assert a1_auth.repository_group_permissions.get('group1') == 'group.read'

        assert a1_auth.repository_group_permissions.get('group2') == 'group.read'

        # Change perms to none for both groups

        RepoGroupModel().grant_user_permission(repo_group=self.g1,

                                               user=self.anon,

                                               perm='group.none')

        RepoGroupModel().grant_user_permission(repo_group=self.g2,

                                               user=self.anon,

                                               perm='group.none')

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_group_permissions.get('group1') == 'group.none'

        assert u1_auth.repository_group_permissions.get('group2') == 'group.none'

        a1_auth = AuthUser(user_id=self.anon.user_id)

        assert a1_auth.repository_group_permissions.get('group1') == 'group.none'

        assert a1_auth.repository_group_permissions.get('group2') == 'group.none'

        # add repo to group

        name = kallithea.URL_SEP.join([self.g1.group_name, 'test_perm'])

        self.test_repo = fixture.create_repo(name=name,

                                             repo_type='hg',

                                             repo_group=self.g1,

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_group_permissions.get('group1') == 'group.none'

        assert u1_auth.repository_group_permissions.get('group2') == 'group.none'

        a1_auth = AuthUser(user_id=self.anon.user_id)

        assert a1_auth.repository_group_permissions.get('group1') == 'group.none'

        assert a1_auth.repository_group_permissions.get('group2') == 'group.none'

        # grant permission for u2 !

        RepoGroupModel().grant_user_permission(repo_group=self.g1, user=self.u2,

                                               perm='group.read')

        RepoGroupModel().grant_user_permission(repo_group=self.g2, user=self.u2,

                                               perm='group.read')

        meta.Session().commit()

        assert self.u1 != self.u2

        # u1 and anon should have not change perms while u2 should !

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_group_permissions.get('group1') == 'group.none'

        assert u1_auth.repository_group_permissions.get('group2') == 'group.none'

        u2_auth = AuthUser(user_id=self.u2.user_id)

        assert u2_auth.repository_group_permissions.get('group1') == 'group.read'

        assert u2_auth.repository_group_permissions.get('group2') == 'group.read'

        user_model.grant_perm(usr, 'hg.create.repository')

        user_model.revoke_perm(usr, 'hg.fork.none')

        user_model.grant_perm(usr, 'hg.fork.repository')

        meta.Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.global_permissions == set(['hg.create.repository', 'hg.fork.repository',

                              'hg.register.manual_activate',

                              'hg.extern_activate.auto',

                              'repository.read', 'group.read',

                              'usergroup.read',

                              ])

    def test_inactive_user_group_does_not_affect_repo_permissions(self):

        self.ug1 = fixture.create_user_group('G1')

        user_group_model = UserGroupModel()

        user_group_model.add_user_to_group(self.ug1, self.u1)

        user_group_model.update(self.ug1, {'users_group_active': False})

        # note: make u2 repo owner rather than u1, because the owner always has

        # admin permissions

        self.test_repo = fixture.create_repo(name='myownrepo',

                                             repo_type='hg',

        # enable admin access for user group on repo

        RepoModel().grant_user_group_permission(self.test_repo,

                                                group_name=self.ug1,

                                                perm='repository.admin')

        # enable only write access for default user on repo

        RepoModel().grant_user_permission(self.test_repo,

                                          user='default',

                                          perm='repository.write')

        meta.Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_permissions['myownrepo'] == 'repository.write'

    def test_inactive_user_group_does_not_affect_repo_permissions_inverse(self):

        self.ug1 = fixture.create_user_group('G1')

        user_group_model = UserGroupModel()

        user_group_model.add_user_to_group(self.ug1, self.u1)

        user_group_model.update(self.ug1, {'users_group_active': False})

        # note: make u2 repo owner rather than u1, because the owner always has

        # admin permissions

        self.test_repo = fixture.create_repo(name='myownrepo',

                                             repo_type='hg',

        # enable only write access for user group on repo

        RepoModel().grant_user_group_permission(self.test_repo,

                                                group_name=self.ug1,

                                                perm='repository.write')

        # enable admin access for default user on repo

        RepoModel().grant_user_permission(self.test_repo,

                                          user='default',

                                          perm='repository.admin')

        meta.Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_permissions['myownrepo'] == 'repository.admin'

    def test_inactive_user_group_does_not_affect_repo_group_permissions(self):

        self.ug1 = fixture.create_user_group('G1')

        user_group_model = UserGroupModel()

        user_group_model.add_user_to_group(self.ug1, self.u1)

        user_group_model.update(self.ug1, {'users_group_active': False})

        self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)

        # enable admin access for user group on repo group

        RepoGroupModel().grant_user_group_permission(self.g1,

                                                     group_name=self.ug1,

        self.ug1 = fixture.create_user_group('G1')

        user_group_model = UserGroupModel()

        user_group_model.add_user_to_group(self.ug1, self.u1)

        user_group_model.update(self.ug1, {'users_group_active': False})

        self.ug2 = fixture.create_user_group('G2')

        # enable only write access for user group on user group

        UserGroupModel().grant_user_group_permission(self.ug2,

                                                     user_group=self.ug1,

                                                     perm='usergroup.write')

        # enable admin access for default user on user group

        UserGroupModel().grant_user_permission(self.ug2,

                                               user='default',

                                               perm='usergroup.admin')

        meta.Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.user_group_permissions['G1'] == 'usergroup.read'

        assert u1_auth.user_group_permissions['G2'] == 'usergroup.admin'

    def test_owner_permissions_doesnot_get_overwritten_by_group(self):

        # create repo as USER,

        self.test_repo = fixture.create_repo(name='myownrepo',

                                             repo_type='hg',

        # he has permissions of admin as owner

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_permissions['myownrepo'] == 'repository.admin'

        # set his permission as user group, he should still be admin

        self.ug1 = fixture.create_user_group('G1')

        UserGroupModel().add_user_to_group(self.ug1, self.u1)

        RepoModel().grant_user_group_permission(self.test_repo,

                                                 group_name=self.ug1,

                                                 perm='repository.none')

        meta.Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_permissions['myownrepo'] == 'repository.admin'

    def test_owner_permissions_doesnot_get_overwritten_by_others(self):

        # create repo as USER,

        self.test_repo = fixture.create_repo(name='myownrepo',

                                             repo_type='hg',

        # he has permissions of admin as owner

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_permissions['myownrepo'] == 'repository.admin'

        # set his permission as user, he should still be admin

        RepoModel().grant_user_permission(self.test_repo, user=self.u1,

                                          perm='repository.none')

        meta.Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        assert u1_auth.repository_permissions['myownrepo'] == 'repository.admin'

    def _test_def_perm_equal(self, user, change_factor=0):

        perms = db.UserToPerm.query() \

                .filter(db.UserToPerm.user == user) \

                .all()

        assert len(perms) == len(db.Permission.DEFAULT_USER_PERMISSIONS,)+change_factor, perms

    def test_set_default_permissions(self):

        PermissionModel().create_default_permissions(user=self.u1)

        self._test_def_perm_equal(user=self.u1)

    def test_set_default_permissions_after_one_is_missing(self):

        PermissionModel().create_default_permissions(user=self.u1)

        self._test_def_perm_equal(user=self.u1)