c.group_perms_choices = [('group.none', _('None'),),

                                 ('group.read', _('Read'),),

                                 ('group.write', _('Write'),),

                                 ('group.admin', _('Admin'),)]

        c.user_group_perms_choices = [('usergroup.none', _('None'),),

                                      ('usergroup.read', _('Read'),),

                                      ('usergroup.write', _('Write'),),

                                      ('usergroup.admin', _('Admin'),)]

        c.register_choices = [

            ('hg.register.none',

                _('Disabled')),

            ('hg.register.manual_activate',

                _('Allowed with manual account activation')),

            ('hg.register.auto_activate',

                _('Allowed with automatic account activation')), ]

        c.extern_activate_choices = [

            ('hg.extern_activate.manual', _('Manual activation of external account')),

            ('hg.extern_activate.auto', _('Automatic activation of external account')),

        ]

        c.repo_create_choices = [('hg.create.none', _('Disabled')),

                                 ('hg.create.repository', _('Enabled'))]

        c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),

                                       ('hg.usergroup.create.true', _('Enabled'))]

        c.fork_choices = [('hg.fork.none', _('Disabled')),

                          ('hg.fork.repository', _('Enabled'))]

    def permission_globals(self):

        c.active = 'globals'

        self.__load_data()

        if request.POST:

            _form = DefaultPermissionsForm(

                [x[0] for x in c.repo_perms_choices],

                [x[0] for x in c.group_perms_choices],

                [x[0] for x in c.user_group_perms_choices],

                [x[0] for x in c.repo_create_choices],

                [x[0] for x in c.repo_group_create_choices],

                [x[0] for x in c.user_group_create_choices],

                [x[0] for x in c.fork_choices],

                [x[0] for x in c.register_choices],

                [x[0] for x in c.extern_activate_choices])()

            try:

                form_result = _form.to_python(dict(request.POST))

                form_result.update({'perm_user_name': 'default'})

                PermissionModel().update(form_result)

                Session().commit()

                h.flash(_('Global permissions updated successfully'),

                        category='success')

            except formencode.Invalid as errors:

                defaults = errors.value

                return htmlfill.render(

                    render('admin/permissions/permissions.html'),

                    defaults=defaults,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except Exception:

                log.error(traceback.format_exc())

                h.flash(_('Error occurred during update of permissions'),

                        category='error')

            raise HTTPFound(location=url('admin_permissions'))

        c.user = User.get_default_user()

        defaults = {'anonymous': c.user.active}

        for p in c.user.user_perms:

            if p.permission.permission_name.startswith('repository.'):

                defaults['default_repo_perm'] = p.permission.permission_name

            if p.permission.permission_name.startswith('group.'):

                defaults['default_group_perm'] = p.permission.permission_name

            if p.permission.permission_name.startswith('usergroup.'):

                defaults['default_user_group_perm'] = p.permission.permission_name

            elif p.permission.permission_name.startswith('hg.create.'):

                defaults['default_repo_create'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.usergroup.'):

                defaults['default_user_group_create'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.register.'):

                defaults['default_register'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.extern_activate.'):

                defaults['default_extern_activate'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.fork.'):

                defaults['default_fork'] = p.permission.permission_name

        return htmlfill.render(

            render('admin/permissions/permissions.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def permission_ips(self):

        c.active = 'ips'

        c.user = User.get_default_user()

Repositories controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 7, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import celery.result

import formencode

from formencode import htmlfill

from tg import request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPForbidden, HTTPFound, HTTPInternalServerError, HTTPNotFound

import kallithea

from kallithea.config.routing import url

from kallithea.lib import helpers as h

from kallithea.lib.base import BaseRepoController, jsonify, render

from kallithea.lib.exceptions import AttachedForksError

from kallithea.lib.utils import action_logger

from kallithea.lib.utils2 import safe_int

from kallithea.lib.vcs import RepositoryError

from kallithea.model.db import RepoGroup, Repository, RepositoryField, Setting, UserFollowing

from kallithea.model.forms import RepoFieldForm, RepoForm, RepoPermsForm

from kallithea.model.meta import Session

from kallithea.model.repo import RepoModel

from kallithea.model.scm import AvailableRepoGroupChoices, RepoList, ScmModel

log = logging.getLogger(__name__)

class ReposController(BaseRepoController):

