self.username = None

                self.is_authenticated = False

        if not self.username:

            self.username = 'None'

        log.debug('Auth User is now %s' % self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    @property

    def repos_admin(self):

        """

        Returns list of repositories you're an admin of

        """

        return [x[0] for x in self.permissions['repositories'].iteritems()

                if x[1] == 'repository.admin']

    @property

    def groups_admin(self):

        """

        """

        return [x[0] for x in self.permissions['repositories_groups'].iteritems()

                if x[1] == 'group.admin']

    @property

    def ip_allowed(self):

        """

        Checks if ip_addr used in constructor is allowed from defined list of

        allowed ip_addresses for user

        :returns: boolean, True if ip is in allowed ip range

        """

        #check IP

        allowed_ips = AuthUser.get_allowed_ips(self.user_id, cache=True)

        if check_ip_access(source_ip=self.ip_addr, allowed_ips=allowed_ips):

            log.debug('IP:%s is in range of %s' % (self.ip_addr, allowed_ips))

            return True

        else:

            log.info('Access for IP:%s forbidden, '

                     'not in %s' % (self.ip_addr, allowed_ips))

            return False

    def __repr__(self):

        return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,

    # action : translated str, callback(extractor), icon

    action_map = {

    'user_deleted_repo':           (_('[deleted] repository'),

                                    None, 'database_delete.png'),

    'user_created_repo':           (_('[created] repository'),

                                    None, 'database_add.png'),

    'user_created_fork':           (_('[created] repository as fork'),

                                    None, 'arrow_divide.png'),

    'user_forked_repo':            (_('[forked] repository'),

                                    get_fork_name, 'arrow_divide.png'),

    'user_updated_repo':           (_('[updated] repository'),

                                    None, 'database_edit.png'),

    'admin_deleted_repo':          (_('[delete] repository'),

                                    None, 'database_delete.png'),

    'admin_created_repo':          (_('[created] repository'),

                                    None, 'database_add.png'),

    'admin_forked_repo':           (_('[forked] repository'),

                                    None, 'arrow_divide.png'),

    'admin_updated_repo':          (_('[updated] repository'),

                                    None, 'database_edit.png'),

    'admin_created_user':          (_('[created] user'),

                                    get_user_name, 'user_add.png'),

    'admin_updated_user':          (_('[updated] user'),

                                    get_user_name, 'user_edit.png'),

                                    get_users_group, 'group_add.png'),

                                    get_users_group, 'group_edit.png'),

    'user_commented_revision':     (_('[commented] on revision in repository'),

                                    get_cs_links, 'comment_add.png'),

    'user_commented_pull_request': (_('[commented] on pull request for'),

                                    get_pull_request, 'comment_add.png'),

    'user_closed_pull_request':    (_('[closed] pull request for'),

                                    get_pull_request, 'tick.png'),

    'push':                        (_('[pushed] into'),

                                    get_cs_links, 'script_add.png'),

    'push_local':                  (_('[committed via RhodeCode] into repository'),

                                    get_cs_links, 'script_edit.png'),

    'push_remote':                 (_('[pulled from remote] into repository'),

                                    get_cs_links, 'connect.png'),

    'pull':                        (_('[pulled] from'),

                                    None, 'down_16.png'),

    'started_following_repo':      (_('[started following] repository'),

                                    None, 'heart_add.png'),

    'stopped_following_repo':      (_('[stopped following] repository'),

                                    None, 'heart_delete.png'),

    }

    action_str = action_map.get(action, action)

    if feed:

        action = action_str[0].replace('[', '').replace(']', '')

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, user, repo))

    def revoke_user_permission(self, repo, user):

        """

        Revoke permission for user on given repository

        :param repo: Instance of Repository, repository_id, or repository name

        :param user: Instance of User, user_id or username

        """

        user = self._get_user(user)

        repo = self._get_repo(repo)

        obj = self.sa.query(UserRepoToPerm)\

            .filter(UserRepoToPerm.repository == repo)\

            .filter(UserRepoToPerm.user == user)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repo, user))

    def grant_users_group_permission(self, repo, group_name, perm):

        """

        existing one if found

        :param repo: Instance of Repository, repository_id, or repository name

        :param group_name: Instance of UserGroup, users_group_id,

        :param perm: Instance of Permission, or permission_name

        """

        repo = self._get_repo(repo)

        group_name = self.__get_users_group(group_name)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UsersGroupRepoToPerm)\

