INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "create_users_group"

    args:     {

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

        VERSION += ('%s' % _rev[0],)

except ImportError:

    pass

__version__ = ('.'.join((str(each) for each in VERSION[:3])) +

               '.'.join(VERSION[3:]))

__platform__ = platform.system()

__license__ = 'GPLv3'

__py_version__ = sys.version_info

__author__ = 'Marcin Kuzminski'

__url__ = 'http://rhodecode.org'

        m.connect("repos_group", "/repos_groups/{group_name:.*?}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_group))

        m.connect("formatted_repos_group", "/repos_groups/{group_name:.*?}.{format}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_group))

        # ajax delete repository group perm user

        m.connect('delete_repos_group_user_perm',

                  "/delete_repos_group_user_perm/{group_name:.*?}",

             action="delete_repos_group_user_perm",

             conditions=dict(method=["DELETE"], function=check_group))

        m.connect("users_group", "/users_groups/{id}",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_users_group", "/users_groups/{id}.{format}",

                  action="show", conditions=dict(method=["GET"]))

        #EXTRAS USER ROUTES

                  action="update_perm", conditions=dict(method=["PUT"]))

    #ADMIN GROUP REST ROUTES

    rmap.resource('group', 'groups',

                  controller='admin/groups', path_prefix=ADMIN_PREFIX)

    #ADMIN PERMISSIONS REST ROUTES

    rmap.resource('permission', 'permissions',

from rhodecode.lib.utils import action_logger, repo_name_slug

from rhodecode.lib.helpers import get_token

from rhodecode.model.meta import Session

from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\

    RhodeCodeSetting, RepositoryField

from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm

from rhodecode.model.repo import RepoModel

from rhodecode.lib.compat import json

from sqlalchemy.sql.expression import func

from rhodecode.lib.exceptions import AttachedForksError

log = logging.getLogger(__name__)

    @LoginRequired()

    def __before__(self):

        super(ReposController, self).__before__()

    def __load_defaults(self):

                               perm_set=['group.write', 'group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)

        c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)

        repo_model = RepoModel()

        c.users_array = repo_model.get_users_js()

            #but maybe you have at least write permission to a parent group ?

            _gr = RepoGroup.get(parent_group)

            gr_name = _gr.group_name if _gr else None

            if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):

                raise HTTPForbidden

                               perm_set=['group.write', 'group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)

        c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)

        choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        c.new_repo = repo_name_slug(new_repo)

        return redirect(url('repos'))

    @HasRepoPermissionAllDecorator('repository.admin')

    def set_repo_perm_member(self, repo_name):

        form = RepoPermsForm()().to_python(request.POST)

        #TODO: implement this

        #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',

        #              repo_name, self.ip_addr, self.sa)

        Session().commit()

        h.flash(_('Repository permissions updated'), category='success')

        return redirect(url('edit_repo', repo_name=repo_name))

from rhodecode.lib.compat import json

from rhodecode.lib.auth import LoginRequired, HasPermissionAnyDecorator,\

    HasReposGroupPermissionAnyDecorator, HasReposGroupPermissionAll,\

    HasPermissionAll

from rhodecode.lib.base import BaseController, render

from rhodecode.model.db import RepoGroup, Repository

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.meta import Session

from rhodecode.model.repo import RepoModel

from webob.exc import HTTPInternalServerError, HTTPNotFound

from rhodecode.lib.utils2 import str2bool, safe_int

from sqlalchemy.sql.expression import func

log = logging.getLogger(__name__)

class ReposGroupsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

        if HasPermissionAll('hg.admin')('group edit'):

            #we're global admin, we're ok and we can create TOP level groups

            allow_empty_group = True

        #override the choices for this form, we need to filter choices

        #and display only those we have ADMIN right

                                             perm_set=['group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=groups_with_admin_rights,

                                                 show_empty_group=allow_empty_group)

        # exclude filtered ids

        c.repo_groups = filter(lambda x: x[0] not in exclude_group_ids,

                               c.repo_groups)

