2)

    g0_2_r2 = _make_repo('g0/g0_2/g0_2_r2', repos_group=g0_2)

    g0_3 = _make_group('g0_3', parent_id=g0)

    g0_3_r1 = _make_repo('g0/g0_3/g0_3_r1', repos_group=g0_3)

    return test_u1

def expected_count(group_name, objects=False):

    repos_group = RepoGroup.get_by_group_name(group_name=group_name)

    objs = repos_group.recursive_groups_and_repos()

    if objects:

        return objs

    return len(objs)

def _check_expected_count(items, repo_items, expected):

    should_be = len(items + repo_items)

    there_are = len(expected)

    assert  should_be == there_are, ('%s != %s' % ((items + repo_items), expected))

def check_tree_perms(obj_name, repo_perm, prefix, expected_perm):

    assert repo_perm == expected_perm, ('obj:`%s` got perm:`%s` should:`%s`'

                                    % (obj_name, repo_perm, expected_perm))

def _get_perms(filter_='', recursive=True, key=None, test_u1_id=None):

    test_u1 = AuthUser(user_id=test_u1_id)

    for k, v in test_u1.permissions[key].items():

        if recursive and k.startswith(filter_):

            yield k, v

        elif not recursive:

            if k == filter_:

                yield k, v

import os

import unittest

import functools

from rhodecode.tests import *

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.db import RepoGroup, Repository, User

from rhodecode.model.meta import Session

from nose.tools import with_setup

from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \

    _get_perms, _check_expected_count, expected_count, _destroy_project_tree

from rhodecode.model.repo import RepoModel

test_u1_id = None

_get_repo_perms = None

_get_group_perms = None

def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):

    """

    Resets all permissions to perm attribute

    """

    repos_group = RepoGroup.get_by_group_name(group_name=group_name)

    if not repos_group:

        raise Exception('Cannot get group %s' % group_name)

    perms_updates = [[test_u1_id, perm, 'user']]

    ReposGroupModel()._update_permissions(repos_group,

                                          perms_updates=perms_updates,

                                          recursive=recursive)

    Session().commit()

def setup_module():

    global test_u1_id, _get_repo_perms, _get_group_perms

    test_u1 = _create_project_tree()

    Session().commit()

    test_u1_id = test_u1.user_id

    _get_repo_perms = functools.partial(_get_perms, key='repositories',

                                        test_u1_id=test_u1_id)

    _get_group_perms = functools.partial(_get_perms, key='repositories_groups',

                                         test_u1_id=test_u1_id)

def teardown_module():

    _destroy_project_tree(test_u1_id)

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_without_recursive_mode():

    # set permission to g0 non-recursive mode

    recursive = False

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    items = [x for x in _get_repo_perms(group, recursive)]

    expected = 0

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'repository.read'

    items = [x for x in _get_group_perms(group, recursive)]

    expected = 1

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_without_recursive_mode_subgroup():

    # set permission to g0 non-recursive mode

    recursive = False

    group = 'g0/g0_1'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    items = [x for x in _get_repo_perms(group, recursive)]

    expected = 0

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'repository.read'

    items = [x for x in _get_group_perms(group, recursive)]

    expected = 1

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode():

    # set permission to g0 recursive mode, all children including

    # other repos and groups should have this permission now set !

    recursive = True

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.write'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_inner_group():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_3'

    permissions_setup_func(group, 'group.none', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.none'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.none'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_deepest():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_1/g0_1_1'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.write'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_only_with_repos():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_2'

    permissions_setup_func(group, 'group.admin', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.admin'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.admin'