    """

    REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('repo', 'repos')

    @LoginRequired(allow_default_user=True)

    def _before(self, *args, **kwargs):

        super(ReposController, self)._before(*args, **kwargs)

    def _load_repo(self):

        repo_obj = c.db_repo

        if repo_obj is None:

            h.not_mapped_error(c.repo_name)

            raise HTTPFound(location=url('repos'))

        return repo_obj

    def __load_defaults(self, repo=None):

        extras = [] if repo is None else [repo.group]

        c.landing_revs_choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo)

    def __load_data(self):

        """

        Load defaults settings for edit, and update

        """

        c.repo_info = self._load_repo()

        self.__load_defaults(c.repo_info)

        defaults = RepoModel()._get_defaults(c.repo_name)

        defaults['clone_uri'] = c.repo_info.clone_uri_hidden # don't show password

        defaults['permanent_url'] = c.repo_info.clone_url(clone_uri_tmpl=c.clone_uri_tmpl, with_id=True)

        return defaults

    def index(self, format='html'):

        repos_list = RepoList(Repository.query(sorted=True).all(), perm_level='admin')

        # the repo list will be filtered to only show repos where the user has read permissions

        repos_data = RepoModel().get_repos_as_dict(repos_list, admin=True)

        # data used to render the grid

        c.data = repos_data

        return render('admin/repos/repos.html')

forks controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 23, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from tg import request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound

import kallithea

import kallithea.lib.helpers as h

from kallithea.config.routing import url

from kallithea.lib.base import BaseRepoController, render

from kallithea.lib.page import Page

from kallithea.lib.utils2 import safe_int

from kallithea.model.db import Repository, Ui, UserFollowing

from kallithea.model.forms import RepoForkForm

from kallithea.model.repo import RepoModel

from kallithea.model.scm import AvailableRepoGroupChoices, ScmModel

log = logging.getLogger(__name__)

class ForksController(BaseRepoController):

    def __load_defaults(self):

        c.landing_revs_choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        c.can_update = Ui.get_by_key('hooks', Ui.HOOK_UPDATE).ui_active

    def __load_data(self):

        """

        Load defaults settings for edit, and update

        """

        self.__load_defaults()

        c.repo_info = c.db_repo

        repo = c.db_repo.scm_instance

        if c.repo_info is None:

            h.not_mapped_error(c.repo_name)

            raise HTTPFound(location=url('repos'))

        c.default_user_id = kallithea.DEFAULT_USER_ID

        c.in_public_journal = UserFollowing.query() \

            .filter(UserFollowing.user_id == c.default_user_id) \

            .filter(UserFollowing.follows_repository == c.repo_info).scalar()

        if c.repo_info.stats:

    def bump_permission(kind, key, new_perm):

        """Add a new permission for kind and key.

        Assuming the permissions are comparable, set the new permission if it

        has higher weight, else drop it and keep the old permission.

        """

        cur_perm = permissions[kind][key]

        new_perm_val = PERM_WEIGHTS[new_perm]

        cur_perm_val = PERM_WEIGHTS[cur_perm]

        if new_perm_val > cur_perm_val:

            permissions[kind][key] = new_perm

    #======================================================================

    # fetch default permissions

    #======================================================================

    default_repo_perms = Permission.get_default_perms(kallithea.DEFAULT_USER_ID)

    default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)

    default_user_group_perms = Permission.get_default_user_group_perms(kallithea.DEFAULT_USER_ID)

    if user_is_admin:

        #==================================================================

        # admin users have all rights;

        # based on default permissions, just set everything to admin

        #==================================================================

        permissions[GLOBAL].add('hg.admin')

