u/pc/rhodecode-enterprise-ce-fork-pc Commit - r2828:c4ab4c37

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

import logging

21

import logging

22

23

import peppercorn

23

import peppercorn

24

import formencode

24

import formencode

25

import formencode.htmlfill

25

import formencode.htmlfill

26

from pyramid.httpexceptions import HTTPFound

26

from pyramid.httpexceptions import HTTPFound

27

from pyramid.view import view_config

27

from pyramid.view import view_config

28

from pyramid.response import Response

28

from pyramid.response import Response

29

from pyramid.renderers import render

29

from pyramid.renderers import render

30

31

from rhodecode.lib.exceptions import (

31

from rhodecode.lib.exceptions import (

32

RepoGroupAssignmentError, UserGroupAssignedException)

32

RepoGroupAssignmentError, UserGroupAssignedException)

33

from rhodecode.model.forms import (

33

from rhodecode.model.forms import (

34

UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,

34

UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,

35

UserPermissionsForm)

35

UserPermissionsForm)

36

from rhodecode.model.permission import PermissionModel

36

from rhodecode.model.permission import PermissionModel

37

38

from rhodecode.apps._base import UserGroupAppView

38

from rhodecode.apps._base import UserGroupAppView

39

from rhodecode.lib.auth import (

39

from rhodecode.lib.auth import (

40

LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)

40

LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)

41

from rhodecode.lib import helpers as h, audit_logger

41

from rhodecode.lib import helpers as h, audit_logger

42

from rhodecode.lib.utils2 import str2bool

42

from rhodecode.lib.utils2 import str2bool

43

from rhodecode.model.db import User

43

from rhodecode.model.db import User

44

from rhodecode.model.meta import Session

44

from rhodecode.model.meta import Session

45

from rhodecode.model.user_group import UserGroupModel

45

from rhodecode.model.user_group import UserGroupModel

46

47

log = logging.getLogger(__name__)

47

log = logging.getLogger(__name__)

48

49

50

class UserGroupsView(UserGroupAppView):

50

class UserGroupsView(UserGroupAppView):

51

52

def load_default_context(self):

52

def load_default_context(self):

53

c = self._get_local_tmpl_context()

53

c = self._get_local_tmpl_context()

54

55

PermissionModel().set_global_permission_choices(

55

PermissionModel().set_global_permission_choices(

56

c, gettext_translator=self.request.translate)

56

c, gettext_translator=self.request.translate)

57

58

return c

58

return c

59

60

@LoginRequired()

60

@LoginRequired()

61

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

61

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

62

@view_config(

62

@view_config(

63

route_name='user_group_members_data', request_method='GET',

63

route_name='user_group_members_data', request_method='GET',

64

renderer='json_ext', xhr=True)

64

renderer='json_ext', xhr=True)

65

def user_group_members(self):

65

def user_group_members(self):

66

"""

66

"""

67

Return members of given user group

67

Return members of given user group

68

"""

68

"""

69

self.load_default_context()

69

self.load_default_context()

70

user_group = self.db_user_group

70

user_group = self.db_user_group

71

group_members_obj = sorted((x.user for x in user_group.members),

71

group_members_obj = sorted((x.user for x in user_group.members),

72

key=lambda u: u.username.lower())

72

key=lambda u: u.username.lower())

73

74

group_members = [

74

group_members = [

75

{

75

{

76

'id': user.user_id,

76

'id': user.user_id,

77

'first_name': user.first_name,

77

'first_name': user.first_name,

78

'last_name': user.last_name,

78

'last_name': user.last_name,

79

'username': user.username,

79

'username': user.username,

80

'icon_link': h.gravatar_url(user.email, 30),

80

'icon_link': h.gravatar_url(user.email, 30),

81

'value_display': h.person(user.email),

81

'value_display': h.person(user.email),

82

'value': user.username,

82

'value': user.username,

83

'value_type': 'user',

83

'value_type': 'user',

84

'active': user.active,

84

'active': user.active,

85

}

85

}

86

for user in group_members_obj

86

for user in group_members_obj

87

]

87

]

88

89

return {

89

return {

90

'members': group_members

90

'members': group_members

91

}

91

}

92

93

@LoginRequired()

