import formencode

from formencode import htmlfill

from tg import app_globals, request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from tg.i18n import ungettext

from webob.exc import HTTPForbidden, HTTPFound, HTTPInternalServerError, HTTPNotFound

from kallithea.controllers import base

from kallithea.lib import webutils

from kallithea.lib.auth import HasPermissionAny, HasRepoGroupPermissionLevel, HasRepoGroupPermissionLevelDecorator, LoginRequired

from kallithea.lib.utils2 import safe_int

from kallithea.lib.webutils import url

from kallithea.model import db, meta

from kallithea.model.forms import RepoGroupForm, RepoGroupPermsForm

from kallithea.model.repo import RepoModel

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.scm import AvailableRepoGroupChoices, RepoGroupList

log = logging.getLogger(__name__)

class RepoGroupsController(base.BaseController):

    @LoginRequired(allow_default_user=True)

    def _before(self, *args, **kwargs):

        super(RepoGroupsController, self)._before(*args, **kwargs)

    def __load_defaults(self, extras=(), exclude=()):

        """extras is used for keeping current parent ignoring permissions

        exclude is used for not moving group to itself TODO: also exclude descendants

        Note: only admin can create top level groups

        """

        repo_groups = AvailableRepoGroupChoices('admin', extras)

        exclude_group_ids = set(rg.group_id for rg in exclude)

        c.repo_groups = [rg for rg in repo_groups

                         if rg[0] not in exclude_group_ids]

    def __load_data(self, group_id):

        """

        Load defaults settings for edit, and update

        :param group_id:

        """

        repo_group = db.RepoGroup.get_or_404(group_id)

        data = repo_group.get_dict()

        data['group_name'] = repo_group.name

        # fill repository group users

        for p in repo_group.repo_group_to_perm:

            data.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        # fill repository group groups

        for p in repo_group.users_group_to_perm:

            data.update({'g_perm_%s' % p.users_group.users_group_name:

                             p.permission.permission_name})

        return data

    def _revoke_perms_on_yourself(self, form_result):

        _up = [u for u in form_result['perms_updates'] if request.authuser.username == u[0]]

        _new = [u for u in form_result['perms_new'] if request.authuser.username == u[0]]

        if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':

            return True

        return False

    def index(self, format='html'):

        _list = db.RepoGroup.query(sorted=True).all()

        group_iter = RepoGroupList(_list, perm_level='admin')

        repo_groups_data = []

        _tmpl_lookup = app_globals.mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        def repo_group_name(repo_group_name, children_groups):

            return template.get_def("repo_group_name") \

                .render_unicode(repo_group_name, children_groups, _=_, webutils=webutils, c=c)

        def repo_group_actions(repo_group_id, repo_group_name, gr_count):

            return template.get_def("repo_group_actions") \

                .render_unicode(repo_group_id, repo_group_name, gr_count, _=_, webutils=webutils, c=c,

                        ungettext=ungettext)

        for repo_gr in group_iter:

            children_groups = [g.name for g in repo_gr.parents] + [repo_gr.name]

            repo_count = repo_gr.repositories.count()

            repo_groups_data.append({

                "raw_name": webutils.escape(repo_gr.group_name),

                "group_name": repo_group_name(repo_gr.group_name, children_groups),

                "desc": webutils.escape(repo_gr.group_description),

                "repos": repo_count,

                "owner": repo_gr.owner.username,

                "action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,

                                             repo_count)

            })

        c.data = {

            "sort": None,

            "dir": "asc",

            "records": repo_groups_data

        }

        return base.render('admin/repo_groups/repo_groups.html')

    def create(self):

        self.__load_defaults()

        # permissions for can create group based on parent_id are checked

        # here in the Form

        repo_group_form = RepoGroupForm(repo_groups=c.repo_groups)

        form_result = None

        try:

            form_result = repo_group_form.to_python(dict(request.POST))

            gr = RepoGroupModel().create(

                group_name=form_result['group_name'],

                group_description=form_result['group_description'],

                parent=form_result['parent_group_id'],

                copy_permissions=form_result['group_copy_permissions']

            )

            meta.Session().commit()

            # TODO: in future action_logger(, '', '', '')

        except formencode.Invalid as errors:

            return htmlfill.render(

                base.render('admin/repo_groups/repo_group_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            webutils.flash(_('Error occurred during creation of repository group %s')

                    % request.POST.get('group_name'), category='error')

            if form_result is None:

                raise

            parent_group_id = form_result['parent_group_id']