        # repositories

        for perm in default_repo_perms:

            r_k = perm.repository.repo_name

            p = 'repository.admin'

            permissions[RK][r_k] = p

        # repository groups

        for perm in default_repo_groups_perms:

            rg_k = perm.group.group_name

            p = 'group.admin'

            permissions[GK][rg_k] = p

        # user groups

        for perm in default_user_group_perms:

            u_k = perm.user_group.users_group_name

            p = 'usergroup.admin'

            permissions[UK][u_k] = p

        return permissions

    #==================================================================

    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

    #==================================================================

        .join((UserGroup, UserGroupMember.users_group_id ==

               UserGroup.users_group_id)) \

        .filter(UserGroup.users_group_active == True) \

        .order_by(UserGroupToPerm.users_group_id) \

        .all()

    # need to group here by groups since user can be in more than

    # one group

    _grouped = [[x, list(y)] for x, y in

                itertools.groupby(user_perms_from_users_groups,

                                  lambda x:x.users_group)]

    for gr, perms in _grouped:

        for perm in perms:

            permissions[GLOBAL].add(perm.permission.permission_name)

    # user specific global permissions

    user_perms = Session().query(UserToPerm) \

            .options(joinedload(UserToPerm.permission)) \

            .filter(UserToPerm.user_id == user_id).all()

    for perm in user_perms:

        permissions[GLOBAL].add(perm.permission.permission_name)

    # for each kind of global permissions, only keep the one with heighest weight

    kind_max_perm = {}

        kind = perm.rsplit('.', 1)[0]

        kind_max_perm[kind] = perm

    permissions[GLOBAL] = set(kind_max_perm.values())

    ## END GLOBAL PERMISSIONS

    #======================================================================

    # !! PERMISSIONS FOR REPOSITORIES !!

    #======================================================================

    #======================================================================

    # check if user is part of user groups for this repository and

    # fill in his permission from it.

    #======================================================================

    # user group for repositories permissions

    user_repo_perms_from_users_groups = \

     Session().query(UserGroupRepoToPerm) \

        .join((UserGroup, UserGroupRepoToPerm.users_group_id ==

               UserGroup.users_group_id)) \

        .filter(UserGroup.users_group_active == True) \

        .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==

               UserGroupMember.users_group_id)) \

        .filter(UserGroupMember.user_id == user_id) \

        .options(joinedload(UserGroupRepoToPerm.repository)) \

        .options(joinedload(UserGroupRepoToPerm.permission)) \

    PERMS = (

        ('hg.admin', _('Kallithea Administrator')),

        ('repository.none', _('Default user has no access to new repositories')),

        ('repository.read', _('Default user has read access to new repositories')),

        ('repository.write', _('Default user has write access to new repositories')),

        ('repository.admin', _('Default user has admin access to new repositories')),

        ('group.none', _('Default user has no access to new repository groups')),

        ('group.read', _('Default user has read access to new repository groups')),

        ('group.write', _('Default user has write access to new repository groups')),

        ('group.admin', _('Default user has admin access to new repository groups')),

        ('usergroup.none', _('Default user has no access to new user groups')),

        ('usergroup.read', _('Default user has read access to new user groups')),

        ('usergroup.write', _('Default user has write access to new user groups')),

        ('usergroup.admin', _('Default user has admin access to new user groups')),

        ('hg.usergroup.create.false', _('Only admins can create user groups')),

        ('hg.usergroup.create.true', _('Non-admins can create user groups')),

        ('hg.create.none', _('Only admins can create top level repositories')),

        ('hg.create.repository', _('Non-admins can create top level repositories')),

        ('hg.fork.none', _('Only admins can fork repositories')),

        ('hg.fork.repository', _('Non-admins can fork repositories')),

        ('hg.register.none', _('Registration disabled')),

        ('hg.register.manual_activate', _('User registration with manual account activation')),

        ('hg.register.auto_activate', _('User registration with automatic account activation')),

        ('hg.extern_activate.manual', _('Manual activation of external account')),

        ('hg.extern_activate.auto', _('Automatic activation of external account')),

    )

    # definition of system default permissions for DEFAULT user

    DEFAULT_USER_PERMISSIONS = (

        'repository.read',

        'group.read',

        'usergroup.read',

        'hg.create.repository',

        'hg.fork.repository',

        'hg.register.manual_activate',

        'hg.extern_activate.auto',

    )