        :param group_id:

        """

        repo_group = RepoGroup.get_or_404(group_id)

        data = repo_group.get_dict()

        data['group_name'] = repo_group.name

        for p in repo_group.repo_group_to_perm:

            data.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        for p in repo_group.users_group_to_perm:

            data.update({'g_perm_%s' % p.users_group.users_group_name:

                             p.permission.permission_name})

        return data

            return True

        return False

    def index(self, format='html'):

        """GET /repos_groups: All items in the collection"""

        # url('repos_groups')

        sk = lambda g: g.parents[0].group_name if g.parents else g.group_name

        c.groups = sorted(group_iter, key=sk)

        return render('admin/repos_groups/repos_groups_show.html')

    def create(self):

        """POST /repos_groups: Create a new item"""

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('repos_group', group_name=GROUP_NAME),

        #           method='put')

        # url('repos_group', group_name=GROUP_NAME)

        if HasPermissionAll('hg.admin')('group edit'):

            #we're global admin, we're ok and we can create TOP level groups

            allow_empty_group = True

        elif not c.repos_group.parent_group:

            allow_empty_group = True

        else:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('repos_group', group_name=GROUP_NAME),

        #           method='delete')

        # url('repos_group', group_name=GROUP_NAME)

        repos = gr.repositories.all()

        if repos:

            h.flash(_('This group contains %s repositores and cannot be '

                      'deleted') % len(repos), category='warning')

            return redirect(url('repos_groups'))

            h.flash(_('Error occurred during deletion of repos '

                      'group %s') % group_name, category='error')

        return redirect(url('repos_groups'))

    @HasReposGroupPermissionAnyDecorator('group.admin')

    def delete_repos_group_user_perm(self, group_name):

        """

        DELETE an existing repository group permission user

        :param group_name:

        """

    @HasReposGroupPermissionAnyDecorator('group.read', 'group.write',

                                         'group.admin')

    def show(self, group_name, format='html'):

        """GET /repos_groups/group_name: Show a specific item"""

        # url('repos_group', group_name=GROUP_NAME)

        c.group_repos = c.group.repositories.all()

        #overwrite our cached list with current filter

        gr_filter = c.group_repos

        c.repo_cnt = 0

    @HasReposGroupPermissionAnyDecorator('group.admin')

    def edit(self, group_name, format='html'):

        """GET /repos_groups/group_name/edit: Form to edit an existing item"""

        # url('edit_repos_group', group_name=GROUP_NAME)

        #we can only allow moving empty group if it's already a top-level

        #group, ie has no parents, or we're admin

        if HasPermissionAll('hg.admin')('group edit'):

            #we're global admin, we're ok and we can create TOP level groups

            allow_empty_group = True

        elif not c.repos_group.parent_group:

from rhodecode.lib.utils import repo2db_mapper, set_rhodecode_config, \

    check_git_version

from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \

    RhodeCodeSetting, PullRequest, PullRequestReviewers

from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \

    ApplicationUiSettingsForm, ApplicationVisualisationForm

from rhodecode.model.user import UserModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import User

from rhodecode.model.notification import EmailNotificationModel

from rhodecode.model.meta import Session

from rhodecode.lib.utils2 import str2bool, safe_unicode

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib import helpers as h

from rhodecode.lib.exceptions import UserGroupsAssignedException

from rhodecode.lib.base import BaseController, render

from rhodecode.model.users_group import UserGroupModel

from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\

    UserGroupRepoToPerm, UserGroupRepoGroupToPerm

from rhodecode.model.meta import Session

from rhodecode.lib.utils import action_logger

from sqlalchemy.orm import joinedload

log = logging.getLogger(__name__)

class UsersGroupsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('users_group', 'users_groups')

    @LoginRequired()

    def __before__(self):

        super(UsersGroupsController, self).__before__()

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        """GET /users_groups: All items in the collection"""

        # url('users_groups')

        return render('admin/users_groups/users_groups.html')

    def create(self):

        """POST /users_groups: Create a new item"""