            # TODO: maybe we should get back to the main view, not the admin one

            raise HTTPFound(location=url('repos_groups', parent_group=parent_group_id))

        webutils.flash(_('Created repository group %s') % gr.group_name,

                category='success')

        raise HTTPFound(location=url('repos_group_home', group_name=gr.group_name))

    def new(self):

        parent_group_id = safe_int(request.GET.get('parent_group') or '-1')

        if HasPermissionAny('hg.admin')('group create'):

            # we're global admin, we're ok and we can create TOP level groups

            pass

        else:

            # we pass in parent group into creation form, thus we know

            # what would be the group, we can check perms here !

            group = db.RepoGroup.get(parent_group_id) if parent_group_id else None

            group_name = group.group_name if group else None

            if HasRepoGroupPermissionLevel('admin')(group_name, 'group create'):

                pass

            else:

                raise HTTPForbidden()

        self.__load_defaults()

        return htmlfill.render(

            base.render('admin/repo_groups/repo_group_add.html'),

            defaults={'parent_group_id': parent_group_id},

            errors={},

            prefix_error=False,

            encoding="UTF-8",

            force_defaults=False)

        extern_type = v.UnicodeString(strip=True, if_missing=None)

    return _UserForm

def UserGroupForm(edit=False, old_data=None, available_members=None):

    old_data = old_data or {}

    available_members = available_members or []

    class _UserGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        users_group_name = All(

            v.UnicodeString(strip=True, min=1, not_empty=True),

            v.ValidUserGroup(edit, old_data)

        )

        user_group_description = v.UnicodeString(strip=True, min=1,

                                                 not_empty=False)

        users_group_active = v.StringBoolean(if_missing=False)

        if edit:

            users_group_members = v.OneOf(

                available_members, hideList=False, testValueList=True,

                if_missing=None, not_empty=False

            )

    return _UserGroupForm

def RepoGroupForm(edit=False, old_data=None, repo_groups=None,

                   can_create_in_root=False):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                         v.SlugifyName(),

                         v.ValidRegex(msg=_('Name must not contain only digits'))(r'(?!^\d+$)^.+$'))

        group_description = v.UnicodeString(strip=True, min=1,

                                            not_empty=False)

        group_copy_permissions = v.StringBoolean(if_missing=False)

        if edit:

            # FIXME: do a special check that we cannot move a group to one of

            # its children

            pass

        parent_group_id = All(v.CanCreateGroup(can_create_in_root),

                              v.OneOf(repo_group_ids, hideList=False,

                                      testValueList=True,

                                      if_missing=None, not_empty=True),

                              v.Int(min=-1, not_empty=True))

        chained_validators = [v.ValidRepoGroup(edit, old_data)]

    return _RepoGroupForm

def RegisterForm(edit=False, old_data=None):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(

            v.ValidUsername(edit, old_data),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        password = All(

            v.ValidPassword(),

            v.UnicodeString(strip=False, min=6, not_empty=True)

        )

        password_confirmation = All(

            v.ValidPassword(),

            v.UnicodeString(strip=False, min=6, not_empty=True)

        )

        active = v.StringBoolean(if_missing=False)

        firstname = v.UnicodeString(strip=True, min=1, not_empty=False)

        lastname = v.UnicodeString(strip=True, min=1, not_empty=False)

        email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))

        chained_validators = [v.ValidPasswordsMatch('password',

                                                    'password_confirmation')]

    return _RegisterForm

def PasswordResetRequestForm():

    class _PasswordResetRequestForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = v.Email(not_empty=True)

    return _PasswordResetRequestForm

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

                pass

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(obj, db.RepoGroup) and not obj == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(obj, db.Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                obj = repo_group

                # also we do a break at the end of this loop.

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for user group

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

        return updates

    def update(self, repo_group, repo_group_args):

        try:

            repo_group = db.RepoGroup.guess_instance(repo_group)

            old_path = repo_group.full_path

            # change properties

            if 'group_description' in repo_group_args:

                repo_group.group_description = repo_group_args['group_description']

            if 'parent_group_id' in repo_group_args:

                assert repo_group_args['parent_group_id'] != '-1', repo_group_args  # RepoGroupForm should have converted to None

                repo_group.parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])

                repo_group.group_name = repo_group.get_new_name(repo_group.name)

            if 'group_name' in repo_group_args:

                group_name = repo_group_args['group_name']

                if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:

                    raise Exception('invalid repo group name %s' % group_name)

                repo_group.group_name = repo_group.get_new_name(group_name)

            new_path = repo_group.full_path

            meta.Session().add(repo_group)

            # iterate over all members of this groups and do fixes

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repo_group.recursive_groups_and_repos():

                # set the value from it's parent

                if isinstance(obj, db.RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s'

                                % (obj.group_name, new_name))

                    obj.group_name = new_name

                elif isinstance(obj, db.Repository):

                    # we need to get all repositories from this new group and

                    # rename them accordingly to new group path

                    new_name = obj.get_new_name(obj.just_name)

                    log.debug('Fixing repo %s to new name %s'

                                % (obj.repo_name, new_name))

                    obj.repo_name = new_name

            self._rename_group(old_path, new_path)

            return repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, repo_group, force_delete=False):

        repo_group = db.RepoGroup.guess_instance(repo_group)

        try:

            meta.Session().delete(repo_group)

            self._delete_group(repo_group, force_delete)

        except Exception:

            log.error('Error removing repo_group %s', repo_group)

## -*- coding: utf-8 -*-

${h.form(url('update_repos_group',group_name=c.repo_group.group_name))}

<div class="form">

        <div class="form-group">

            <label class="control-label" for="group_name">${_('Group name')}:</label>

            <div>

                ${h.text('group_name',class_='form-control')}

            </div>

        </div>

        <div class="form-group">

            <label class="control-label" for="group_description">${_('Description')}:</label>

            <div>

                ${h.textarea('group_description',cols=23,rows=5,class_='form-control')}

            </div>

        </div>

        <div class="form-group">

            <label class="control-label" for="parent_group_id">${_('Group parent')}:</label>

            <div>

                ${h.select('parent_group_id','',c.repo_groups,class_='form-control')}

            </div>

        </div>

        <div class="form-group">

            <div class="buttons">

                ${h.submit('save',_('Save'),class_="btn btn-default")}

                ${h.reset('reset',_('Reset'),class_="btn btn-default")}

            </div>

        </div>

</div>

${h.end_form()}

${h.form(url('delete_repo_group', group_name=c.repo_group.group_name))}

<div class="form">

        <div class="form-group">

            <div class="buttons">

                ${h.submit('remove_%s' % c.repo_group.group_name,_('Remove this group'),class_="btn btn-danger",onclick="return confirm('"+_('Confirm to delete this group')+"');")}

            </div>

        </div>

</div>

${h.end_form()}

<script>

    'use strict';

    $(document).ready(function(){

        $("#parent_group_id").select2({

            'dropdownAutoWidth': true

        });

    });

</script>

    @mock.patch.object(RepoModel, 'grant_user_group_permission', raise_exception)

    def test_api_grant_user_group_permission_exception_when_adding(self):

        perm = 'repository.read'

        id_, params = _build_data(self.apikey,

                                  'grant_user_group_permission',

                                  repoid=self.REPO,

                                  usergroupid=TEST_USER_GROUP,

                                  perm=perm)

        response = api_call(self, params)

        expected = 'failed to edit permission for user group: `%s` in repo: `%s`' % (

            TEST_USER_GROUP, self.REPO

        )

        self._compare_error(id_, expected, given=response.body)

    def test_api_revoke_user_group_permission(self):

        RepoModel().grant_user_group_permission(repo=self.REPO,

                                                group_name=TEST_USER_GROUP,

                                                perm='repository.read')

        meta.Session().commit()

        id_, params = _build_data(self.apikey,

                                  'revoke_user_group_permission',

                                  repoid=self.REPO,

                                  usergroupid=TEST_USER_GROUP, )

        response = api_call(self, params)

        expected = {

            'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (

                TEST_USER_GROUP, self.REPO

            ),

            'success': True

        }

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'revoke_user_group_permission', raise_exception)

    def test_api_revoke_user_group_permission_exception_when_adding(self):

        id_, params = _build_data(self.apikey,

                                  'revoke_user_group_permission',

                                  repoid=self.REPO,

                                  usergroupid=TEST_USER_GROUP, )

        response = api_call(self, params)

        expected = 'failed to edit permission for user group: `%s` in repo: `%s`' % (

            TEST_USER_GROUP, self.REPO

        )

        self._compare_error(id_, expected, given=response.body)

    @base.parametrize('changing_attr,updates', [

        ('description', {'description': 'new description'}),

        ('group_name', {'group_name': 'new_repo_name'}),

        ('parent', {'parent': 'test_group_for_update'}),

    ])

    def test_api_update_repo_group(self, changing_attr, updates):

        group_name = 'lololo'

        repo_group = fixture.create_repo_group(group_name)

        new_group_name = group_name

        if changing_attr == 'group_name':

            assert repo_group.parent_group_id is None  # lazy assumption for this test

            new_group_name = updates['group_name']

        if changing_attr == 'parent':

            new_group_name = '/'.join([updates['parent'], group_name.rsplit('/', 1)[-1]])

        expected = {

            'msg': 'updated repository group ID:%s %s' % (repo_group.group_id, new_group_name),

            'repo_group': repo_group.get_api_data()