            .filter(UsersGroupRepoToPerm.users_group == group_name)\

            .filter(UsersGroupRepoToPerm.repository == repo)\

            .scalar()

        if obj is None:

            # create new

            obj = UsersGroupRepoToPerm()

        obj.repository = repo

        obj.users_group = group_name

        obj.permission = permission

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo))

    def revoke_users_group_permission(self, repo, group_name):

        """

        :param repo: Instance of Repository, repository_id, or repository name

        :param group_name: Instance of UserGroup, users_group_id,

        """

        repo = self._get_repo(repo)

        group_name = self.__get_users_group(group_name)

        obj = self.sa.query(UsersGroupRepoToPerm)\

            .filter(UsersGroupRepoToPerm.repository == repo)\

            .filter(UsersGroupRepoToPerm.users_group == group_name)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm to %s on %s' % (repo, group_name))

    def delete_stats(self, repo_name):

        """

        removes stats for given repo

        :param repo_name:

        """

        repo = self._get_repo(repo_name)

        try:

            obj = self.sa.query(Statistics)\

                    .filter(Statistics.repository == repo).scalar()

            if obj:

                self.sa.delete(obj)

                p = 'repository.none'

            elif perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # defaults for repository groups taken from default user permission

        # on given group

        for perm in default_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            user.permissions[GK][rg_k] = p

        #======================================================================

        # !! OVERRIDE GLOBALS !! with user permissions if any found

        #======================================================================

        # those can be configured from groups or users explicitly

        _configurable = set(['hg.fork.none', 'hg.fork.repository',

                             'hg.create.none', 'hg.create.repository'])

        # USER GROUPS comes first

        user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

            .options(joinedload(UsersGroupToPerm.permission))\

            .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .order_by(UsersGroupToPerm.users_group_id)\

            .all()

        #need to group here by groups since user can be in more than one group

        _grouped = [[x, list(y)] for x, y in

                    itertools.groupby(user_perms_from_users_groups,

                                      lambda x:x.users_group)]

        for gr, perms in _grouped:

            # since user can be in multiple groups iterate over them and

            # select the lowest permissions first (more explicit)

            ##TODO: do this^^

            if not gr.inherit_default_permissions:

                # NEED TO IGNORE all configurable permissions and

                # replace them with explicitly set

                user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                                .difference(_configurable)

            for perm in perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        # user specific global permissions

        user_perms = self.sa.query(UserToPerm)\

                .options(joinedload(UserToPerm.permission))\

                .filter(UserToPerm.user_id == uid).all()

        if not user.inherit_default_permissions:

            # NEED TO IGNORE all configurable permissions and

            # replace them with explicitly set

            user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                            .difference(_configurable)

            for perm in user_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        #======================================================================

        # !! PERMISSIONS FOR REPOSITORIES !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository and

        # fill in his permission from it. _choose_perm decides of which

        # permission should be selected based on selected method

        #======================================================================

        user_repo_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

            .join((Repository, UsersGroupRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UsersGroupRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .all()

        multiple_counter = collections.defaultdict(int)

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

            multiple_counter[r_k] += 1

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            if perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                if multiple_counter[r_k] > 1:

                    p = _choose_perm(p, cur_perm)

                   Permission.permission_id))\

            .filter(UserRepoToPerm.user_id == uid)\

            .all()

        for perm in user_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            cur_perm = user.permissions[RK][r_k]

            # set admin if owner

            if perm.Repository.user_id == uid:

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

                if not explicit:

                    p = _choose_perm(p, cur_perm)

            user.permissions[RK][r_k] = p

        #======================================================================

        # !! PERMISSIONS FOR REPOSITORY GROUPS !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository groups and

        # fill in his permission from it. _choose_perm decides of which

        # permission should be selected based on selected method

        #======================================================================

        user_repo_group_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UsersGroupRepoGroupToPerm.permission_id

                == Permission.permission_id))\

         .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id

                == UsersGroupMember.users_group_id))\

         .filter(UsersGroupMember.user_id == uid)\

         .all()

        multiple_counter = collections.defaultdict(int)

        for perm in user_repo_group_perms_from_users_groups:

            g_k = perm.UsersGroupRepoGroupToPerm.group.group_name

            multiple_counter[g_k] += 1

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][g_k]

            if multiple_counter[g_k] > 1:

                p = _choose_perm(p, cur_perm)

            user.permissions[GK][g_k] = p

        # user explicit permissions for repository groups

        user_repo_groups_perms = \

         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

def ValidRepoUser():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_username': _(u'Username %(username)s is not valid')