        # url('users_groups')

        users_group_form = UserGroupForm()()

        try:

            form_result = users_group_form.to_python(dict(request.POST))

            UserGroupModel().create(name=form_result['users_group_name'],

            gr = form_result['users_group_name']

            action_logger(self.rhodecode_user,

                          'admin_created_users_group:%s' % gr,

                          None, self.ip_addr, self.sa)

            h.flash(_('Created user group %s') % gr, category='success')

            Session().commit()

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user group %s') \

                    % request.POST.get('users_group_name'), category='error')

        return redirect(url('users_groups'))

    def new(self, format='html'):

        """GET /users_groups/new: Form to create a new item"""

        # url('new_users_group')

        return render('admin/users_groups/users_group_add.html')

    def update(self, id):

        """PUT /users_groups/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('users_group', id=ID),

        #           method='put')

        # url('users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)

        available_members = [safe_unicode(x[0]) for x in c.available_members]

        users_group_form = UserGroupForm(edit=True,

                                          old_data=c.users_group.get_dict(),

                                          available_members=available_members)()

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user group %s') \

                    % request.POST.get('users_group_name'), category='error')

        return redirect(url('edit_users_group', id=id))

    def delete(self, id):

        """DELETE /users_groups/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('users_group', id=ID),

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user group'),

                    category='error')

        return redirect(url('users_groups'))

    def show(self, id, format='html'):

        """GET /users_groups/id: Show a specific item"""

        # url('users_group', id=ID)

    def edit(self, id, format='html'):

        """GET /users_groups/id/edit: Form to edit an existing item"""

        # url('edit_users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)

        return htmlfill.render(

            render('admin/users_groups/users_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    def update_perm(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)

        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))

        result = []

        for users_group in UserGroupModel().get_all():

            result.append(users_group.get_api_data())

        return result

    @HasPermissionAllDecorator('hg.admin')

        """

        Creates an new usergroup

        :param apiuser:

        :param group_name:

        :param active:

        """

        if UserGroupModel().get_by_name(group_name):

            raise JSONRPCError("user group `%s` already exist" % group_name)

        try:

            active = Optional.extract(active)

            Session().commit()

            return dict(

                msg='created new user group `%s`' % group_name,

                users_group=ug.get_api_data()

            )

        except Exception:

    HasPermissionAnyDecorator

from rhodecode.lib.base import BaseRepoController, render

from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User,\

    RhodeCodeUi

from rhodecode.model.repo import RepoModel

from rhodecode.model.forms import RepoForkForm

from rhodecode.lib.utils2 import safe_int

log = logging.getLogger(__name__)

class ForksController(BaseRepoController):

    @LoginRequired()

    def __before__(self):

        super(ForksController, self).__before__()

    def __load_defaults(self):

                               perm_set=['group.write', 'group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)

        c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)

        choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        c.landing_revs_choices = choices

from rhodecode import __platform__, is_windows, is_unix

from rhodecode.model.meta import Session

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\

    LdapImportError

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import Permission, RhodeCodeSetting, User, UserIpMap

from rhodecode.lib.caching_query import FromCache

        Returns list of repositories you're an admin of

        """

        return [x[0] for x in self.permissions['repositories'].iteritems()

                if x[1] == 'repository.admin']

    @property

        """

        Returns list of repository groups you're an admin of

        """

        return [x[0] for x in self.permissions['repositories_groups'].iteritems()

                if x[1] == 'group.admin']

    @property

    def ip_allowed(self):

        """

        Checks if ip_addr used in constructor is allowed from defined list of

        allowed ip_addresses for user

        :returns: boolean, True if ip is in allowed ip range

        return False

class HasReposGroupPermissionAllDecorator(PermsDecorator):

    """

    Checks for access permission for all given predicates for specific

    """

    def check_permissions(self):

        group_name = get_repos_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        return False

class HasReposGroupPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    """

    def check_permissions(self):

        group_name = get_repos_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        if self.required_perms.intersection(user_perms):

            return True

        return False