:license: GPLv3, see LICENSE.md for more details.

"""

import inspect

import logging

import types

import traceback

import time

import itertools

from paste.response import replace_header

from pylons.controllers import WSGIController

from pylons import request

from webob.exc import HTTPError

from kallithea.model.db import User

from kallithea.model import meta

from kallithea.lib.compat import json

from kallithea.lib.auth import AuthUser

from kallithea.lib.base import _get_ip_addr as _get_ip, _get_access_path

from kallithea.lib.utils2 import safe_unicode, safe_str

log = logging.getLogger('JSONRPC')

class JSONRPCError(BaseException):

    def __init__(self, message):

        self.message = message

        super(JSONRPCError, self).__init__()

    def __str__(self):

        return safe_str(self.message)

def jsonrpc_error(message, retid=None, code=None):

    """

    Generate a Response object with a JSON-RPC error body

    :param code:

    :param retid:

    :param message:

    """

    from pylons.controllers.util import Response

    return Response(

        body=json.dumps(dict(id=retid, result=None, error=message)),

        status=code,

        content_type='application/json'

    )

class JSONRPCController(WSGIController):

    """

     A WSGI-speaking JSON-RPC controller class

     See the specification:

     <http://json-rpc.org/wiki/specification>`.

     Valid controller return values should be json-serializable objects.

     Sub-classes should catch their exceptions and raise JSONRPCError

     if they want to pass meaningful errors to the client.

     """

    def _get_ip_addr(self, environ):

        return _get_ip(environ)

    def _get_method_args(self):

        """

        Return `self._rpc_args` to dispatched controller method

        chosen by __call__

        """

        return self._rpc_args

    def __call__(self, environ, start_response):

        """

        Parse the request body as JSON, look up the method on the

        controller and if it exists, dispatch to it.

        """

        try:

            return self._handle_request(environ, start_response)

        finally:

            meta.Session.remove()

    def _handle_request(self, environ, start_response):

        start = time.time()

        ip_addr = self.ip_addr = self._get_ip_addr(environ)

        self._req_id = None

        if 'CONTENT_LENGTH' not in environ:

            log.debug("No Content-Length")

            return jsonrpc_error(retid=self._req_id,

                                 message="No Content-Length in request")

        else:

            length = environ['CONTENT_LENGTH'] or 0

            length = int(environ['CONTENT_LENGTH'])

            log.debug('Content-Length: %s', length)

        if length == 0:

            return jsonrpc_error(retid=self._req_id,

                                 message="Content-Length is 0")

        raw_body = environ['wsgi.input'].read(length)

        try:

            json_body = json.loads(raw_body)

        except ValueError as e:

            # catch JSON errors Here

            return jsonrpc_error(retid=self._req_id,

                                 message="JSON parse error ERR:%s RAW:%r"

                                 % (e, raw_body))

        # check AUTH based on API key

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

            if not isinstance(self._request_params, dict):

                self._request_params = {}

            log.debug(

                'method: %s, params: %s', self._req_method,

                                            self._request_params

            )

        except KeyError as e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

                                     message='Invalid API key')

            auth_u = AuthUser(dbuser=u)

            if not AuthUser.check_ip_allowed(auth_u, ip_addr):

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr,))

            else:

                log.info('Access for IP:%s allowed', ip_addr)

        except Exception as e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Invalid API key')

        self._error = None

        try:

            self._func = self._find_method()

        except AttributeError as e:

            return jsonrpc_error(retid=self._req_id,

                                 message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        defaults = map(type, argspec[3] or [])

        default_empty = types.NotImplementedType

        # kw arguments required by this method

        func_kwargs = dict(itertools.izip_longest(reversed(arglist), reversed(defaults),

                                                  fillvalue=default_empty))

        # this is little trick to inject logged in user for

        # perms decorators to work they expect the controller class to have

        # authuser attribute set

        self.authuser = request.user = auth_u

        # This attribute will need to be first param of a method that uses

        # api_key, which is translated to instance of user at that name

        USER_SESSION_ATTR = 'apiuser'

        # get our arglist and check if we provided them as args

        for arg, default in func_kwargs.iteritems():

            if arg == USER_SESSION_ATTR:

                # USER_SESSION_ATTR is something translated from API key and

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if default == default_empty and arg not in self._request_params:

                return jsonrpc_error(

                    retid=self._req_id,

                    message=(

                        'Missing non optional `%s` arg in JSON DATA' % arg

                    )

                )

        self._rpc_args = {}

        self._rpc_args.update(self._request_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        self._rpc_args['start_response'] = start_response

        status = []

        headers = []

        exc_info = []

        def change_content(new_status, new_headers, new_exc_info=None):

            status.append(new_status)

            headers.extend(new_headers)

            exc_info.append(new_exc_info)

        output = WSGIController.__call__(self, environ, change_content)

        output = list(output) # expand iterator - just to ensure exact timing

        replace_header(headers, 'Content-Type', 'application/json')

        start_response(status[0], headers, exc_info[0])

        log.info('IP: %s Request to %s time: %.3fs' % (

            self._get_ip_addr(environ),

            safe_unicode(_get_access_path(environ)), time.time() - start)