        }

        def validate_python(self, value, state):

            try:

                User.query().filter(User.active == True)\

                    .filter(User.username == value).one()

            except Exception:

                msg = M(self, 'invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(username=msg)

                )

    return _validator

def ValidUsersGroup(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'group_exist': _(u'Users group "%(usersgroup)s" already exists'),

            'invalid_usersgroup_name':

                  'characters underscores, periods or dashes and must begin '

                  'with alphanumeric character')

        }

        def validate_python(self, value, state):

            if value in ['default']:

                msg = M(self, 'invalid_group', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(users_group_name=msg)

                )

            #check if group is unique

            old_ugname = None

            if edit:

                old_id = old_data.get('users_group_id')

                old_ugname = UsersGroup.get(old_id).users_group_name

            if old_ugname != value or not edit:

                is_existing_group = UsersGroup.get_by_group_name(value,

                                                        case_insensitive=True)

                if is_existing_group:

                    msg = M(self, 'group_exist', state, usersgroup=value)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(users_group_name=msg)

                    )

                #we can create in root, we're fine no validations required

                return

            forbidden_in_root = gr is None and can_create_in_root is False

            val = HasReposGroupPermissionAny('group.admin')

            forbidden = not val(gr_name, 'can create group validator')

            if forbidden_in_root or forbidden:

                msg = M(self, 'permission_denied', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(group_parent_id=msg)

                )

    return _validator

def ValidPerms(type_='repo'):

    if type_ == 'group':

        EMPTY_PERM = 'group.none'

    elif type_ == 'repo':

        EMPTY_PERM = 'repository.none'

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'perm_new_member_name':

        }

        def to_python(self, value, state):

            perms_update = OrderedSet()

            perms_new = OrderedSet()

            # build a list of permission to update and new permission to create

            #CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using

            new_perms_group = defaultdict(dict)

            for k, v in value.copy().iteritems():

                if k.startswith('perm_new_member'):

                    del value[k]

                    _type, part = k.split('perm_new_member_')

                    args = part.split('_')

                    if len(args) == 1:

                        new_perms_group[args[0]]['perm'] = v

                    elif len(args) == 2:

                        _key, pos = args

                        new_perms_group[pos][_key] = v

            # fill new permissions in order of how they were added

            for k in sorted(map(int, new_perms_group.keys())):

                perm_dict = new_perms_group[str(k)]

                new_member = perm_dict.get('name')

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%def name="title()">

    ${_('Repository groups administration')} - ${c.rhodecode_name}

</%def>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))}

    »

</%def>

<%def name="page_nav()">

    ${self.menu('admin')}

</%def>

<%def name="main()">

<div class="box">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}

        <ul class="links">

          <li>

            %if h.HasPermissionAny('hg.admin')():

             <span>${h.link_to(_(u'Add group'),h.url('new_repos_group'))}</span>

            %endif

          </li>

        </ul>

    </div>

    <!-- end box / title -->

    <div class="table">

           % if c.groups:

            <table class="table_disp">

                <thead>

                    <tr>

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%def name="title()">

</%def>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))}

    »

    ${h.link_to(_('UsersGroups'),h.url('users_groups'))}

    »

    ${_('edit')} "${c.users_group.users_group_name}"

</%def>

<%def name="page_nav()">

    ${self.menu('admin')}

</%def>

<%def name="main()">

<div class="box box-left">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}

    </div>

    <!-- end box / title -->

    ${h.form(url('users_group', id=c.users_group.users_group_id),method='put', id='edit_users_group')}

    <div class="form">

        <!-- fields -->

    def test_api_get_users_groups(self):

        make_users_group('test_users_group2')

        id_, params = _build_data(self.apikey, 'get_users_groups',)

        response = api_call(self, params)

        expected = []

        for gr_name in [TEST_USERS_GROUP, 'test_users_group2']:

            users_group = UsersGroupModel().get_group(gr_name)

            ret = users_group.get_api_data()

            expected.append(ret)

        self._compare_ok(id_, expected, given=response.body)

        UsersGroupModel().delete(users_group='test_users_group2')

