#we're global admin, we're ok and we can create TOP level groups

            allow_empty_group = True

        #override the choices for this form, we need to filter choices

        #and display only those we have ADMIN right

        groups_with_admin_rights = RepoGroupList(RepoGroup.query().all(),

                                                 perm_set=['group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=groups_with_admin_rights,

                                                 show_empty_group=allow_empty_group)

        # exclude filtered ids

        c.repo_groups = filter(lambda x: x[0] not in exclude_group_ids,

                               c.repo_groups)

        repo_model = RepoModel()

        c.users_array = repo_model.get_users_js()

        c.user_groups_array = repo_model.get_user_groups_js()

    def __load_data(self, group_id):

        """

        Load defaults settings for edit, and update

        :param group_id:

        """

        repo_group = RepoGroup.get_or_404(group_id)

        data = repo_group.get_dict()

        return render('admin/repo_groups/repo_groups.html')

    def create(self):

        """POST /repo_groups: Create a new item"""

        # url('repos_groups')

        self.__load_defaults()

        # permissions for can create group based on parent_id are checked

        # here in the Form

        repo_group_form = RepoGroupForm(available_groups=

        try:

            form_result = repo_group_form.to_python(dict(request.POST))

            RepoGroupModel().create(

                group_name=form_result['group_name'],

                group_description=form_result['group_description'],

                parent=form_result['group_parent_id'],

                owner=self.authuser.user_id,

                copy_permissions=form_result['group_copy_permissions']

            )

            Session().commit()

            h.flash(_('Created repository group %s') \

                    % form_result['group_name'], category='success')

        repo_obj = Repository.get_by_repo_name(repo_name)

        if repo_obj is None:

            h.not_mapped_error(repo_name)

            return redirect(url('repos'))

        return repo_obj

    def __load_defaults(self, repo=None):

        acl_groups = RepoGroupList(RepoGroup.query().all(),

                               perm_set=['group.write', 'group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)

        # in case someone no longer have a group.write access to a repository

        # pre fill the list with this entry, we don't care if this is the same

        # but it will allow saving repo data properly.

        repo_group = None

        if repo:

            repo_group = repo.group

            c.repo_groups.append(RepoGroup._generate_choice(repo_group))

        choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        c.landing_revs_choices = choices

    def __load_data(self, repo_name=None):

        """

        Load defaults settings for edit, and update

        :param repo_name:

        """

        c.repo_info = self._load_repo(repo_name)

            _gr = RepoGroup.get(parent_group)

            gr_name = _gr.group_name if _gr else None

            # create repositories with write permission on group is set to true

            create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()

            group_admin = HasRepoGroupPermissionAny('group.admin')(group_name=gr_name)

            group_write = HasRepoGroupPermissionAny('group.write')(group_name=gr_name)

            if not (group_admin or (group_write and create_on_write)):

                raise HTTPForbidden

        acl_groups = RepoGroupList(RepoGroup.query().all(),

                               perm_set=['group.write', 'group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)

        choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        ## apply the defaults from defaults page

        defaults = Setting.get_default_repo_settings(strip_prefix=True)

        if parent_group:

            defaults.update({'repo_group': parent_group})

        return htmlfill.render(

            render('admin/repos/repo_add.html'),

            defaults=defaults,

            errors={},

            prefix_error=False,

log = logging.getLogger(__name__)

class ForksController(BaseRepoController):

    def __before__(self):

        super(ForksController, self).__before__()

    def __load_defaults(self):

        acl_groups = RepoGroupList(RepoGroup.query().all(),

                               perm_set=['group.write', 'group.admin'])

        c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)

        choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        c.landing_revs_choices = choices

        c.can_update = Ui.get_by_key(Ui.HOOK_UPDATE).ui_active

    def __load_data(self, repo_name=None):

        """

        Load defaults settings for edit, and update

        :param repo_name:

        """

        self.__load_defaults()

    user = relationship('User')

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,

                                      self.group_name)

    @classmethod

    def _generate_choice(cls, repo_group):

        from webhelpers.html import literal

        if repo_group is None:

    @classmethod

    def groups_choices(cls, groups, show_empty_group=True):

        if show_empty_group:

            groups = list(groups)

            groups.append(None)

        choices = [cls._generate_choice(g) for g in groups]

        return sorted(choices, key=lambda c: c[1].split(cls.SEP))

    @classmethod

    def url_sep(cls):

        return URL_SEP

                         v.ValidRegex(msg=_('Name must not contain only digits'))(r'(?!^\d+$)^.+$'))

        group_description = v.UnicodeString(strip=True, min=1,

                                            not_empty=False)

        group_copy_permissions = v.StringBoolean(if_missing=False)

        if edit:

            #FIXME: do a special check that we cannot move a group to one of

            #its children

            pass

        group_parent_id = All(v.CanCreateGroup(can_create_in_root),

                              v.OneOf(available_groups, hideList=False,

                                      testValueList=True,

        enable_locking = v.StringBoolean(if_missing=False)

        chained_validators = [v.ValidRepoGroup(edit, old_data)]

    return _RepoGroupForm

def RegisterForm(edit=False, old_data={}):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(

            v.ValidUsername(edit, old_data),

        email = v.Email(not_empty=True)

    return _PasswordResetForm

def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

             repo_groups=[], landing_revs=[]):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(old_data),

        repo_type = v.OneOf(supported_backends, required=False,

                            if_missing=old_data.get('repo_type'))

        repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)

        repo_private = v.StringBoolean(if_missing=False)

        repo_landing_rev = v.OneOf(landing_revs, hideList=True)

        repo_copy_permissions = v.StringBoolean(if_missing=False)

        clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))

        repo_enable_statistics = v.StringBoolean(if_missing=False)

        repo_enable_downloads = v.StringBoolean(if_missing=False)

        repo_enable_locking = v.StringBoolean(if_missing=False)

    return _RepoFieldForm

def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

                 repo_groups=[], landing_revs=[]):

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(),

        repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))

        description = v.UnicodeString(strip=True, min=1, not_empty=True)

        private = v.StringBoolean(if_missing=False)

        copy_permissions = v.StringBoolean(if_missing=False)

        update_after_clone = v.StringBoolean(if_missing=False)

        fork_parent_id = v.UnicodeString()

        chained_validators = [v.ValidForkName(edit, old_data)]

        landing_rev = v.OneOf(landing_revs, hideList=True)

    return _RepoForkForm

        }

        def validate_python(self, value, state):

            # TODO WRITE VALIDATIONS

            group_name = value.get('group_name')

            group_parent_id = value.get('group_parent_id')

            # slugify repo group just in case :)

            slug = repo_name_slug(group_name)

            # check for parent of self

            parent_of_self = lambda: (

                if group_parent_id else False

            )

            if edit and parent_of_self():

                msg = M(self, 'group_parent_id', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(group_parent_id=msg)

                )

            old_gname = None

            if edit:

                old_gname = RepoGroup.get(old_data.get('group_id')).group_name

def CanWriteGroup(old_data=None):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'permission_denied': _(u"You don't have permissions "

                                   "to create repository in this group"),

            'permission_denied_root': _(u"no permission to create repository "

                                        "in root location")

        }

        def _to_python(self, value, state):

            #root location

                return None

            return value

        def validate_python(self, value, state):

            gr = RepoGroup.get(value)

            # create repositories with write permission on group is set to true

            create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()

            group_admin = HasRepoGroupPermissionAny('group.admin')(gr_name,

                                            'can write into group validator')

            group_write = HasRepoGroupPermissionAny('group.write')(gr_name,

                                            'can write into group validator')

            forbidden = not (group_admin or (group_write and create_on_write))

            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')

            gid = (old_data['repo_group'].get('group_id')

                   if (old_data and 'repo_group' in old_data) else None)

            new = not old_data

            # do check if we changed the value, there's a case that someone got

            # revoked write permissions to a repository, he still created, we

            # don't need to check permission if he didn't change the value of

            # groups in form box

            if value_changed or new:

                #parent group need to be existing

                if gr and forbidden:

                    msg = M(self, 'permission_denied', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(repo_type=msg)

                    )

    return _validator

def CanCreateGroup(can_create_in_root=False):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'permission_denied': _(u"You don't have permissions "

                                   "to create a group in this location")

        }

        def to_python(self, value, state):

            #root location

                return None

            return value

        def validate_python(self, value, state):

            gr = RepoGroup.get(value)

            if can_create_in_root and gr is None:

                #we can create in root, we're fine no validations required

                return

            forbidden_in_root = gr is None and not can_create_in_root

            val = HasRepoGroupPermissionAny('group.admin')

            forbidden = not val(gr_name, 'can create group validator')

            if forbidden_in_root or forbidden:

                msg = M(self, 'permission_denied', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(group_parent_id=msg)

                anon = User.get_default_user()

                anon.active = self._before

                Session().add(anon)

                Session().commit()

        return context()

    def _get_repo_create_params(self, **custom):

        defs = dict(

            repo_name=None,

            repo_type='hg',

            clone_uri='',

            repo_description='DESC',

            repo_private=False,

            repo_landing_rev='rev:tip',

            repo_copy_permissions=False,

            repo_state=Repository.STATE_CREATED,

        )

        defs.update(custom)

        if 'repo_name_full' not in custom:

            defs.update({'repo_name_full': defs['repo_name']})

        # fix the repo name if passed as repo_name_full

        if defs['repo_name']:

                          repo_name=repo_name), {'_authentication_token': self.authentication_token()}, status=403)

    def test_index_with_fork(self):

        self.log_user()

        # create a fork

        fork_name = self.REPO_FORK

        description = 'fork of vcs test'

        repo_name = self.REPO

        org_repo = Repository.get_by_repo_name(repo_name)

        creation_args = {

            'repo_name': fork_name,

            'fork_parent_id': org_repo.repo_id,

            'repo_type': self.REPO_TYPE,

            'description': description,

            'private': 'False',

            'landing_rev': 'rev:tip',

            '_authentication_token': self.authentication_token()}

        self.app.post(url(controller='forks', action='fork_create',

                          repo_name=repo_name), creation_args)

        response = self.app.get(url(controller='forks', action='forks',

                                    repo_name=repo_name))

        fixture.destroy_repo(fork_name_full)

        fixture.destroy_repo_group(group_id)

    def test_z_fork_create(self):

        self.log_user()

        fork_name = self.REPO_FORK

        description = 'fork of vcs test'

        repo_name = self.REPO

        org_repo = Repository.get_by_repo_name(repo_name)

        creation_args = {

            'repo_name': fork_name,

            'fork_parent_id': org_repo.repo_id,

            'repo_type': self.REPO_TYPE,

            'description': description,

            'private': 'False',

            'landing_rev': 'rev:tip',

            '_authentication_token': self.authentication_token()}

        self.app.post(url(controller='forks', action='fork_create',

                          repo_name=repo_name), creation_args)

        repo = Repository.get_by_repo_name(self.REPO_FORK)

        assert repo.fork.repo_name == self.REPO

        ## run the check page that triggers the flash message