93

@LoginRequired()

94

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

94

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

95

@view_config(

95

@view_config(

96

route_name='edit_user_group_perms_summary', request_method='GET',

96

route_name='edit_user_group_perms_summary', request_method='GET',

97

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

97

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

98

def user_group_perms_summary(self):

98

def user_group_perms_summary(self):

99

c = self.load_default_context()

99

c = self.load_default_context()

100

c.user_group = self.db_user_group

100

c.user_group = self.db_user_group

101

c.active = 'perms_summary'

101

c.active = 'perms_summary'

102

c.permissions = UserGroupModel().get_perms_summary(

102

c.permissions = UserGroupModel().get_perms_summary(

103

c.user_group.users_group_id)

103

c.user_group.users_group_id)

104

return self._get_template_context(c)

104

return self._get_template_context(c)

105

106

@LoginRequired()

106

@LoginRequired()

107

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

107

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

108

@view_config(

108

@view_config(

109

route_name='edit_user_group_perms_summary_json', request_method='GET',

109

route_name='edit_user_group_perms_summary_json', request_method='GET',

110

renderer='json_ext')

110

renderer='json_ext')

111

def user_group_perms_summary_json(self):

111

def user_group_perms_summary_json(self):

112

self.load_default_context()

112

self.load_default_context()

113

user_group = self.db_user_group

113

user_group = self.db_user_group

114

return UserGroupModel().get_perms_summary(user_group.users_group_id)

114

return UserGroupModel().get_perms_summary(user_group.users_group_id)

115

116

def _revoke_perms_on_yourself(self, form_result):

116

def _revoke_perms_on_yourself(self, form_result):

117

_updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),

117

_updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),

118

form_result['perm_updates'])

118

form_result['perm_updates'])

119

_additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),

119

_additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),

120

form_result['perm_additions'])

120

form_result['perm_additions'])

121

_deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),

121

_deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),

122

form_result['perm_deletions'])

122

form_result['perm_deletions'])

123

admin_perm = 'usergroup.admin'

123

admin_perm = 'usergroup.admin'

124

if _updates and _updates[0][1] != admin_perm or \

124

if _updates and _updates[0][1] != admin_perm or \

125

_additions and _additions[0][1] != admin_perm or \

125

_additions and _additions[0][1] != admin_perm or \

126

_deletions and _deletions[0][1] != admin_perm:

126

_deletions and _deletions[0][1] != admin_perm:

127

return True

127

return True

128

return False

128

return False

129

130

@LoginRequired()

130

@LoginRequired()

131

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

131

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

132

@CSRFRequired()

132

@CSRFRequired()

133

@view_config(

133

@view_config(

134

route_name='user_groups_update', request_method='POST',

134

route_name='user_groups_update', request_method='POST',

135

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

135

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

136

def user_group_update(self):

136

def user_group_update(self):

137

_ = self.request.translate

137

_ = self.request.translate

138

139

user_group = self.db_user_group

139

user_group = self.db_user_group

140

user_group_id = user_group.users_group_id

140

user_group_id = user_group.users_group_id

141

142

c = self.load_default_context()

142

c = self.load_default_context()

143

c.user_group = user_group

143

c.user_group = user_group

144

c.group_members_obj = [x.user for x in c.user_group.members]

144

c.group_members_obj = [x.user for x in c.user_group.members]

145

c.group_members_obj.sort(key=lambda u: u.username.lower())

145

c.group_members_obj.sort(key=lambda u: u.username.lower())

146

c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]

146

c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]

147

c.active = 'settings'

147

c.active = 'settings'

148

149

users_group_form = UserGroupForm(

149

users_group_form = UserGroupForm(

150

self.request.translate, edit=True,

150

self.request.translate, edit=True,

151

old_data=c.user_group.get_dict(), allow_disabled=True)()

151

old_data=c.user_group.get_dict(), allow_disabled=True)()

152

153

old_values = c.user_group.get_api_data()

153

old_values = c.user_group.get_api_data()

154

user_group_name = self.request.POST.get('users_group_name')

154

user_group_name = self.request.POST.get('users_group_name')

155

try:

155

try:

156

form_result = users_group_form.to_python(self.request.POST)

156

form_result = users_group_form.to_python(self.request.POST)

157

pstruct = peppercorn.parse(self.request.POST.items())

157

pstruct = peppercorn.parse(self.request.POST.items())

158

form_result['users_group_members'] = pstruct['user_group_members']

158

form_result['users_group_members'] = pstruct['user_group_members']

159

160

user_group, added_members, removed_members = \

160

user_group, added_members, removed_members = \

161

UserGroupModel().update(c.user_group, form_result)

161

UserGroupModel().update(c.user_group, form_result)

162

updated_user_group = form_result['users_group_name']

162

updated_user_group = form_result['users_group_name']

163

164

for user_id in added_members:

164

for user_id in added_members:

165

user = User.get(user_id)

165

user = User.get(user_id)

166

user_data = user.get_api_data()

166

user_data = user.get_api_data()

167

audit_logger.store_web(

167

audit_logger.store_web(

168

'user_group.edit.member.add',

168

'user_group.edit.member.add',

169

action_data={'user': user_data, 'old_data': old_values},

169

action_data={'user': user_data, 'old_data': old_values},

170

user=self._rhodecode_user)

170

user=self._rhodecode_user)

171

172

for user_id in removed_members:

172

for user_id in removed_members:

173

user = User.get(user_id)

173

user = User.get(user_id)

174

user_data = user.get_api_data()

174

user_data = user.get_api_data()

175

audit_logger.store_web(

175

audit_logger.store_web(

176

'user_group.edit.member.delete',

176

'user_group.edit.member.delete',

177

action_data={'user': user_data, 'old_data': old_values},

177

action_data={'user': user_data, 'old_data': old_values},

178

user=self._rhodecode_user)

178

user=self._rhodecode_user)

179

180

audit_logger.store_web(

180

audit_logger.store_web(

181

'user_group.edit', action_data={'old_data': old_values},

181

'user_group.edit', action_data={'old_data': old_values},

182

user=self._rhodecode_user)

182

user=self._rhodecode_user)

183

184

h.flash(_('Updated user group %s') % updated_user_group,

184

h.flash(_('Updated user group %s') % updated_user_group,

185

category='success')

185

category='success')

186

Session().commit()

186

Session().commit()

187

except formencode.Invalid as errors:

187

except formencode.Invalid as errors:

188

defaults = errors.value

188

defaults = errors.value

189

e = errors.error_dict or {}

189

e = errors.error_dict or {}

190

191

data = render(

191

data = render(

192

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

192

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

193

self._get_template_context(c), self.request)

193

self._get_template_context(c), self.request)

194

html = formencode.htmlfill.render(

194

html = formencode.htmlfill.render(

195

data,

195

data,

196

defaults=defaults,

196

defaults=defaults,

197

errors=e,

197

errors=e,

198

prefix_error=False,

198

prefix_error=False,

199

encoding="UTF-8",

199

encoding="UTF-8",

200

force_defaults=False

200

force_defaults=False

201

)

201

)

202

return Response(html)

202

return Response(html)

203

204

except Exception:

204

except Exception:

205

log.exception("Exception during update of user group")

205

log.exception("Exception during update of user group")

206

h.flash(_('Error occurred during update of user group %s')

206

h.flash(_('Error occurred during update of user group %s')

207

% user_group_name, category='error')

207

% user_group_name, category='error')

208

209

raise HTTPFound(

209

raise HTTPFound(

210

h.route_path('edit_user_group', user_group_id=user_group_id))

210

h.route_path('edit_user_group', user_group_id=user_group_id))

211

212

@LoginRequired()

212

@LoginRequired()

213

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

213

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

214

@CSRFRequired()

214

@CSRFRequired()

215

@view_config(

215

@view_config(

216

route_name='user_groups_delete', request_method='POST',

216

route_name='user_groups_delete', request_method='POST',

217

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

217

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

218

def user_group_delete(self):

218

def user_group_delete(self):

219

_ = self.request.translate

219

_ = self.request.translate

220

user_group = self.db_user_group

220

user_group = self.db_user_group

221

222

self.load_default_context()

222

self.load_default_context()

