# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.permissions

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

permissions controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 27, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from tg import request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound

from kallithea.config.routing import url

from kallithea.lib import helpers as h

from kallithea.lib.auth import AuthUser, HasPermissionAnyDecorator, LoginRequired

from kallithea.lib.base import BaseController, render

from kallithea.model.db import User, UserIpMap

from kallithea.model.forms import DefaultPermissionsForm

from kallithea.model.meta import Session

from kallithea.model.permission import PermissionModel

log = logging.getLogger(__name__)

class PermissionsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('permission', 'permissions')

    @LoginRequired()

    @HasPermissionAnyDecorator('hg.admin')

    def _before(self, *args, **kwargs):

        super(PermissionsController, self)._before(*args, **kwargs)

    def __load_data(self):

        c.repo_perms_choices = [('repository.none', _('None'),),

                                   ('repository.read', _('Read'),),

                                   ('repository.write', _('Write'),),

                                   ('repository.admin', _('Admin'),)]

        c.group_perms_choices = [('group.none', _('None'),),

                                 ('group.read', _('Read'),),

                                 ('group.write', _('Write'),),

                                 ('group.admin', _('Admin'),)]

        c.user_group_perms_choices = [('usergroup.none', _('None'),),

                                      ('usergroup.read', _('Read'),),

                                      ('usergroup.write', _('Write'),),

                                      ('usergroup.admin', _('Admin'),)]

        c.register_choices = [

            ('hg.register.none',

                _('Disabled')),

            ('hg.register.manual_activate',

                _('Allowed with manual account activation')),

            ('hg.register.auto_activate',

                _('Allowed with automatic account activation')), ]

        c.extern_activate_choices = [

            ('hg.extern_activate.manual', _('Manual activation of external account')),

            ('hg.extern_activate.auto', _('Automatic activation of external account')),

        ]

        c.repo_create_choices = [('hg.create.none', _('Disabled')),

                                 ('hg.create.repository', _('Enabled'))]

        c.repo_create_on_write_choices = [

            ('hg.create.write_on_repogroup.true', _('Enabled')),

            ('hg.create.write_on_repogroup.false', _('Disabled')),

        ]

        c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),

                                       ('hg.usergroup.create.true', _('Enabled'))]

        c.fork_choices = [('hg.fork.none', _('Disabled')),

                          ('hg.fork.repository', _('Enabled'))]

    def permission_globals(self):

        c.active = 'globals'

        self.__load_data()

        if request.POST:

            _form = DefaultPermissionsForm(

                [x[0] for x in c.repo_perms_choices],

                [x[0] for x in c.group_perms_choices],

                [x[0] for x in c.user_group_perms_choices],

                [x[0] for x in c.repo_create_choices],

                [x[0] for x in c.repo_create_on_write_choices],

                [x[0] for x in c.repo_group_create_choices],

                [x[0] for x in c.user_group_create_choices],

                [x[0] for x in c.fork_choices],

                [x[0] for x in c.register_choices],

                [x[0] for x in c.extern_activate_choices])()

            try:

                form_result = _form.to_python(dict(request.POST))

                form_result.update({'perm_user_name': 'default'})

                PermissionModel().update(form_result)

                Session().commit()

                h.flash(_('Global permissions updated successfully'),

                        category='success')

            except formencode.Invalid as errors:

                defaults = errors.value

                return htmlfill.render(

                    render('admin/permissions/permissions.html'),

                    defaults=defaults,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except Exception:

                log.error(traceback.format_exc())

                h.flash(_('Error occurred during update of permissions'),

                        category='error')

            raise HTTPFound(location=url('admin_permissions'))

        c.user = User.get_default_user()

        defaults = {'anonymous': c.user.active}

        for p in c.user.user_perms:

            if p.permission.permission_name.startswith('repository.'):

                defaults['default_repo_perm'] = p.permission.permission_name

            if p.permission.permission_name.startswith('group.'):