        )

        return output

    def _dispatch_call(self):

        """

        Implement dispatch interface specified by WSGIController

        """

        raw_response = ''

        try:

            raw_response = self._inspect_call(self._func)

            if isinstance(raw_response, HTTPError):

                self._error = str(raw_response)

        except JSONRPCError as e:

            self._error = safe_str(e)

        except Exception as e:

            log.error('Encountered unhandled exception: %s',

                      traceback.format_exc(),)

            json_exc = JSONRPCError('Internal server error')

            self._error = safe_str(json_exc)

        if self._error is not None:

            raw_response = None

        response = dict(id=self._req_id, result=raw_response, error=self._error)

        try:

            return json.dumps(response)

        except TypeError as e:

            log.error('API FAILED. Error encoding response: %s', e)

            return json.dumps(

                dict(

                    id=self._req_id,

                    result=None,

                    error="Error encoding response"

                )

            )

    def _find_method(self):

        """

        Return method named by `self._req_method` in controller if able

        """

        log.debug('Trying to find JSON-RPC method: %s', self._req_method)

        if self._req_method.startswith('_'):

            raise AttributeError("Method not allowed")

        try:

            func = getattr(self, self._req_method, None)

        except UnicodeEncodeError:

            raise AttributeError("Problem decoding unicode in requested "

                                 "method name.")

        if isinstance(func, types.MethodType):

            return func

        else:

            raise AttributeError("No such method: %s" % (self._req_method,))

                    % (','.join(['files', 'dirs', 'all'])))

        self._compare_error(id_, expected, given=response.body)

    @parametrize('name,ret_type,grant_perm', [

        ('all', 'all', 'repository.write'),

        ('dirs', 'dirs', 'repository.admin'),

        ('files', 'files', 'repository.read'),

    ])

    def test_api_get_repo_nodes_by_regular_user(self, name, ret_type, grant_perm):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm=grant_perm)

        Session().commit()

        rev = 'tip'

        path = '/'

        id_, params = _build_data(self.apikey_regular, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path,

                                  ret_type=ret_type)

        response = api_call(self, params)

        # we don't the actual return types here since it's tested somewhere

        # else

        expected = response.json['result']

        try:

            self._compare_ok(id_, expected, given=response.body)

        finally:

            RepoModel().revoke_user_permission(self.REPO, self.TEST_USER_LOGIN)

    def test_api_create_repo(self):

        repo_name = u'api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo != None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_and_repo_group(self):

        repo_name = u'my_gr/api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        print params

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo != None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

        fixture.destroy_repo_group(u'my_gr')

    def test_api_create_repo_in_repo_group_without_permission(self):

        repo_group_name = u'%s/api-repo-repo' % TEST_REPO_GROUP

        repo_name = u'%s/api-repo' % repo_group_name

        rg = fixture.create_repo_group(repo_group_name)

        Session().commit()

        RepoGroupModel().grant_user_permission(repo_group_name,

                                               self.TEST_USER_LOGIN,

                                               'group.none')

        Session().commit()

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        # Current result when API access control is different from Web:

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

        # Expected and arguably more correct result:

        #expected = 'failed to create repository `%s`' % repo_name

        #self._compare_error(id_, expected, given=response.body)

        fixture.destroy_repo_group(repo_group_name)

    def test_api_create_repo_unknown_owner(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=owner,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        expected = 'user `%s` does not exist' % owner

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_repo_dont_specify_owner(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo != None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo != None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin_specify_owner(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

                                  owner=owner)

        response = api_call(self, params)

        expected = 'Only Kallithea admin can specify `owner` param'

        self._compare_error(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_exists(self):

        repo_name = self.REPO

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        expected = "repo `%s` already exist" % repo_name

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'create', crash)

    def test_api_create_repo_exception_occurred(self):

        repo_name = u'api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        expected = 'failed to create repository `%s`' % repo_name

        self._compare_error(id_, expected, given=response.body)

    @parametrize('changing_attr,updates', [

        ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),

        ('description', {'description': u'new description'}),

        ('clone_uri', {'clone_uri': 'http://example.com/repo'}),

        ('clone_uri', {'clone_uri': None}),

        ('landing_rev', {'landing_rev': 'branch:master'}),

        ('enable_statistics', {'enable_statistics': True}),

        ('enable_locking', {'enable_locking': True}),

        ('enable_downloads', {'enable_downloads': True}),

        ('name', {'name': u'new_repo_name'}),

        ('repo_group', {'group': u'test_group_for_update'}),

    ])

    def test_api_update_repo(self, changing_attr, updates):

        repo_name = u'api_update_me'

        repo = fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        if changing_attr == 'repo_group':

            fixture.create_repo_group(updates['group'])

