function=check_repo))

        m.connect('repo_as_fork', "/repo_as_fork/{repo_name:.*}",

                  action="repo_as_fork", conditions=dict(method=["PUT"],

                                                      function=check_repo))

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/repos_groups') as m:

        m.connect("repos_groups", "/repos_groups",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("repos_groups", "/repos_groups",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("formatted_repos_groups", "/repos_groups.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_repos_group", "/repos_groups/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("formatted_new_repos_group", "/repos_groups/new.{format}",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_repos_group", "/repos_groups/{id}",

                  action="update", conditions=dict(method=["PUT"],

                                                   function=check_int))

        m.connect("delete_repos_group", "/repos_groups/{id}",

                  action="delete", conditions=dict(method=["DELETE"],

                                                   function=check_int))

        m.connect("edit_repos_group", "/repos_groups/{id}/edit",

        m.connect("formatted_edit_repos_group",

                  "/repos_groups/{id}.{format}/edit",

                  action="edit", conditions=dict(method=["GET"],

                                                 function=check_int))

        m.connect("repos_group", "/repos_groups/{id}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_int))

        m.connect("formatted_repos_group", "/repos_groups/{id}.{format}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_int))

        # ajax delete repos group perm user

        m.connect('delete_repos_group_user_perm',

                  "/delete_repos_group_user_perm/{group_name:.*}",

             action="delete_repos_group_user_perm",

             conditions=dict(method=["DELETE"], function=check_group))

        # ajax delete repos group perm users_group

        m.connect('delete_repos_group_users_group_perm',

                  "/delete_repos_group_users_group_perm/{group_name:.*}",

                  action="delete_repos_group_users_group_perm",

                  conditions=dict(method=["DELETE"], function=check_group))

    #ADMIN USER REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

        # url('repos_group', id=ID)

        c.group = RepoGroup.get_or_404(id)

        c.group_repos = c.group.repositories.all()

        #overwrite our cached list with current filter

        gr_filter = c.group_repos

        c.cached_repo_list = self.scm_model.get_repos(all_repos=gr_filter)

        c.repos_list = c.cached_repo_list

        c.repo_cnt = 0

        c.groups = self.sa.query(RepoGroup).order_by(RepoGroup.group_name)\

            .filter(RepoGroup.group_parent_id == id).all()

        return render('admin/repos_groups/repos_groups.html')

    @HasPermissionAnyDecorator('hg.admin')

    def edit(self, id, format='html'):

        """GET /repos_groups/id/edit: Form to edit an existing item"""

        # url('edit_repos_group', id=ID)

        # we need to exclude this group from the group list for editing

        return htmlfill.render(

            render('admin/repos_groups/repos_groups_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

from rhodecode.lib.vcs.backends import get_backend

from rhodecode.lib.compat import json

from rhodecode.lib.utils2 import LazyProperty, safe_str, safe_unicode

from rhodecode.lib.caching_query import FromCache

from rhodecode.lib.hooks import log_create_repository

from rhodecode.model import BaseModel

from rhodecode.model.db import Repository, UserRepoToPerm, User, Permission, \

    Statistics, UsersGroup, UsersGroupRepoToPerm, RhodeCodeUi, RepoGroup

from rhodecode.lib import helpers as h

log = logging.getLogger(__name__)

class RepoModel(BaseModel):

    cls = Repository

    URL_SEPARATOR = Repository.url_sep()

    def __get_users_group(self, users_group):

        return self._get_instance(UsersGroup, users_group,

                                  callback=UsersGroup.get_by_group_name)

        return self._get_instance(RepoGroup, repos_group,

                                  callback=RepoGroup.get_by_group_name)

    @LazyProperty

    def repos_path(self):

        """

        Get's the repositories root path from database

        """

        q = self.sa.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key == '/').one()

        return q.ui_value

    def get(self, repo_id, cache=False):

        repo = self.sa.query(Repository)\

            .filter(Repository.repo_id == repo_id)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_id))

        return repo.scalar()

    def get_repo(self, repository):

        return self._get_repo(repository)

                    setattr(cur_repo, k, v)

            new_name = cur_repo.get_new_name(form_data['repo_name'])

            cur_repo.repo_name = new_name

            self.sa.add(cur_repo)

            if repo_name != new_name:

                # rename repository

                self.__rename_repo(old=repo_name, new=new_name)

            return cur_repo

        except:

            log.error(traceback.format_exc())

            raise

    def create_repo(self, repo_name, repo_type, description, owner,

                    private=False, clone_uri=None, repos_group=None,

                    landing_rev='tip', just_db=False, fork_of=None,

                    copy_fork_permissions=False):

        from rhodecode.model.scm import ScmModel

        owner = self._get_user(owner)

        fork_of = self._get_repo(fork_of)

        try:

            # repo name is just a name of repository

            # while repo_name_full is a full qualified name that is combined

            # with name and path of group

            repo_name_full = repo_name

            repo_name = repo_name.split(self.URL_SEPARATOR)[-1]

            new_repo = Repository()

            new_repo.enable_statistics = False

            new_repo.repo_name = repo_name_full

            new_repo.repo_type = repo_type

            new_repo.user = owner

            new_repo.group = repos_group

            new_repo.description = description or repo_name

            new_repo.private = private

            new_repo.clone_uri = clone_uri

            new_repo.landing_rev = landing_rev

            if fork_of:

                parent_repo = fork_of

                new_repo.fork = parent_repo

            self.sa.add(new_repo)

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

import shutil

from rhodecode.lib.utils2 import LazyProperty

from rhodecode.model import BaseModel

from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \

    User, Permission, UsersGroupRepoGroupToPerm, UsersGroup

log = logging.getLogger(__name__)

class ReposGroupModel(BaseModel):

    cls = RepoGroup

    def __get_users_group(self, users_group):

        return self._get_instance(UsersGroup, users_group,

                                  callback=UsersGroup.get_by_group_name)

        return self._get_instance(RepoGroup, repos_group,

                                  callback=RepoGroup.get_by_group_name)

    @LazyProperty

    def repos_path(self):

        """

        Get's the repositories root path from database

        """

        q = RhodeCodeUi.get_by_key('/').one()

        return q.ui_value

    def _create_default_perms(self, new_group):

        # create default permission

        repo_group_to_perm = UserRepoGroupToPerm()

        default_perm = 'group.read'

        for p in User.get_by_username('default').user_perms:

            if p.permission.permission_name.startswith('group.'):

                default_perm = p.permission.permission_name

                break

        repo_group_to_perm.permission_id = self.sa.query(Permission)\

                .filter(Permission.permission_name == default_perm)\

                .one().permission_id

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already '

                            'existing dir %s' % new_path)

        shutil.move(old_path, new_path)

    def __delete_group(self, group):

        """

        Deletes a group from a filesystem

        :param group: instance of group from database

        """

        paths = group.full_path.split(RepoGroup.url_sep())

        paths = os.sep.join(paths)

        rm_path = os.path.join(self.repos_path, paths)

        if os.path.isdir(rm_path):

            # delete only if that path really exists

            os.rmdir(rm_path)

    def create(self, group_name, group_description, parent=None, just_db=False):

        try:

            new_repos_group = RepoGroup()

            new_repos_group.group_description = group_description

            new_repos_group.group_name = new_repos_group.get_new_name(group_name)

            self.sa.add(new_repos_group)

            self._create_default_perms(new_repos_group)

            if not just_db:

                # we need to flush here, in order to check if database won't

                # throw any exceptions, create filesystem dirs at the very end

                self.sa.flush()

                self.__create_group(new_repos_group.group_name)

            return new_repos_group

        except:

            log.error(traceback.format_exc())

            raise

    def update(self, repos_group_id, form_data):

        try:

            repos_group = RepoGroup.get(repos_group_id)

            # update permissions

            for member, perm, member_type in form_data['perms_updates']:

                if member_type == 'user':

            # change properties

            repos_group.group_description = form_data['group_description']

            repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])

            repos_group.group_parent_id = form_data['group_parent_id']

            repos_group.group_name = repos_group.get_new_name(form_data['group_name'])

            new_path = repos_group.full_path

            self.sa.add(repos_group)

            # we need to get all repositories from this new group and

            # rename them accordingly to new group path

            for r in repos_group.repositories:

                r.repo_name = r.get_new_name(r.just_name)

                self.sa.add(r)

            self.__rename_group(old_path, new_path)

            return repos_group

        except:

            log.error(traceback.format_exc())

            raise

    def delete(self, repos_group):

        try:

            self.sa.delete(repos_group)

            self.__delete_group(repos_group)

        except:

            log.exception('Error removing repos_group %s' % repos_group)

            raise

    def grant_user_permission(self, repos_group, user, perm):