                defaults['default_group_perm'] = p.permission.permission_name

            if p.permission.permission_name.startswith('usergroup.'):

                defaults['default_user_group_perm'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.create.write_on_repogroup.'):

                defaults['create_on_write'] = p.permission.permission_name

            elif p.permission.permission_name.startswith('hg.create.'):

                defaults['default_repo_create'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.usergroup.'):

                defaults['default_user_group_create'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.register.'):

                defaults['default_register'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.extern_activate.'):

                defaults['default_extern_activate'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.fork.'):

                defaults['default_fork'] = p.permission.permission_name

        return htmlfill.render(

            render('admin/permissions/permissions.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def permission_ips(self):

        c.active = 'ips'

        c.user = User.get_default_user()

        c.user_ip_map = UserIpMap.query() \

                        .filter(UserIpMap.user == c.user).all()

        return render('admin/permissions/permissions.html')

    def permission_perms(self):

        c.active = 'perms'

        c.user = User.get_default_user()

        c.perm_user = AuthUser(dbuser=c.user)

        return render('admin/permissions/permissions.html')

    __table_args__ = (

        _table_args_default_dict,

    )

    SEP = ' » '

    group_id = Column(Integer(), primary_key=True)

    group_name = Column(Unicode(255), nullable=False, unique=True) # full path

    parent_group_id = Column('group_parent_id', Integer(), ForeignKey('groups.group_id'), nullable=True)

    group_description = Column(Unicode(10000), nullable=False)

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    owner = relationship('User')

    @classmethod

    def query(cls, sorted=False):

        """Add RepoGroup-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(RepoGroup, cls).query()

        if sorted:

            q = q.order_by(sqlalchemy.func.lower(RepoGroup.group_name))

        return q

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __repr__(self):

        return "<%s %s: %s>" % (self.__class__.__name__,

                                self.group_id, self.group_name)

    @classmethod

    def _generate_choice(cls, repo_group):

        """Return tuple with group_id and name as html literal"""

        from webhelpers2.html import literal

        if repo_group is None:

            return (-1, '-- %s --' % _('top level'))

        return repo_group.group_id, literal(cls.SEP.join(repo_group.full_path_splitted))

    @classmethod

    def groups_choices(cls, groups):

        """Return tuples with group_id and name as html literal."""

        return sorted((cls._generate_choice(g) for g in groups),

                      key=lambda c: c[1].split(cls.SEP))

    @classmethod

    def guess_instance(cls, value):

        return super(RepoGroup, cls).guess_instance(value, RepoGroup.get_by_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, case_insensitive=False):

        group_name = group_name.rstrip('/')

        if case_insensitive:

            gr = cls.query() \

                .filter(sqlalchemy.func.lower(cls.group_name) == sqlalchemy.func.lower(group_name))

        else:

            gr = cls.query() \

                .filter(cls.group_name == group_name)

        return gr.scalar()

    @property

    def parents(self):

        groups = []

        group = self.parent_group

        while group is not None:

            groups.append(group)

            group = group.parent_group

            assert group not in groups, group # avoid recursion on bad db content

        groups.reverse()

        return groups

    @property

    def children(self):

        return RepoGroup.query().filter(RepoGroup.parent_group == self)

    @property

    def name(self):

        return self.group_name.split(URL_SEP)[-1]

    @property

    def full_path(self):

        return self.group_name

    @property

    def full_path_splitted(self):

        return self.group_name.split(URL_SEP)

    @property

    def repositories(self):

        return Repository.query(sorted=True).filter_by(group=self)

    @property

    def repositories_recursive_count(self):

        cnt = self.repositories.count()

        def children_count(group):

            cnt = 0

            for child in group.children:

                cnt += child.repositories.count()

                cnt += children_count(child)

            return cnt

        return cnt + children_count(self)

    def _recursive_objects(self, include_repos=True):

        all_ = []

        def _get_members(root_gr):

            if include_repos:

                for r in root_gr.repositories:

                    all_.append(r)

            childs = root_gr.children.all()

            if childs:

                for gr in childs:

                    all_.append(gr)

                    _get_members(gr)

        _get_members(self)

        return [self] + all_

    def recursive_groups_and_repos(self):

        """

        Recursive return all groups, with repositories in those groups

        """

        return self._recursive_objects()

    def recursive_groups(self):

        """

        Returns all children groups for this group including children of children

        """

        return self._recursive_objects(include_repos=False)

    def get_new_name(self, group_name):

        """

        returns new full group name based on parent and new name

        :param group_name:

        """

        path_prefix = (self.parent_group.full_path_splitted if

                       self.parent_group else [])

        return URL_SEP.join(path_prefix + [group_name])

    def get_api_data(self):

        """

        Common function for generating api data

        """

        group = self

        data = dict(

            group_id=group.group_id,

            group_name=group.group_name,

            group_description=group.group_description,

            parent_group=group.parent_group.group_name if group.parent_group else None,

            repositories=[x.repo_name for x in group.repositories],

            owner=group.owner.username

        )

        return data

class Permission(Base, BaseDbModel):

    __tablename__ = 'permissions'

    __table_args__ = (

        Index('p_perm_name_idx', 'permission_name'),

        _table_args_default_dict,

    )

    PERMS = (

        ('hg.admin', _('Kallithea Administrator')),

        ('repository.none', _('Default user has no access to new repositories')),

        ('repository.read', _('Default user has read access to new repositories')),

        ('repository.write', _('Default user has write access to new repositories')),

        ('repository.admin', _('Default user has admin access to new repositories')),

        ('group.none', _('Default user has no access to new repository groups')),

        ('group.read', _('Default user has read access to new repository groups')),

        ('group.write', _('Default user has write access to new repository groups')),

        ('group.admin', _('Default user has admin access to new repository groups')),

        ('usergroup.none', _('Default user has no access to new user groups')),

        ('usergroup.read', _('Default user has read access to new user groups')),

        ('usergroup.write', _('Default user has write access to new user groups')),

        ('usergroup.admin', _('Default user has admin access to new user groups')),

        ('hg.usergroup.create.false', _('Only admins can create user groups')),

        ('hg.usergroup.create.true', _('Non-admins can create user groups')),

        ('hg.create.none', _('Only admins can create top level repositories')),

        ('hg.create.repository', _('Non-admins can create top level repositories')),

        ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),

        ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),

        ('hg.fork.none', _('Only admins can fork repositories')),

        ('hg.fork.repository', _('Non-admins can fork repositories')),

        ('hg.register.none', _('Registration disabled')),

        ('hg.register.manual_activate', _('User registration with manual account activation')),

        ('hg.register.auto_activate', _('User registration with automatic account activation')),

        ('hg.extern_activate.manual', _('Manual activation of external account')),

        ('hg.extern_activate.auto', _('Automatic activation of external account')),

    )

    # definition of system default permissions for DEFAULT user

    DEFAULT_USER_PERMISSIONS = (

        'repository.read',

        'group.read',

        'usergroup.read',

        'hg.create.repository',

        'hg.create.write_on_repogroup.true',

        'hg.fork.repository',

        'hg.register.manual_activate',

        'hg.extern_activate.auto',

    )

    # defines which permissions are more important higher the more important

    # Weight defines which permissions are more important.

    # The higher number the more important.

    PERM_WEIGHTS = {

        'repository.none': 0,

        'repository.read': 1,

        'repository.write': 3,

        'repository.admin': 4,

        'group.none': 0,

        'group.read': 1,

        'group.write': 3,

        'group.admin': 4,

        'usergroup.none': 0,

        'usergroup.read': 1,

        'usergroup.write': 3,

        'usergroup.admin': 4,

        'hg.usergroup.create.false': 0,

        'hg.usergroup.create.true': 1,

        'hg.fork.none': 0,

        'hg.fork.repository': 1,

        'hg.create.none': 0,

        'hg.create.repository': 1,

        'hg.create.write_on_repogroup.false': 0,

        'hg.create.write_on_repogroup.true': 1,

        'hg.register.none': 0,

        'hg.register.manual_activate': 1,

        'hg.register.auto_activate': 2,

        'hg.extern_activate.manual': 0,

        'hg.extern_activate.auto': 1,

    }

    permission_id = Column(Integer(), primary_key=True)

    permission_name = Column(String(255), nullable=False)

    def __repr__(self):

        return "<%s %s: %r>" % (

            self.__class__.__name__, self.permission_id, self.permission_name

        )

    @classmethod

    def guess_instance(cls, value):

        return super(Permission, cls).guess_instance(value, Permission.get_by_key)

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.permission_name == key).scalar()

    @classmethod

    def get_default_perms(cls, default_user_id):

        q = Session().query(UserRepoToPerm) \

         .options(joinedload(UserRepoToPerm.repository)) \

         .options(joinedload(UserRepoToPerm.permission)) \

         .filter(UserRepoToPerm.user_id == default_user_id)

        return q.all()

    @classmethod

    def get_default_group_perms(cls, default_user_id):

        q = Session().query(UserRepoGroupToPerm) \

         .options(joinedload(UserRepoGroupToPerm.group)) \

         .options(joinedload(UserRepoGroupToPerm.permission)) \

         .filter(UserRepoGroupToPerm.user_id == default_user_id)

        return q.all()

    @classmethod

    def get_default_user_group_perms(cls, default_user_id):

        q = Session().query(UserUserGroupToPerm) \

         .options(joinedload(UserUserGroupToPerm.user_group)) \

         .options(joinedload(UserUserGroupToPerm.permission)) \

         .filter(UserUserGroupToPerm.user_id == default_user_id)

        return q.all()

class UserRepoToPerm(Base, BaseDbModel):

    __tablename__ = 'repo_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'repository_id', 'permission_id'),

        _table_args_default_dict,

    )

    repo_to_perm_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

    user = relationship('User')

    repository = relationship('Repository')

    permission = relationship('Permission')

    @classmethod

    def create(cls, user, repository, permission):

        n = cls()

        n.user = user

        n.repository = repository

        n.permission = permission

        Session().add(n)

        return n

    def __repr__(self):

        return '<%s %s at %s: %s>' % (

            self.__class__.__name__, self.user, self.repository, self.permission)

class UserUserGroupToPerm(Base, BaseDbModel):

    __tablename__ = 'user_user_group_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'user_group_id', 'permission_id'),

        _table_args_default_dict,

    )

    user_user_group_to_perm_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    user = relationship('User')

    user_group = relationship('UserGroup')

    permission = relationship('Permission')

    @classmethod

    def create(cls, user, user_group, permission):

        n = cls()

        n.user = user

        n.user_group = user_group

        n.permission = permission

        Session().add(n)

        return n

    def __repr__(self):

        return '<%s %s at %s: %s>' % (

            self.__class__.__name__, self.user, self.user_group, self.permission)

class UserToPerm(Base, BaseDbModel):

    __tablename__ = 'user_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'permission_id'),

        _table_args_default_dict,

    )

    user_to_perm_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    user = relationship('User')

    permission = relationship('Permission')

    def __repr__(self):

        return '<%s %s: %s>' % (

            self.__class__.__name__, self.user, self.permission)

class UserGroupRepoToPerm(Base, BaseDbModel):

    __tablename__ = 'users_group_repo_to_perm'

    __table_args__ = (

        UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),

        _table_args_default_dict,

    )

    users_group_to_perm_id = Column(Integer(), primary_key=True)

    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

    users_group = relationship('UserGroup')

    permission = relationship('Permission')

    repository = relationship('Repository')

    @classmethod

    def create(cls, users_group, repository, permission):

        n = cls()

        n.users_group = users_group

        n.repository = repository

        n.permission = permission

        Session().add(n)

        return n

    def __repr__(self):

        return '<%s %s at %s: %s>' % (

            self.__class__.__name__, self.users_group, self.repository, self.permission)

class UserGroupUserGroupToPerm(Base, BaseDbModel):

    __tablename__ = 'user_group_user_group_to_perm'

    __table_args__ = (

        UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),

        _table_args_default_dict,

    )

    user_group_user_group_to_perm_id = Column(Integer(), primary_key=True)

    target_user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')

    user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')

    permission = relationship('Permission')

    @classmethod

    def create(cls, target_user_group, user_group, permission):

        n = cls()

def PasswordResetConfirmationForm():

    class _PasswordResetConfirmationForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = v.UnicodeString(strip=True, not_empty=True)

        timestamp = v.Number(strip=True, not_empty=True)

        token = v.UnicodeString(strip=True, not_empty=True)

        password = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))

        password_confirm = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))

        chained_validators = [v.ValidPasswordsMatch('password',

                                                    'password_confirm')]

    return _PasswordResetConfirmationForm

def RepoForm(edit=False, old_data=None, supported_backends=BACKENDS,

             repo_groups=None, landing_revs=None):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    landing_revs = landing_revs or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(old_data),

                         v.OneOf(repo_group_ids, hideList=True),

                         v.Int(min=-1, not_empty=True))

        repo_type = v.OneOf(supported_backends, required=False,

                            if_missing=old_data.get('repo_type'))

        repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)

        repo_private = v.StringBoolean(if_missing=False)

        repo_landing_rev = v.OneOf(landing_revs, hideList=True)

        repo_copy_permissions = v.StringBoolean(if_missing=False)

        clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))

        repo_enable_statistics = v.StringBoolean(if_missing=False)

        repo_enable_downloads = v.StringBoolean(if_missing=False)

        if edit:

            owner = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())

            # Not a real field - just for reference for validation:

            # clone_uri_hidden = v.UnicodeString(if_missing='')

        chained_validators = [v.ValidCloneUri(),

                              v.ValidRepoName(edit, old_data)]

    return _RepoForm

def RepoPermsForm():

    class _RepoPermsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        chained_validators = [v.ValidPerms(type_='repo')]

    return _RepoPermsForm

def RepoGroupPermsForm(valid_recursive_choices):

    class _RepoGroupPermsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        recursive = v.OneOf(valid_recursive_choices)

        chained_validators = [v.ValidPerms(type_='repo_group')]

    return _RepoGroupPermsForm

def UserGroupPermsForm():

    class _UserPermsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        chained_validators = [v.ValidPerms(type_='user_group')]

    return _UserPermsForm

def RepoFieldForm():

    class _RepoFieldForm(formencode.Schema):

        filter_extra_fields = True

        allow_extra_fields = True

        new_field_key = All(v.FieldKey(),

                            v.UnicodeString(strip=True, min=3, not_empty=True))

        new_field_value = v.UnicodeString(not_empty=False, if_missing='')

        new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],

                                 if_missing='str')

        new_field_label = v.UnicodeString(not_empty=False)

        new_field_desc = v.UnicodeString(not_empty=False)

    return _RepoFieldForm

def RepoForkForm(edit=False, old_data=None, supported_backends=BACKENDS,

                 repo_groups=None, landing_revs=None):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    landing_revs = landing_revs or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(),

                         v.OneOf(repo_group_ids, hideList=True),

                         v.Int(min=-1, not_empty=True))

        repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))

        description = v.UnicodeString(strip=True, min=1, not_empty=True)

        private = v.StringBoolean(if_missing=False)

        copy_permissions = v.StringBoolean(if_missing=False)

        update_after_clone = v.StringBoolean(if_missing=False)

        fork_parent_id = v.UnicodeString()

        chained_validators = [v.ValidForkName(edit, old_data)]

        landing_rev = v.OneOf(landing_revs, hideList=True)

    return _RepoForkForm

def ApplicationSettingsForm():

    class _ApplicationSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        title = v.UnicodeString(strip=True, not_empty=False)

        realm = v.UnicodeString(strip=True, min=1, not_empty=True)

        ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)

        captcha_public_key = v.UnicodeString(strip=True, min=1, not_empty=False)

        captcha_private_key = v.UnicodeString(strip=True, min=1, not_empty=False)

    return _ApplicationSettingsForm

def ApplicationVisualisationForm():

    class _ApplicationVisualisationForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        show_public_icon = v.StringBoolean(if_missing=False)

        show_private_icon = v.StringBoolean(if_missing=False)

        stylify_metalabels = v.StringBoolean(if_missing=False)

        repository_fields = v.StringBoolean(if_missing=False)

        lightweight_journal = v.StringBoolean(if_missing=False)

        dashboard_items = v.Int(min=5, not_empty=True)

        admin_grid_items = v.Int(min=5, not_empty=True)

        show_version = v.StringBoolean(if_missing=False)

        use_gravatar = v.StringBoolean(if_missing=False)

        gravatar_url = v.UnicodeString(min=3)

        clone_uri_tmpl = v.UnicodeString(min=3)

        clone_ssh_tmpl = v.UnicodeString()

    return _ApplicationVisualisationForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        paths_root_path = All(

            v.ValidPath(),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        hooks_changegroup_update = v.StringBoolean(if_missing=False)

        hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)

        extensions_largefiles = v.StringBoolean(if_missing=False)

        extensions_hgsubversion = v.StringBoolean(if_missing=False)

        extensions_hggit = v.StringBoolean(if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

                           user_group_perms_choices, create_choices,

                           create_on_write_choices, repo_group_create_choices,

                           user_group_create_choices, fork_choices,

                           register_choices, extern_activate_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default_repo = v.StringBoolean(if_missing=False)

        overwrite_default_group = v.StringBoolean(if_missing=False)

        overwrite_default_user_group = v.StringBoolean(if_missing=False)

        anonymous = v.StringBoolean(if_missing=False)

        default_repo_perm = v.OneOf(repo_perms_choices)

        default_group_perm = v.OneOf(group_perms_choices)

        default_user_group_perm = v.OneOf(user_group_perms_choices)

        default_repo_create = v.OneOf(create_choices)

        create_on_write = v.OneOf(create_on_write_choices)

        default_user_group_create = v.OneOf(user_group_create_choices)

        default_fork = v.OneOf(fork_choices)

        default_register = v.OneOf(register_choices)

        default_extern_activate = v.OneOf(extern_activate_choices)

    return _DefaultPermissionsForm

def CustomDefaultPermissionsForm():

    class _CustomDefaultPermissionsForm(formencode.Schema):

        filter_extra_fields = True

        allow_extra_fields = True

        create_repo_perm = v.StringBoolean(if_missing=False)

        create_user_group_perm = v.StringBoolean(if_missing=False)

        #create_repo_group_perm Impl. later

        fork_repo_perm = v.StringBoolean(if_missing=False)

    return _CustomDefaultPermissionsForm

def DefaultsForm(edit=False, old_data=None, supported_backends=BACKENDS):

    class _DefaultsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        default_repo_type = v.OneOf(supported_backends)

        default_repo_private = v.StringBoolean(if_missing=False)

        default_repo_enable_statistics = v.StringBoolean(if_missing=False)

        default_repo_enable_downloads = v.StringBoolean(if_missing=False)

    return _DefaultsForm

def AuthSettingsForm(current_active_modules):