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        if changing_attr == 'name':

            repo_name = updates['name']

        if changing_attr == 'repo_group':

            repo_name = u'/'.join([updates['group'], repo_name])

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            if changing_attr == 'repo_group':

                fixture.destroy_repo_group(updates['group'])

    @parametrize('changing_attr,updates', [

        ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),

        ('description', {'description': u'new description'}),

        ('clone_uri', {'clone_uri': 'http://example.com/repo'}),

        ('clone_uri', {'clone_uri': None}),

        ('landing_rev', {'landing_rev': 'branch:master'}),

        ('enable_statistics', {'enable_statistics': True}),

        ('enable_locking', {'enable_locking': True}),

        ('enable_downloads', {'enable_downloads': True}),

        ('name', {'name': u'new_repo_name'}),

        ('repo_group', {'group': u'test_group_for_update'}),

    ])

    def test_api_update_group_repo(self, changing_attr, updates):

        group_name = u'lololo'

        fixture.create_repo_group(group_name)

        repo_name = u'%s/api_update_me' % group_name

        repo = fixture.create_repo(repo_name, repo_group=group_name, repo_type=self.REPO_TYPE)

        if changing_attr == 'repo_group':

            fixture.create_repo_group(updates['group'])

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        if changing_attr == 'name':

            repo_name = u'%s/%s' % (group_name, updates['name'])

        if changing_attr == 'repo_group':

            repo_name = u'/'.join([updates['group'], repo_name.rsplit('/', 1)[-1]])

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            if changing_attr == 'repo_group':

                fixture.destroy_repo_group(updates['group'])

        fixture.destroy_repo_group(group_name)

    def test_api_update_repo_repo_group_does_not_exist(self):

        repo_name = u'admin_owned'

        fixture.create_repo(repo_name)

        updates = {'group': 'test_group_for_update'}

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'repository group `%s` does not exist' % updates['group']

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_update_repo_regular_user_not_allowed(self):

        repo_name = u'admin_owned'

        fixture.create_repo(repo_name)

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'repository `%s` does not exist' % repo_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    @mock.patch.object(RepoModel, 'update', crash)

    def test_api_update_repo_exception_occurred(self):

        repo_name = u'api_update_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, owner=TEST_USER_ADMIN_LOGIN,)

        response = api_call(self, params)

        try:

            expected = 'failed to update repo `%s`' % repo_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_update_repo_regular_user_change_repo_name(self):

        repo_name = u'admin_owned'

        new_repo_name = u'new_repo_name'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        RepoModel().grant_user_permission(repo=repo_name,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.admin')

        UserModel().revoke_perm('default', 'hg.create.repository')

        UserModel().grant_perm('default', 'hg.create.none')

        updates = {'name': new_repo_name}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'no permission to create (or move) repositories'

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            fixture.destroy_repo(new_repo_name)

    def test_api_update_repo_regular_user_change_repo_name_allowed(self):

        repo_name = u'admin_owned'

        new_repo_name = u'new_repo_name'

        repo = fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        RepoModel().grant_user_permission(repo=repo_name,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.admin')

        UserModel().revoke_perm('default', 'hg.create.none')

        UserModel().grant_perm('default', 'hg.create.repository')

        updates = {'name': new_repo_name}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, new_repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            fixture.destroy_repo(new_repo_name)

    def test_api_update_repo_regular_user_change_owner(self):

        repo_name = u'admin_owned'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        RepoModel().grant_user_permission(repo=repo_name,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.admin')

        updates = {'owner': TEST_USER_ADMIN_LOGIN}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'Only Kallithea admin can specify `owner` param'

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo(self):

        repo_name = u'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        id_, params = _build_data(self.apikey, 'delete_repo',

                                  repoid=repo_name, )

        response = api_call(self, params)

        ret = {

            'msg': 'Deleted repository `%s`' % repo_name,

            'success': True

        }

        try:

            expected = ret

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo_by_non_admin(self):

        repo_name = u'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE,

                            cur_user=self.TEST_USER_LOGIN)

        id_, params = _build_data(self.apikey_regular, 'delete_repo',

                                  repoid=repo_name, )

        response = api_call(self, params)

        ret = {

            'msg': 'Deleted repository `%s`' % repo_name,

            'success': True

        }

        try:

            expected = ret

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo_by_non_admin_no_permission(self):

        repo_name = u'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        try:

            id_, params = _build_data(self.apikey_regular, 'delete_repo',

                                      repoid=repo_name, )

            response = api_call(self, params)

            expected = 'repository `%s` does not exist' % (repo_name)