        """

        Grant permission for user on given repositories group, or update

        existing one if found

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        :param perm: Instance of Permission, or permission_name

        """

        user = self._get_user(user)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UserRepoGroupToPerm)\

            .filter(UserRepoGroupToPerm.user == user)\

            .filter(UserRepoGroupToPerm.group == repos_group)\

            .scalar()

        if obj is None:

            # create new !

            obj = UserRepoGroupToPerm()

        obj.group = repos_group

        obj.user = user

        obj.permission = permission

        self.sa.add(obj)

    def revoke_user_permission(self, repos_group, user):

        """

        Revoke permission for user on given repositories group

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        """

        user = self._get_user(user)

        obj = self.sa.query(UserRepoGroupToPerm)\

            .filter(UserRepoGroupToPerm.user == user)\

            .filter(UserRepoGroupToPerm.group == repos_group)\

            .one()

        self.sa.delete(obj)

    def grant_users_group_permission(self, repos_group, group_name, perm):

        """

        Grant permission for users group on given repositories group, or update

        existing one if found

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or users group name

        :param perm: Instance of Permission, or permission_name

        """

        group_name = self.__get_users_group(group_name)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UsersGroupRepoGroupToPerm)\

            .filter(UsersGroupRepoGroupToPerm.group == repos_group)\

            .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\

            .scalar()

        if obj is None:

            # create new

            obj = UsersGroupRepoGroupToPerm()

        obj.group = repos_group

        obj.users_group = group_name

        obj.permission = permission

        self.sa.add(obj)

    def revoke_users_group_permission(self, repos_group, group_name):

        """

        Revoke permission for users group on given repositories group

        :param repos_group: Instance of ReposGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or users group name

        """

        group_name = self.__get_users_group(group_name)

        obj = self.sa.query(UsersGroupRepoGroupToPerm)\

            .filter(UsersGroupRepoGroupToPerm.group == repos_group)\

            .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\

            .one()

        self.sa.delete(obj)

                </div>

                <div class="checkboxes">

                    ${h.checkbox('create_repo_perm',value=True)}

                </div>

             </div>

            <div class="buttons">

              ${h.submit('save',_('Save'),class_="ui-btn large")}

              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

            </div>

        </div>

    </div>

    ${h.end_form()}

    ## permissions overview

    <div id="perms" class="table">

           %for section in sorted(c.perm_user.permissions.keys()):

              <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>

              <div id='tbl_list_wrap_${section}' class="yui-skin-sam">

               <table id="tbl_list_${section}">

                <thead>

                    <tr>

                    <th class="left">${_('Name')}</th>

                    <th class="left">${_('Permission')}</th>

                </thead>

                <tbody>

                %for k in c.perm_user.permissions[section]:

                     <%

                     if section != 'global':

                         section_perm = c.perm_user.permissions[section].get(k)

                         _perm = section_perm.split('.')[-1]

                     else:

                         _perm = section_perm = None

                     %>

                    <tr>

                        <td>

                            %if section == 'repositories':

                                <a href="${h.url('summary_home',repo_name=k)}">${k}</a>

                            %elif section == 'repositories_groups':

                                <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>

                            %else:

                                ${h.get_permission_name(k)}

                            %endif

                        </td>

                        <td>

                            %if section == 'global':

                             ${h.bool2icon(k.split('.')[-1] != 'none')}

                            %else:

                             <span class="perm_tag ${_perm}">${section_perm}</span>

                            %endif

                         </td>

                    </tr>

                %endfor

                </tbody>

               </table>

              </div>

           %endfor

    </div>

</div>

<div class="box box-left">

    <!-- box / title -->

    <div class="title">

        <h5>${_('Email addresses')}</h5>

    </div>

    <div class="emails_wrap">

      <table class="noborder">

      %for em in c.user_email_map:

        <tr>

            <td><div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(em.user.email,16)}"/> </div></td>

            <td><div class="email">${em.email}</div></td>

            <td>

              ${h.form(url('user_emails_delete', id=c.user.user_id),method='delete')}

                  ${h.hidden('del_email',em.email_id)}

                  ${h.submit('remove_',_('delete'),id="remove_email_%s" % em.email_id,