@LoginRequired(allow_default_user=True)

    def _before(self, *args, **kwargs):

        super(RepoGroupsController, self)._before(*args, **kwargs)

    def __load_defaults(self, extras=(), exclude=()):

        """extras is used for keeping current parent ignoring permissions

        exclude is used for not moving group to itself TODO: also exclude descendants

        Note: only admin can create top level groups

        """

        repo_groups = AvailableRepoGroupChoices('admin', extras)

        exclude_group_ids = set(rg.group_id for rg in exclude)

        c.repo_groups = [rg for rg in repo_groups

                         if rg[0] not in exclude_group_ids]

    def __load_data(self, group_id):

        """

        Load defaults settings for edit, and update

        :param group_id:

        """

        repo_group = db.RepoGroup.get_or_404(group_id)

        data = repo_group.get_dict()

        data['group_name'] = repo_group.name

        # fill repository group users

        for p in repo_group.repo_group_to_perm:

            data.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        # fill repository group groups

        for p in repo_group.users_group_to_perm:

            data.update({'g_perm_%s' % p.users_group.users_group_name:

                             p.permission.permission_name})

        return data

    def _revoke_perms_on_yourself(self, form_result):

        _up = [u for u in form_result['perms_updates'] if request.authuser.username == u[0]]

        _new = [u for u in form_result['perms_new'] if request.authuser.username == u[0]]

        if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':

            return True

        return False

    def index(self, format='html'):

        _list = db.RepoGroup.query(sorted=True).all()

        group_iter = RepoGroupList(_list, perm_level='admin')

        repo_groups_data = []

                                             repo_count)

            })

        c.data = {

            "sort": None,

            "dir": "asc",

            "records": repo_groups_data

        }

        return base.render('admin/repo_groups/repo_groups.html')

    def create(self):

        self.__load_defaults()

        # permissions for can create group based on parent_id are checked

        # here in the Form

        repo_group_form = RepoGroupForm(repo_groups=c.repo_groups)

        form_result = None

        try:

            form_result = repo_group_form.to_python(dict(request.POST))

            gr = RepoGroupModel().create(

                group_name=form_result['group_name'],

                group_description=form_result['group_description'],

                parent=form_result['parent_group_id'],

                copy_permissions=form_result['group_copy_permissions']

            )

            meta.Session().commit()

            # TODO: in future action_logger(, '', '', '')

        except formencode.Invalid as errors:

            return htmlfill.render(

                base.render('admin/repo_groups/repo_group_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            webutils.flash(_('Error occurred during creation of repository group %s')

                    % request.POST.get('group_name'), category='error')

            if form_result is None:

                raise

            parent_group_id = form_result['parent_group_id']

            # TODO: maybe we should get back to the main view, not the admin one

            raise HTTPFound(location=url('repos_groups', parent_group=parent_group_id))

        webutils.flash(_('Created repository group %s') % gr.group_name,

                category='success')

        raise HTTPFound(location=url('repos_group_home', group_name=gr.group_name))

                if_missing=None, not_empty=False

            )

    return _UserGroupForm

def RepoGroupForm(edit=False, old_data=None, repo_groups=None,

                   can_create_in_root=False):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                         v.SlugifyName(),

                         v.ValidRegex(msg=_('Name must not contain only digits'))(r'(?!^\d+$)^.+$'))

        group_description = v.UnicodeString(strip=True, min=1,

                                            not_empty=False)

        group_copy_permissions = v.StringBoolean(if_missing=False)

        if edit:

            # FIXME: do a special check that we cannot move a group to one of

            # its children

            pass

        parent_group_id = All(v.CanCreateGroup(can_create_in_root),

                              v.OneOf(repo_group_ids, hideList=False,

                                      testValueList=True,

                                      if_missing=None, not_empty=True),

                              v.Int(min=-1, not_empty=True))

        chained_validators = [v.ValidRepoGroup(edit, old_data)]

    return _RepoGroupForm

def RegisterForm(edit=False, old_data=None):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(

            v.ValidUsername(edit, old_data),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        password = All(

            v.ValidPassword(),

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

        return updates

    def update(self, repo_group, repo_group_args):

        try:

            repo_group = db.RepoGroup.guess_instance(repo_group)

            old_path = repo_group.full_path

            # change properties

            if 'group_description' in repo_group_args:

                repo_group.group_description = repo_group_args['group_description']

            if 'parent_group_id' in repo_group_args:

                assert repo_group_args['parent_group_id'] != '-1', repo_group_args  # RepoGroupForm should have converted to None

                repo_group.parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])

                repo_group.group_name = repo_group.get_new_name(repo_group.name)

            if 'group_name' in repo_group_args:

                group_name = repo_group_args['group_name']

                if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:

                    raise Exception('invalid repo group name %s' % group_name)

                repo_group.group_name = repo_group.get_new_name(group_name)

            new_path = repo_group.full_path

            meta.Session().add(repo_group)

            # iterate over all members of this groups and do fixes

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repo_group.recursive_groups_and_repos():

                # set the value from it's parent

                if isinstance(obj, db.RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s'