        Session().commit()

    def test_api_create_users_group(self):

        group_name = 'some_new_group'

        id_, params = _build_data(self.apikey, 'create_users_group',

                                  group_name=group_name)

        response = api_call(self, params)

        ret = {

            'users_group': jsonify(UsersGroupModel()\

                                   .get_by_name(group_name)\

                                   .get_api_data())

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        destroy_users_group(group_name)

    def test_api_get_users_group_that_exist(self):

        id_, params = _build_data(self.apikey, 'create_users_group',

                                  group_name=TEST_USERS_GROUP)

        response = api_call(self, params)

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(UsersGroupModel, 'create', crash)

    def test_api_get_users_group_exception_occurred(self):

        group_name = 'exception_happens'

        id_, params = _build_data(self.apikey, 'create_users_group',

                                  group_name=group_name)

        response = api_call(self, params)

        expected = 'failed to create group `%s`' % group_name

        self._compare_error(id_, expected, given=response.body)

    def test_api_add_user_to_users_group(self):

        gr_name = 'test_group'

        UsersGroupModel().create(gr_name)

        Session().commit()

        id_, params = _build_data(self.apikey, 'add_user_to_users_group',

                                  usersgroupid=gr_name,

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        expected = {

                                TEST_USER_ADMIN_LOGIN, gr_name

                            ),

                    'success': True}

        self._compare_ok(id_, expected, given=response.body)

        UsersGroupModel().delete(users_group=gr_name)

        Session().commit()

    def test_api_add_user_to_users_group_that_doesnt_exist(self):

        id_, params = _build_data(self.apikey, 'add_user_to_users_group',

                                  usersgroupid='false-group',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(UsersGroupModel, 'add_user_to_group', crash)

    def test_api_add_user_to_users_group_exception_occurred(self):

        gr_name = 'test_group'

        UsersGroupModel().create(gr_name)

        Session().commit()

        id_, params = _build_data(self.apikey, 'add_user_to_users_group',

                                  usersgroupid=gr_name,

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        self._compare_error(id_, expected, given=response.body)

        UsersGroupModel().delete(users_group=gr_name)

        Session().commit()

    def test_api_remove_user_from_users_group(self):

        gr_name = 'test_group_3'

        gr = UsersGroupModel().create(gr_name)

        UsersGroupModel().add_user_to_group(gr, user=TEST_USER_ADMIN_LOGIN)

        Session().commit()

        id_, params = _build_data(self.apikey, 'remove_user_from_users_group',

                                  usersgroupid=gr_name,

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        expected = {

                                TEST_USER_ADMIN_LOGIN, gr_name

                            ),

                    'success': True}

        self._compare_ok(id_, expected, given=response.body)

        UsersGroupModel().delete(users_group=gr_name)

        Session().commit()

    @mock.patch.object(UsersGroupModel, 'remove_user_from_group', crash)

    def test_api_remove_user_from_users_group_exception_occurred(self):

        gr_name = 'test_group_3'

        gr = UsersGroupModel().create(gr_name)

        UsersGroupModel().add_user_to_group(gr, user=TEST_USER_ADMIN_LOGIN)

        Session().commit()

        id_, params = _build_data(self.apikey, 'remove_user_from_users_group',

                                  usersgroupid=gr_name,

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        self._compare_error(id_, expected, given=response.body)

        UsersGroupModel().delete(users_group=gr_name)

        Session().commit()

    @parameterized.expand([('none', 'repository.none'),

                           ('read', 'repository.read'),

                           ('write', 'repository.write'),

                           ('admin', 'repository.admin')])

    def test_api_grant_user_permission(self, name, perm):

        id_, params = _build_data(self.apikey, 'grant_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  perm=perm)

        response = api_call(self, params)

        ret = {

                'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (

                    perm, TEST_USER_ADMIN_LOGIN, self.REPO

                ),

                'success': True

            }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'revoke_user_permission', crash)

    def test_api_revoke_user_permission_exception_when_adding(self):

        id_, params = _build_data(self.apikey, 'revoke_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN,)

        response = api_call(self, params)

        expected = 'failed to edit permission for user: `%s` in repo: `%s`' % (

                    TEST_USER_ADMIN_LOGIN, self.REPO

                )

        self._compare_error(id_, expected, given=response.body)