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo_exception_occurred(self):

        repo_name = u'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        try:

            with mock.patch.object(RepoModel, 'delete', crash):

                id_, params = _build_data(self.apikey, 'delete_repo',

                                          repoid=repo_name, )

                response = api_call(self, params)

                expected = 'failed to delete repository `%s`' % repo_name

                self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_fork_repo(self):

        fork_name = u'api-repo-fork'

        id_, params = _build_data(self.apikey, 'fork_repo',

                                  repoid=self.REPO,

                                  fork_name=fork_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

        )

        response = api_call(self, params)

        ret = {

            'msg': 'Created fork of `%s` as `%s`' % (self.REPO,

                                                     fork_name),

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(fork_name)

    @parametrize('fork_name', [

        u'api-repo-fork',

        u'%s/api-repo-fork' % TEST_REPO_GROUP,

    ])

    def test_api_fork_repo_non_admin(self, fork_name):

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                  repoid=self.REPO,

                                  fork_name=fork_name,

        )

        response = api_call(self, params)

        ret = {

            'msg': 'Created fork of `%s` as `%s`' % (self.REPO,

                                                     fork_name),

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(fork_name)

    def test_api_fork_repo_non_admin_specify_owner(self):

        fork_name = u'api-repo-fork'

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                  repoid=self.REPO,

                                  fork_name=fork_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

        )

        response = api_call(self, params)

        expected = 'Only Kallithea admin can specify `owner` param'

        expected = 'failed to fork repository `%s` as `%s`' % (self.REPO,

                                                               fork_name)

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_user_group(self):

        id_, params = _build_data(self.apikey, 'get_user_group',

                                  usergroupid=TEST_USER_GROUP)

        response = api_call(self, params)

        user_group = UserGroupModel().get_group(TEST_USER_GROUP)

        members = []

        for user in user_group.members:

            user = user.user

            members.append(user.get_api_data())

        ret = user_group.get_api_data()

        ret['members'] = members

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user_groups(self):

        gr_name = u'test_user_group2'

        make_user_group(gr_name)

        try:

            id_, params = _build_data(self.apikey, 'get_user_groups', )

            response = api_call(self, params)

            expected = []

            for gr_name in [TEST_USER_GROUP, u'test_user_group2']:

                user_group = UserGroupModel().get_group(gr_name)

                ret = user_group.get_api_data()

                expected.append(ret)

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    def test_api_create_user_group(self):

        group_name = u'some_new_group'

        id_, params = _build_data(self.apikey, 'create_user_group',

                                  group_name=group_name)

        response = api_call(self, params)

        ret = {

            'msg': 'created new user group `%s`' % group_name,

            'user_group': jsonify(UserGroupModel() \

                .get_by_name(group_name) \

                .get_api_data())

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_user_group(group_name)

    def test_api_get_user_group_that_exist(self):

        id_, params = _build_data(self.apikey, 'create_user_group',

                                  group_name=TEST_USER_GROUP)

        response = api_call(self, params)

        expected = "user group `%s` already exist" % TEST_USER_GROUP

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(UserGroupModel, 'create', crash)

    def test_api_get_user_group_exception_occurred(self):

        group_name = u'exception_happens'

        id_, params = _build_data(self.apikey, 'create_user_group',

                                  group_name=group_name)

        response = api_call(self, params)

        expected = 'failed to create group `%s`' % group_name

        self._compare_error(id_, expected, given=response.body)

    @parametrize('changing_attr,updates', [

        ('group_name', {'group_name': u'new_group_name'}),

        ('group_name', {'group_name': u'test_group_for_update'}),

        ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),

        ('active', {'active': False}),

        ('active', {'active': True}),

    ])

    def test_api_update_user_group(self, changing_attr, updates):

        gr_name = u'test_group_for_update'

        user_group = fixture.create_user_group(gr_name)

        try:

            id_, params = _build_data(self.apikey, 'update_user_group',

                                      usergroupid=gr_name, **updates)

            response = api_call(self, params)

            expected = {

               'msg': 'updated user group ID:%s %s' % (user_group.users_group_id,

                                                     user_group.users_group_name),

               'user_group': user_group.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            if changing_attr == 'group_name':

                # switch to updated name for proper cleanup

                gr_name = updates['group_name']

            fixture.destroy_user_group(gr_name)

    @mock.patch.object(UserGroupModel, 'update', crash)

    def test_api_update_user_group_exception_occurred(self):

        gr_name = u'test_group'

        fixture.create_user_group(gr_name)

        try:

            id_, params = _build_data(self.apikey, 'update_user_group',

                                      usergroupid=gr_name)

            response = api_call(self, params)

            expected = 'failed to update user group `%s`' % gr_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    def test_api_add_user_to_user_group(self):

        gr_name = u'test_group'

        fixture.create_user_group(gr_name)

        try: