from rhodecode.lib.utils2 import str2bool

            #TODO: in future action_logger(, '', '', '', self.sa)

            recursive = str2bool(request.POST.get('recursive', False))

            ReposGroupModel().delete_permission(

                repos_group=group_name, obj=request.POST['user_id'],

                obj_type='user', recursive=recursive

            recursive = str2bool(request.POST.get('recursive', False))

            ReposGroupModel().delete_permission(

                repos_group=group_name, obj=request.POST['users_group_id'],

                obj_type='users_group', recursive=recursive

        recursive = v.StringBoolean(if_missing=False)

        log.debug('Granted perm %s to %s on %s' % (perm, user, repo))

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repo, user))

        log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo))

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm to %s on %s' % (repo, group_name))

    User, Permission, UsersGroupRepoGroupToPerm, UsersGroup, Repository

    def __delete_group(self, group, force_delete=False):

        :param force_delete: use shutil rmtree to remove all objects

            if force_delete:

                shutil.rmtree(rm_path)

            else:

                os.rmdir(rm_path)  # this raises an exception when there are still objects inside

    def _update_permissions(self, repos_group, perms_new=None,

                            perms_updates=None, recursive=False):

        from rhodecode.model.repo import RepoModel

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                ReposGroupModel().grant_user_permission(

                    repos_group=obj, user=user, perm=perm

                )

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                ReposGroupModel().grant_users_group_permission(

                    repos_group=obj, group_name=users_group, perm=perm

                )

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_users_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        updates = []

        log.debug('Now updating permissions for %s in recursive mode:%s'

                  % (repos_group, recursive))

        for obj in repos_group.recursive_groups_and_repos():

            if not recursive:

                obj = repos_group

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for users group

                else:

                    _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            #if it's not recursive call

            # break the loop and don't proceed with other changes

            if not recursive:

                break

        return updates

            recursive = form_data['recursive']

            # iterate over all members(if in recursive mode) of this groups and

            # set the permissions !

            # this can be potentially heavy operation

            self._update_permissions(repos_group, form_data['perms_new'],

                                     form_data['perms_updates'], recursive)

    def delete(self, repos_group, force_delete=False):

            self.__delete_group(repos_group, force_delete)

    def delete_permission(self, repos_group, obj, obj_type, recursive):

        """

        Revokes permission for repos_group for given obj(user or users_group),

        obj_type can be user or users group

        :param repos_group:

        :param obj: user or users group id

        :param obj_type: user or users group type

        :param recursive: recurse to all children of group

        """

        from rhodecode.model.repo import RepoModel

        repos_group = self._get_repos_group(repos_group)

        for el in repos_group.recursive_groups_and_repos():

            if not recursive:

                # if we don't recurse set the permission on only the top level

                # object

                el = repos_group

            if isinstance(el, RepoGroup):

                if obj_type == 'user':

                    ReposGroupModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'users_group':

                    ReposGroupModel().revoke_users_group_permission(el, group_name=obj)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            elif isinstance(el, Repository):

                if obj_type == 'user':

                    RepoModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'users_group':

                    RepoModel().revoke_users_group_permission(el, group_name=obj)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            #if it's not recursive call

            # break the loop and don't proceed with other changes

            if not recursive:

                break

        log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repos_group, user))

        log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm to %s on %s' % (repos_group, group_name))

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

                new_member = perm_dict.get('name')

                new_perm = perm_dict.get('perm')

                new_type = perm_dict.get('type')

    <tr>

        <td colspan="6">

           ${h.checkbox('recursive',value="True", label=_('apply to parents'))}

           <span class="help-block">${_('Set or revoke permission to all children of that group, including repositories and other groups')}</span>

        </td>

    </tr>

    var recursive = YUD.get('recursive').checked;

    var postData = '_method=delete&recursive={0}&user_id={1}'.format(recursive,user_id);

    var recursive = YUD.get('recursive').checked;

    var postData = '_method=delete&recursive={0}&users_group_id={1}'.format(recursive,users_group_id);

import os

import unittest

import functools

from rhodecode.tests import *

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import RepoGroup, Repository, User

from rhodecode.model.user import UserModel

from rhodecode.lib.auth import AuthUser

from rhodecode.model.meta import Session

def _make_group(path, desc='desc', parent_id=None,

                 skip_if_exists=False):

    gr = RepoGroup.get_by_group_name(path)

    if gr and skip_if_exists:

        return gr

    if isinstance(parent_id, RepoGroup):

        parent_id = parent_id.group_id

    gr = ReposGroupModel().create(path, desc, parent_id)

    return gr

def _make_repo(name, repos_group=None, repo_type='hg'):

    return RepoModel().create_repo(name, repo_type, 'desc',

                                   TEST_USER_ADMIN_LOGIN,

                                   repos_group=repos_group)

def _destroy_project_tree(test_u1_id):