    @parameterized.expand([('none', 'repository.none'),

                           ('read', 'repository.read'),

                           ('write', 'repository.write'),

                           ('admin', 'repository.admin')])

    def test_api_grant_users_group_permission(self, name, perm):

        id_, params = _build_data(self.apikey, 'grant_users_group_permission',

                                  repoid=self.REPO,

                                  usersgroupid=TEST_USERS_GROUP,

                                  perm=perm)

        response = api_call(self, params)

        ret = {

                perm, TEST_USERS_GROUP, self.REPO

            ),

            'success': True

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_grant_users_group_permission_wrong_permission(self):

        perm = 'haha.no.permission'

        id_, params = _build_data(self.apikey, 'grant_users_group_permission',

                                  repoid=self.REPO,

                                  usersgroupid=TEST_USERS_GROUP,

                                  perm=perm)

        response = api_call(self, params)

        expected = 'permission `%s` does not exist' % perm

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'grant_users_group_permission', crash)

    def test_api_grant_users_group_permission_exception_when_adding(self):

        perm = 'repository.read'

        id_, params = _build_data(self.apikey, 'grant_users_group_permission',

                                  repoid=self.REPO,

                                  usersgroupid=TEST_USERS_GROUP,

                                  perm=perm)

        response = api_call(self, params)

                    TEST_USERS_GROUP, self.REPO

                )

        self._compare_error(id_, expected, given=response.body)

    def test_api_revoke_users_group_permission(self):

        RepoModel().grant_users_group_permission(repo=self.REPO,

                                                 group_name=TEST_USERS_GROUP,

                                                 perm='repository.read')

        Session().commit()

        id_, params = _build_data(self.apikey, 'revoke_users_group_permission',

                                  repoid=self.REPO,

                                  usersgroupid=TEST_USERS_GROUP,)

        response = api_call(self, params)

        expected = {

                TEST_USERS_GROUP, self.REPO

            ),

            'success': True

        }

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'revoke_users_group_permission', crash)

    def test_api_revoke_users_group_permission_exception_when_adding(self):

        id_, params = _build_data(self.apikey, 'revoke_users_group_permission',

                                  repoid=self.REPO,

                                  usersgroupid=TEST_USERS_GROUP,)

        response = api_call(self, params)

                    TEST_USERS_GROUP, self.REPO

                )

        self._compare_error(id_, expected, given=response.body)

from rhodecode.tests import *

from rhodecode.model.db import UsersGroup, UsersGroupToPerm, Permission

TEST_USERS_GROUP = 'admins_test'

class TestAdminUsersGroupsController(TestController):

    def test_index(self):

        response = self.app.get(url('users_groups'))

        # Test response...

    def test_index_as_xml(self):

        response = self.app.get(url('formatted_users_groups', format='xml'))

    def test_create(self):

        self.log_user()

        users_group_name = TEST_USERS_GROUP

        response = self.app.post(url('users_groups'),

                                 {'users_group_name': users_group_name,

                                  'active':True})

        response.follow()

        self.checkSessionFlash(response,

    def test_new(self):

        response = self.app.get(url('new_users_group'))

    def test_new_as_xml(self):

        response = self.app.get(url('formatted_new_users_group', format='xml'))

    def test_update(self):

        response = self.app.put(url('users_group', id=1))

    def test_update_browser_fakeout(self):

        response = self.app.post(url('users_group', id=1),

                                 params=dict(_method='put'))

    def test_delete(self):

        self.log_user()

        users_group_name = TEST_USERS_GROUP + 'another'

        response = self.app.post(url('users_groups'),

                                 {'users_group_name':users_group_name,

                                  'active':True})

        response.follow()

        self.checkSessionFlash(response,

        gr = self.Session.query(UsersGroup)\

                           .filter(UsersGroup.users_group_name ==

                                   users_group_name).one()

        response = self.app.delete(url('users_group', id=gr.users_group_id))

        gr = self.Session.query(UsersGroup)\

                           .filter(UsersGroup.users_group_name ==

                                   users_group_name).scalar()

        self.assertEqual(gr, None)

    def test_enable_repository_read_on_group(self):

        self.log_user()

        users_group_name = TEST_USERS_GROUP + 'another2'

        response = self.app.post(url('users_groups'),

                                 {'users_group_name': users_group_name,

                                  'active': True})

        response.follow()

        ug = UsersGroup.get_by_group_name(users_group_name)