        }

        expected['repo_group'].update(updates)

        if 'description' in updates:

            expected['repo_group']['group_description'] = expected['repo_group'].pop('description')

        if changing_attr == 'parent':

            new_parent = fixture.create_repo_group(updates['parent'])

            expected['repo_group']['parent_group'] = expected['repo_group'].pop('parent')

            expected['repo_group']['group_name'] = new_group_name

        id_, params = _build_data(self.apikey, 'update_repo_group',

                                  repogroupid=group_name, **updates)

        response = api_call(self, params)

        try:

            self._compare_ok(id_, expected, given=response.body)

        finally:

            if changing_attr == 'parent':

                fixture.destroy_repo_group(new_parent.group_id)

            fixture.destroy_repo_group(new_group_name)

    @base.parametrize('name,perm,apply_to_children', [

        ('none', 'group.none', 'none'),

        ('read', 'group.read', 'none'),

        ('write', 'group.write', 'none'),

        ('admin', 'group.admin', 'none'),

        ('none', 'group.none', 'all'),

        ('read', 'group.read', 'all'),

        ('write', 'group.write', 'all'),

class TestRepoGroupsController(base.TestController):

    def test_index(self):

        self.log_user()

        response = self.app.get(base.url('repos_groups'))

        response.mustcontain('"records": []')

    def test_new(self):

        self.log_user()

        response = self.app.get(base.url('new_repos_group'))

    def test_create(self):

        self.log_user()

        group_name = 'foo'

        # creation with form error

        response = self.app.post(base.url('repos_groups'),

                                         {'group_name': group_name,

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        response.mustcontain('name="group_name" type="text" value="%s"' % group_name)

        response.mustcontain('<!-- for: group_description -->')

        # creation

        response = self.app.post(base.url('repos_groups'),

                                         {'group_name': group_name,

                                         'group_description': 'lala',

                                         'parent_group_id': '-1',

                                         'group_copy_permissions': 'True',

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        self.checkSessionFlash(response, 'Created repository group %s' % group_name)

        # edit form

        response = self.app.get(base.url('edit_repo_group', group_name=group_name))

        response.mustcontain('>lala<')

        # edit with form error

        response = self.app.post(base.url('update_repos_group', group_name=group_name),

                                         {'group_name': group_name,

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        response.mustcontain('name="group_name" type="text" value="%s"' % group_name)

        response.mustcontain('<!-- for: group_description -->')

        # edit

        response = self.app.post(base.url('update_repos_group', group_name=group_name),

                                         {'group_name': group_name,

                                         'group_description': 'lolo',

                                          '_session_csrf_secret_token': self.session_csrf_secret_token()})

        self.checkSessionFlash(response, 'Updated repository group %s' % group_name)

        response = response.follow()

        response.mustcontain('name="group_name" type="text" value="%s"' % group_name)

        response.mustcontain(no='<!-- for: group_description -->')

        response.mustcontain('>lolo<')

        # listing

        response = self.app.get(base.url('repos_groups'))

        response.mustcontain('raw_name": "%s"' % group_name)

        # show

        response = self.app.get(base.url('repos_group', group_name=group_name))

        response.mustcontain('href="/_admin/repo_groups/%s/edit"' % group_name)

        # show ignores extra trailing slashes in the URL

        response = self.app.get(base.url('repos_group', group_name='%s//' % group_name))

        response.mustcontain('href="/_admin/repo_groups/%s/edit"' % group_name)

        # delete

        response = self.app.post(base.url('delete_repo_group', group_name=group_name),

                                 {'_session_csrf_secret_token': self.session_csrf_secret_token()})

        self.checkSessionFlash(response, 'Removed repository group %s' % group_name)

    def test_new_by_regular_user(self):

        self.log_user(base.TEST_USER_REGULAR_LOGIN, base.TEST_USER_REGULAR_PASS)

        response = self.app.get(base.url('new_repos_group'), status=403)

    def test_case_insensitivity(self):

        self.log_user()

        group_name = 'newgroup'

        response = self.app.post(base.url('repos_groups'),

                                 fixture._get_repo_group_create_params(group_name=group_name,

                                                                 _session_csrf_secret_token=self.session_csrf_secret_token()))

        # try to create repo group with swapped case

        swapped_group_name = group_name.swapcase()

        response = self.app.post(base.url('repos_groups'),

                                 fixture._get_repo_group_create_params(group_name=swapped_group_name,

                                                                 _session_csrf_secret_token=self.session_csrf_secret_token()))

        response.mustcontain('already exists')

        RepoGroupModel().delete(group_name)

        meta.Session().commit()

    def test_subgroup_deletion(self):

        self.log_user()

        parent = None