    # defines which permissions are more important higher the more important

    # Weight defines which permissions are more important.

    # The higher number the more important.

    PERM_WEIGHTS = {

        'repository.none': 0,

        'repository.read': 1,

        'repository.write': 3,

        'repository.admin': 4,

        'group.none': 0,

        'group.read': 1,

        'group.write': 3,

        'group.admin': 4,

        'usergroup.none': 0,

        'usergroup.read': 1,

        'usergroup.write': 3,

        'usergroup.admin': 4,

        'hg.usergroup.create.false': 0,

        'hg.usergroup.create.true': 1,

        'hg.fork.none': 0,

        'hg.fork.repository': 1,

        'hg.create.none': 0,

        'hg.create.repository': 1,

        'hg.register.none': 0,

        'hg.register.manual_activate': 1,

        'hg.register.auto_activate': 2,

        'hg.extern_activate.manual': 0,

        'hg.extern_activate.auto': 1,

    }

    permission_id = Column(Integer(), primary_key=True)

    permission_name = Column(String(255), nullable=False)

    def __repr__(self):

        return "<%s %s: %r>" % (

            self.__class__.__name__, self.permission_id, self.permission_name

        )

    @classmethod

    def guess_instance(cls, value):

        return super(Permission, cls).guess_instance(value, Permission.get_by_key)

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.permission_name == key).scalar()

    return _ApplicationVisualisationForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        paths_root_path = All(

            v.ValidPath(),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        hooks_changegroup_update = v.StringBoolean(if_missing=False)

        hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)

        extensions_largefiles = v.StringBoolean(if_missing=False)

        extensions_hgsubversion = v.StringBoolean(if_missing=False)

        extensions_hggit = v.StringBoolean(if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

                           user_group_perms_choices, create_choices,

                           user_group_create_choices, fork_choices,

                           register_choices, extern_activate_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default_repo = v.StringBoolean(if_missing=False)

        overwrite_default_group = v.StringBoolean(if_missing=False)

        overwrite_default_user_group = v.StringBoolean(if_missing=False)

        anonymous = v.StringBoolean(if_missing=False)

        default_repo_perm = v.OneOf(repo_perms_choices)

        default_group_perm = v.OneOf(group_perms_choices)

        default_user_group_perm = v.OneOf(user_group_perms_choices)

        default_repo_create = v.OneOf(create_choices)

        default_user_group_create = v.OneOf(user_group_create_choices)

        default_fork = v.OneOf(fork_choices)

        default_register = v.OneOf(register_choices)

        default_extern_activate = v.OneOf(extern_activate_choices)

    return _DefaultPermissionsForm

def CustomDefaultPermissionsForm():

    class _CustomDefaultPermissionsForm(formencode.Schema):

        filter_extra_fields = True

        allow_extra_fields = True

        create_repo_perm = v.StringBoolean(if_missing=False)

        create_user_group_perm = v.StringBoolean(if_missing=False)

        #create_repo_group_perm Impl. later

        fork_repo_perm = v.StringBoolean(if_missing=False)

    return _CustomDefaultPermissionsForm

def DefaultsForm(edit=False, old_data=None, supported_backends=BACKENDS):

    class _DefaultsForm(formencode.Schema):

            # stage 1 set anonymous access

            if perm_user.is_default_user:

                perm_user.active = asbool(form_result['anonymous'])

            # stage 2 reset defaults and set them from form data

            def _make_new(usr, perm_name):

                log.debug('Creating new permission:%s', perm_name)

                new = UserToPerm()

                new.user = usr

                new.permission = Permission.get_by_key(perm_name)

                return new

            # clear current entries, to make this function idempotent

            # it will fix even if we define more permissions or permissions

            # are somehow missing

            u2p = UserToPerm.query() \

                .filter(UserToPerm.user == perm_user) \

                .all()

            for p in u2p:

                Session().delete(p)

            # create fresh set of permissions

            for def_perm_key in ['default_repo_perm',

                                 'default_group_perm',

                                 'default_user_group_perm',

                                 'default_repo_create',

                                 'default_user_group_create',

                                 'default_fork',

                                 'default_register',

                                 'default_extern_activate']:

                p = _make_new(perm_user, form_result[def_perm_key])

                Session().add(p)

            # stage 3 update all default permissions for repos if checked

            if form_result['overwrite_default_repo']:

                _def_name = form_result['default_repo_perm'].split('repository.')[-1]

                _def = Permission.get_by_key('repository.' + _def_name)

                # repos

                for r2p in UserRepoToPerm.query() \

                               .filter(UserRepoToPerm.user == perm_user) \

                               .all():

                    # don't reset PRIVATE repositories

                    if not r2p.repository.private:

                        r2p.permission = _def

            if form_result['overwrite_default_group']:

                _def_name = form_result['default_group_perm'].split('group.')[-1]

                # groups

                _def = Permission.get_by_key('group.' + _def_name)

                )

    return _validator

def CanWriteGroup(old_data=None):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'permission_denied': _("You don't have permissions "

                                   "to create repository in this group"),

            'permission_denied_root': _("no permission to create repository "

                                        "in root location")

        }

        def _convert_to_python(self, value, state):

            # root location

            if value == -1:

                return None

            return value

        def _validate_python(self, value, state):

            gr = RepoGroup.get(value)

            gr_name = gr.group_name if gr is not None else None # None means ROOT location

            # create repositories with write permission on group is set to true

            group_admin = HasRepoGroupPermissionLevel('admin')(gr_name,

                                            'can write into group validator')

            group_write = HasRepoGroupPermissionLevel('write')(gr_name,

                                            'can write into group validator')

            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')

            gid = (old_data['repo_group'].get('group_id')

                   if (old_data and 'repo_group' in old_data) else None)

            value_changed = gid != value

            new = not old_data

            # do check if we changed the value, there's a case that someone got

            # revoked write permissions to a repository, he still created, we

            # don't need to check permission if he didn't change the value of

            # groups in form box

            if value_changed or new:

                # parent group need to be existing

                if gr and forbidden:

                    msg = self.message('permission_denied', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(repo_type=msg)

                    )

                ## check if we can write to root location !

                elif gr is None and not can_create_repos():

                    msg = self.message('permission_denied_root', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(repo_type=msg)

                    )

    return _validator

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="default_user_group_perm">${_('User group')}:</label>

                <div class="form-inline">

                    ${h.select('default_user_group_perm','',c.user_group_perms_choices,class_='form-control')}

                    <label>

                        ${h.checkbox('overwrite_default_user_group','true')}

                        <span data-toggle="tooltip" title="${_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on user groups will be lost')}">

                            ${_('Apply to all existing user groups')}

                        </span>

                    </label>

                    <span class="help-block">${_('Permissions for the Default user on new user groups.')}</span>

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="default_repo_create">${_('Top level repository creation')}:</label>

                <div>

                    ${h.select('default_repo_create','',c.repo_create_choices,class_='form-control')}

                    <span class="help-block">${_('Enable this to allow non-admins to create repositories at the top level.')}</span>

                    <span class="help-block">${_('Note: This will also give all users API access to create repositories everywhere. That might change in future versions.')}</span>

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="default_user_group_create">${_('User group creation')}:</label>

                <div>

                    ${h.select('default_user_group_create','',c.user_group_create_choices,class_='form-control')}

                    <span class="help-block">${_('Enable this to allow non-admins to create user groups.')}</span>

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="default_fork">${_('Repository forking')}:</label>

                <div>

                    ${h.select('default_fork','',c.fork_choices,class_='form-control')}

                    <span class="help-block">${_('Enable this to allow non-admins to fork repositories.')}</span>

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="default_register">${_('Registration')}:</label>

                <div>

                    ${h.select('default_register','',c.register_choices,class_='form-control')}

                </div>

            </div>

            <div class="form-group">

                <label class="control-label" for="default_extern_activate">${_('External auth account activation')}:</label>

                <div>

                    ${h.select('default_extern_activate','',c.extern_activate_choices,class_='form-control')}

                </div>

<%page args="parent,group_name=''" />

    <div class="panel panel-primary">

        <div class="panel-heading clearfix">

            <div class="pull-left panel-title">

                %if c.group is not None:

                    %for group in c.group.parents:

                        ${h.link_to(group.name, url('repos_group_home', group_name=group.group_name))}

                        »

                    %endfor

                    ${c.group.name}

                %endif

            </div>

            %if request.authuser.username != 'default':