    Session.remove()

    repos_group = RepoGroup.get_by_group_name(group_name='g0')

    for el in reversed(repos_group.recursive_groups_and_repos()):

        if isinstance(el, Repository):

            RepoModel().delete(el)

        elif isinstance(el, RepoGroup):

            ReposGroupModel().delete(el, force_delete=True)

    u = User.get(test_u1_id)

    Session().delete(u)

    Session().commit()

def _create_project_tree():

    """

    Creates a tree of groups and repositories to test permissions

    structure

     [g0] - group `g0` with 3 subgroups

     |

     |__[g0_1] group g0_1 with 2 groups 0 repos

     |  |

     |  |__[g0_1_1] group g0_1_1 with 1 group 2 repos

     |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r1>

     |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r2>

     |  |__<g0/g0_1/g0_1_r1>

     |

     |__[g0_2] 2 repos

     |  |

     |  |__<g0/g0_2/g0_2_r1>

     |  |__<g0/g0_2/g0_2_r2>

     |

     |__[g0_3] 1 repo

        |

        |_<g0/g0_3/g0_3_r1>

    """

    test_u1 = UserModel().create_or_update(

        username=u'test_u1', password=u'qweqwe',

        email=u'test_u1@rhodecode.org', firstname=u'test_u1', lastname=u'test_u1'

    )

    g0 = _make_group('g0')

    g0_1 = _make_group('g0_1', parent_id=g0)

    g0_1_1 = _make_group('g0_1_1', parent_id=g0_1)

    g0_1_1_r1 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r1', repos_group=g0_1_1)

    g0_1_1_r2 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r2', repos_group=g0_1_1)

    g0_1_r1 = _make_repo('g0/g0_1/g0_1_r1', repos_group=g0_1)

    g0_2 = _make_group('g0_2', parent_id=g0)

    g0_2_r1 = _make_repo('g0/g0_2/g0_2_r1', repos_group=g0_2)

    g0_2_r2 = _make_repo('g0/g0_2/g0_2_r2', repos_group=g0_2)

    g0_3 = _make_group('g0_3', parent_id=g0)

    g0_3_r1 = _make_repo('g0/g0_3/g0_3_r1', repos_group=g0_3)

    return test_u1

def expected_count(group_name, objects=False):

    repos_group = RepoGroup.get_by_group_name(group_name=group_name)

    objs = repos_group.recursive_groups_and_repos()

    if objects:

        return objs

    return len(objs)

def _check_expected_count(items, repo_items, expected):

    should_be = len(items + repo_items)

    there_are = len(expected)

    assert  should_be == there_are, ('%s != %s' % ((items + repo_items), expected))

def check_tree_perms(obj_name, repo_perm, prefix, expected_perm):

    assert repo_perm == expected_perm, ('obj:`%s` got perm:`%s` should:`%s`'

                                    % (obj_name, repo_perm, expected_perm))

def _get_perms(filter_='', recursive=True, key=None, test_u1_id=None):

    test_u1 = AuthUser(user_id=test_u1_id)

    for k, v in test_u1.permissions[key].items():

        if recursive and k.startswith(filter_):

            yield k, v

        elif not recursive:

            if k == filter_:

                yield k, v

from rhodecode.tests.models.common import _make_group

from rhodecode.model.db import RepoGroup, User, Repository

    if isinstance(parent_id, RepoGroup):

        parent_id = parent_id.group_id

            enable_locking=False,

            recursive=False

                         enable_locking=False,

                         recursive=False)

import os

import unittest

import functools

from rhodecode.tests import *

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.db import RepoGroup, Repository, User

from rhodecode.model.meta import Session

from nose.tools import with_setup

from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \

    _get_perms, _check_expected_count, expected_count, _destroy_project_tree

from rhodecode.model.repo import RepoModel

test_u1_id = None

_get_repo_perms = None

_get_group_perms = None

def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):

    """

    Resets all permissions to perm attribute

    """

    repos_group = RepoGroup.get_by_group_name(group_name=group_name)

    if not repos_group:

        raise Exception('Cannot get group %s' % group_name)

    perms_updates = [[test_u1_id, perm, 'user']]