## -*- coding: utf-8 -*-

${h.form(url('update_repos_group',group_name=c.repo_group.group_name))}

<div class="form">

        <div class="form-group">

            <label class="control-label" for="group_name">${_('Group name')}:</label>

            <div>

                ${h.text('group_name',class_='form-control')}

            </div>

        </div>

        <div class="form-group">

            <label class="control-label" for="group_description">${_('Description')}:</label>

            <div>

                ${h.textarea('group_description',cols=23,rows=5,class_='form-control')}

            </div>

        </div>

        <div class="form-group">

            <label class="control-label" for="parent_group_id">${_('Group parent')}:</label>

            <div>

                ${h.select('parent_group_id','',c.repo_groups,class_='form-control')}

            </div>

        </div>

        <div class="form-group">

            <div class="buttons">

                ${h.submit('save',_('Save'),class_="btn btn-default")}

                ${h.reset('reset',_('Reset'),class_="btn btn-default")}

            </div>

        </div>

</div>

${h.end_form()}

${h.form(url('delete_repo_group', group_name=c.repo_group.group_name))}

<div class="form">

        <div class="form-group">

            <div class="buttons">

                ${h.submit('remove_%s' % c.repo_group.group_name,_('Remove this group'),class_="btn btn-danger",onclick="return confirm('"+_('Confirm to delete this group')+"');")}

            </div>

        </div>

</div>

${h.end_form()}

<script>

    'use strict';

    $(document).ready(function(){

        $("#parent_group_id").select2({

            'dropdownAutoWidth': true

        });

    });

</script>

        response = api_call(self, params)

        expected = {

            'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (

                TEST_USER_GROUP, self.REPO

            ),

            'success': True

        }

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'revoke_user_group_permission', raise_exception)

    def test_api_revoke_user_group_permission_exception_when_adding(self):

        id_, params = _build_data(self.apikey,

                                  'revoke_user_group_permission',

                                  repoid=self.REPO,

                                  usergroupid=TEST_USER_GROUP, )

        response = api_call(self, params)

        expected = 'failed to edit permission for user group: `%s` in repo: `%s`' % (

            TEST_USER_GROUP, self.REPO

        )

        self._compare_error(id_, expected, given=response.body)

    @base.parametrize('changing_attr,updates', [

        ('description', {'description': 'new description'}),

        ('group_name', {'group_name': 'new_repo_name'}),

        ('parent', {'parent': 'test_group_for_update'}),

    ])

    def test_api_update_repo_group(self, changing_attr, updates):

        group_name = 'lololo'

        repo_group = fixture.create_repo_group(group_name)

        new_group_name = group_name

        if changing_attr == 'group_name':

            assert repo_group.parent_group_id is None  # lazy assumption for this test

            new_group_name = updates['group_name']

        if changing_attr == 'parent':

            new_group_name = '/'.join([updates['parent'], group_name.rsplit('/', 1)[-1]])

        expected = {

            'msg': 'updated repository group ID:%s %s' % (repo_group.group_id, new_group_name),

            'repo_group': repo_group.get_api_data()

        }

        expected['repo_group'].update(updates)

        if 'description' in updates:

            expected['repo_group']['group_description'] = expected['repo_group'].pop('description')

        if changing_attr == 'parent':

        # creation

        response = self.app.post(base.url('repos_groups'),

                                         {'group_name': group_name,

                                         'group_description': 'lala',

                                         'parent_group_id': '-1',

                                         'group_copy_permissions': 'True',

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        self.checkSessionFlash(response, 'Created repository group %s' % group_name)

        # edit form

        response = self.app.get(base.url('edit_repo_group', group_name=group_name))

        response.mustcontain('>lala<')

        # edit with form error

        response = self.app.post(base.url('update_repos_group', group_name=group_name),

                                         {'group_name': group_name,

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        response.mustcontain('name="group_name" type="text" value="%s"' % group_name)

        response.mustcontain('<!-- for: group_description -->')

        # edit

        response = self.app.post(base.url('update_repos_group', group_name=group_name),

                                         {'group_name': group_name,

                                         'group_description': 'lolo',

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        self.checkSessionFlash(response, 'Updated repository group %s' % group_name)

        response = response.follow()

        response.mustcontain('name="group_name" type="text" value="%s"' % group_name)

        response.mustcontain(no='<!-- for: group_description -->')

        response.mustcontain('>lolo<')

        # listing

        response = self.app.get(base.url('repos_groups'))

        response.mustcontain('raw_name": "%s"' % group_name)

        # show

        response = self.app.get(base.url('repos_group', group_name=group_name))

        response.mustcontain('href="/_admin/repo_groups/%s/edit"' % group_name)

        # show ignores extra trailing slashes in the URL

        response = self.app.get(base.url('repos_group', group_name='%s//' % group_name))

        response.mustcontain('href="/_admin/repo_groups/%s/edit"' % group_name)

        # delete

        response = self.app.post(base.url('delete_repo_group', group_name=group_name),

                                 {'_session_csrf_secret_token': self.session_csrf_secret_token()})

        self.checkSessionFlash(response, 'Removed repository group %s' % group_name)