              <div class="pull-right">

                <%

                    gr_name = c.group.group_name if c.group else None

                    # create repositories with write permission on group is set to true

                    group_admin = h.HasRepoGroupPermissionLevel('admin')(gr_name, 'can write into group index page')

                    group_write = h.HasRepoGroupPermissionLevel('write')(gr_name, 'can write into group index page')

                %>

                  %if c.group:

                        <a href="${h.url('new_repo',parent_group=c.group.group_id)}" class="btn btn-default btn-xs"><i class="icon-plus"></i>${_('Add Repository')}</a>

                        %if h.HasPermissionAny('hg.admin')() or h.HasRepoGroupPermissionLevel('admin')(c.group.group_name):

                            <a href="${h.url('new_repos_group', parent_group=c.group.group_id)}" class="btn btn-default btn-xs"><i class="icon-plus"></i>${_('Add Repository Group')}</a>

                        %endif

                  %else:

                    <a href="${h.url('new_repo')}" class="btn btn-default btn-xs"><i class="icon-plus"></i>${_('Add Repository')}</a>

                    %if h.HasPermissionAny('hg.admin')():

                        <a href="${h.url('new_repos_group')}" class="btn btn-default btn-xs"><i class="icon-plus"></i>${_('Add Repository Group')}</a>

                    %endif

                  %endif

                %endif

                %if c.group and h.HasRepoGroupPermissionLevel('admin')(c.group.group_name):

                    <a href="${h.url('edit_repo_group',group_name=c.group.group_name)}" title="${_('You have admin right to this group, and can edit it')}" class="btn btn-default btn-xs"><i class="icon-pencil"></i>${_('Edit Repository Group')}</a>

                %endif

              </div>

            %endif

        </div>

        <div class="panel-body">

            <table class="table" id="repos_list_wrap" width="100%"></table>

        </div>

    </div>

      <script>'use strict';

        assert obj.permission.permission_name == 'group.read'

        a1_auth = AuthUser(user_id=self.anon.user_id)

        assert a1_auth.permissions['repositories_groups'].get('group1') == 'group.none'

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.permissions['repositories_groups'].get('group1') == 'group.read'

    def test_inherit_nice_permissions_from_default_user(self):

        user_model = UserModel()

        # enable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.none')

        user_model.grant_perm(usr, 'hg.create.repository')

        user_model.revoke_perm(usr, 'hg.fork.none')

        user_model.grant_perm(usr, 'hg.fork.repository')

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have inherited permissions from default user

        assert u1_auth.permissions['global'] == set(['hg.create.repository', 'hg.fork.repository',

                              'hg.register.manual_activate',

                              'hg.extern_activate.auto',

                              'repository.read', 'group.read',

    def test_inherit_sad_permissions_from_default_user(self):

        user_model = UserModel()

        # disable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.repository')

        user_model.grant_perm(usr, 'hg.create.none')

        user_model.revoke_perm(usr, 'hg.fork.repository')

        user_model.grant_perm(usr, 'hg.fork.none')

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have inherited permissions from default user

        assert u1_auth.permissions['global'] == set(['hg.create.none', 'hg.fork.none',

                              'hg.register.manual_activate',

                              'hg.extern_activate.auto',

                              'repository.read', 'group.read',

    def test_inherit_more_permissions_from_default_user(self):

        user_model = UserModel()

        # enable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.none')

        user_model.grant_perm(usr, 'hg.create.repository')

        user_model.revoke_perm(usr, 'hg.fork.none')

        user_model.grant_perm(usr, 'hg.fork.repository')

        # disable global perms on specific user

        user_model.revoke_perm(self.u1, 'hg.create.repository')

        user_model.grant_perm(self.u1, 'hg.create.none')

        user_model.revoke_perm(self.u1, 'hg.fork.repository')

        user_model.grant_perm(self.u1, 'hg.fork.none')

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have inherited more permissions from default user

        assert u1_auth.permissions['global'] == set([

                              'hg.create.repository',

                              'hg.fork.repository',

                              'hg.register.manual_activate',

                              'hg.extern_activate.auto',

                              'repository.read', 'group.read',