    ReposGroupModel()._update_permissions(repos_group,

                                          perms_updates=perms_updates,

                                          recursive=recursive)

    Session().commit()

def setup_module():

    global test_u1_id, _get_repo_perms, _get_group_perms

    test_u1 = _create_project_tree()

    Session().commit()

    test_u1_id = test_u1.user_id

    _get_repo_perms = functools.partial(_get_perms, key='repositories',

                                        test_u1_id=test_u1_id)

    _get_group_perms = functools.partial(_get_perms, key='repositories_groups',

                                         test_u1_id=test_u1_id)

def teardown_module():

    _destroy_project_tree(test_u1_id)

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_without_recursive_mode():

    # set permission to g0 non-recursive mode

    recursive = False

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    items = [x for x in _get_repo_perms(group, recursive)]

    expected = 0

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'repository.read'

    items = [x for x in _get_group_perms(group, recursive)]

    expected = 1

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_without_recursive_mode_subgroup():

    # set permission to g0 non-recursive mode

    recursive = False

    group = 'g0/g0_1'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    items = [x for x in _get_repo_perms(group, recursive)]

    expected = 0

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'repository.read'

    items = [x for x in _get_group_perms(group, recursive)]

    expected = 1

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode():

    # set permission to g0 recursive mode, all children including

    # other repos and groups should have this permission now set !

    recursive = True

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.write'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_inner_group():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_3'

    permissions_setup_func(group, 'group.none', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.none'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.none'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_deepest():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_1/g0_1_1'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.write'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_with_recursive_mode_only_with_repos():

    ## set permission to g0_3 group to none

    recursive = True

    group = 'g0/g0_2'

    permissions_setup_func(group, 'group.admin', recursive=recursive)

    repo_items = [x for x in _get_repo_perms(group, recursive)]

    items = [x for x in _get_group_perms(group, recursive)]

    _check_expected_count(items, repo_items, expected_count(group, True))

    for name, perm in repo_items:

        yield check_tree_perms, name, perm, group, 'repository.admin'

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.admin'

import os

import unittest

import functools

from rhodecode.tests import *

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.db import RepoGroup, Repository, User

from rhodecode.model.meta import Session

from nose.tools import with_setup

from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \

    _get_perms, _check_expected_count, expected_count, _destroy_project_tree

from rhodecode.model.users_group import UsersGroupModel

from rhodecode.model.repo import RepoModel

test_u2_id = None

test_u2_gr_id = None

_get_repo_perms = None

_get_group_perms = None

def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):

    """

    Resets all permissions to perm attribute

    """

    repos_group = RepoGroup.get_by_group_name(group_name=group_name)

    if not repos_group:

        raise Exception('Cannot get group %s' % group_name)

    perms_updates = [[test_u2_gr_id, perm, 'users_group']]

    ReposGroupModel()._update_permissions(repos_group,

                                          perms_updates=perms_updates,

                                          recursive=recursive)

    Session().commit()

def setup_module():

    global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms

    test_u2 = _create_project_tree()

    Session().commit()

    test_u2_id = test_u2.user_id

    gr1 = UsersGroupModel().create(name='perms_group_1')

    Session().commit()

    test_u2_gr_id = gr1.users_group_id

    UsersGroupModel().add_user_to_group(gr1, user=test_u2_id)

    Session().commit()

    _get_repo_perms = functools.partial(_get_perms, key='repositories',

                                        test_u1_id=test_u2_id)

    _get_group_perms = functools.partial(_get_perms, key='repositories_groups',

                                         test_u1_id=test_u2_id)

def teardown_module():

    _destroy_project_tree(test_u2_id)

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_without_recursive_mode():

    # set permission to g0 non-recursive mode

    recursive = False

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    items = [x for x in _get_repo_perms(group, recursive)]

    expected = 0

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'repository.read'

    items = [x for x in _get_group_perms(group, recursive)]

    expected = 1

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'group.write'

@with_setup(permissions_setup_func)

def test_user_permissions_on_group_without_recursive_mode_subgroup():

    # set permission to g0 non-recursive mode

    recursive = False

    group = 'g0/g0_1'

    permissions_setup_func(group, 'group.write', recursive=recursive)

    items = [x for x in _get_repo_perms(group, recursive)]

    expected = 0

    assert len(items) == expected, ' %s != %s' % (len(items), expected)

    for name, perm in items:

        yield check_tree_perms, name, perm, group, 'repository.read'