new_perm_val = PERM_WEIGHTS[new_perm]

    cur_perm_val = PERM_WEIGHTS[cur_perm]

    if new_perm_val > cur_perm_val:

        permissions[key] = new_perm

def get_user_permissions(user_id, user_is_admin):

    repository_group_permissions = {}

    user_group_permissions = {}

    #======================================================================

    # fetch default permissions

    #======================================================================

    default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)

    default_user_group_perms = Permission.get_default_user_group_perms(kallithea.DEFAULT_USER_ID)

    if user_is_admin:

        #==================================================================

        # admin users have all rights;

        # based on default permissions, just set everything to admin

        #==================================================================

        # repository groups

        for perm in default_repo_groups_perms:

            rg_k = perm.group.group_name

            p = 'group.admin'

            repository_group_permissions[rg_k] = p

        # user groups

        for perm in default_user_group_perms:

            u_k = perm.user_group.users_group_name

            p = 'usergroup.admin'

            user_group_permissions[u_k] = p

    #==================================================================

    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

    #==================================================================

    # defaults for repository groups taken from default user permission

    # on given group

    for perm in default_repo_groups_perms:

        rg_k = perm.group.group_name

        p = perm.permission.permission_name

        repository_group_permissions[rg_k] = p

    for perm in default_user_group_perms:

        u_k = perm.user_group.users_group_name

        p = perm.permission.permission_name

        user_group_permissions[u_k] = p

    #======================================================================

    # !! PERMISSIONS FOR REPOSITORY GROUPS !!

    #======================================================================

    #======================================================================

    # check if user is part of user groups for this repository groups and

    # fill in his permission from it.

    #======================================================================

    user_user_groups_perms = Permission.get_default_user_group_perms(user_id)

    for perm in user_user_groups_perms:

        bump_permission(user_group_permissions,

            perm.user_group.users_group_name,

            perm.permission.permission_name)

class AuthUser(object):

    """

    Represents a Kallithea user, including various authentication and

    authorization information. Typically used to store the current user,

                assert k not in ['api_keys', 'permissions']

                setattr(self, k, v)

            self.is_default_user = dbuser.is_default_user

        log.debug('Auth User is now %s', self)

        log.debug('Getting PERMISSION tree for %s', self)

        )= get_user_permissions(self.user_id, self.is_admin)

    @LazyProperty

    def global_permissions(self):

        log.debug('Getting global permissions for %s', self)

        for perm in sorted(global_permissions, key=lambda n: PERM_WEIGHTS.get(n, -1)):

            kind = perm.rsplit('.', 1)[0]

            kind_max_perm[kind] = perm

        return set(kind_max_perm.values())

    @LazyProperty

    def permissions(self):

        """dict with all 4 kind of permissions - mainly for backwards compatibility"""

        return {

            'global': self.global_permissions,

            'repositories': self.repository_permissions,

            'repositories_groups': self.repository_group_permissions,