223

force = str2bool(self.request.POST.get('force'))

223

force = str2bool(self.request.POST.get('force'))

224

225

old_values = user_group.get_api_data()

225

old_values = user_group.get_api_data()

226

try:

226

try:

227

UserGroupModel().delete(user_group, force=force)

227

UserGroupModel().delete(user_group, force=force)

228

audit_logger.store_web(

228

audit_logger.store_web(

229

'user.delete', action_data={'old_data': old_values},

229

'user.delete', action_data={'old_data': old_values},

230

user=self._rhodecode_user)

230

user=self._rhodecode_user)

231

Session().commit()

231

Session().commit()

232

h.flash(_('Successfully deleted user group'), category='success')

232

h.flash(_('Successfully deleted user group'), category='success')

233

except UserGroupAssignedException as e:

233

except UserGroupAssignedException as e:

234

h.flash(str(e), category='error')

234

h.flash(str(e), category='error')

235

except Exception:

235

except Exception:

236

log.exception("Exception during deletion of user group")

236

log.exception("Exception during deletion of user group")

237

h.flash(_('An error occurred during deletion of user group'),

237

h.flash(_('An error occurred during deletion of user group'),

238

category='error')

238

category='error')

239

raise HTTPFound(h.route_path('user_groups'))

239

raise HTTPFound(h.route_path('user_groups'))

240

241

@LoginRequired()

241

@LoginRequired()

242

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

242

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

243

@view_config(

243

@view_config(

244

route_name='edit_user_group', request_method='GET',

244

route_name='edit_user_group', request_method='GET',

245

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

245

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

246

def user_group_edit(self):

246

def user_group_edit(self):

247

user_group = self.db_user_group

247

user_group = self.db_user_group

248

249

c = self.load_default_context()

249

c = self.load_default_context()

250

c.user_group = user_group

250

c.user_group = user_group

251

c.group_members_obj = [x.user for x in c.user_group.members]

251

c.group_members_obj = [x.user for x in c.user_group.members]

252

c.group_members_obj.sort(key=lambda u: u.username.lower())

252

c.group_members_obj.sort(key=lambda u: u.username.lower())

253

c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]

253

c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]

254

255

c.active = 'settings'

255

c.active = 'settings'

256

257

defaults = user_group.get_dict()

257

defaults = user_group.get_dict()

258

# fill owner

258

# fill owner

259

if user_group.user:

259

if user_group.user:

260

defaults.update({'user': user_group.user.username})

260

defaults.update({'user': user_group.user.username})

261

else:

261

else:

262

replacement_user = User.get_first_super_admin().username

262

replacement_user = User.get_first_super_admin().username

263

defaults.update({'user': replacement_user})

263

defaults.update({'user': replacement_user})

264

265

data = render(

265

data = render(

266

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

266

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

267

self._get_template_context(c), self.request)

267

self._get_template_context(c), self.request)

268

html = formencode.htmlfill.render(

268

html = formencode.htmlfill.render(

269

data,

269

data,

270

defaults=defaults,

270

defaults=defaults,

271

encoding="UTF-8",

271

encoding="UTF-8",

272

force_defaults=False

272

force_defaults=False

273

)

273

)

274

return Response(html)

274

return Response(html)

275

276

@LoginRequired()

276

@LoginRequired()

277

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

277

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

278

@view_config(

278

@view_config(

279

route_name='edit_user_group_perms', request_method='GET',

279

route_name='edit_user_group_perms', request_method='GET',

280

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

280

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

281

def user_group_edit_perms(self):

281

def user_group_edit_perms(self):

282

user_group = self.db_user_group

282

user_group = self.db_user_group

283

c = self.load_default_context()

283

c = self.load_default_context()

284

c.user_group = user_group

284

c.user_group = user_group

285

c.active = 'perms'

285

c.active = 'perms'

286

287

defaults = {}

287

defaults = {}

288

# fill user group users

288

# fill user group users

289

for p in c.user_group.user_user_group_to_perm:

289

for p in c.user_group.user_user_group_to_perm:

290

defaults.update({'u_perm_%s' % p.user.user_id:

290

defaults.update({'u_perm_%s' % p.user.user_id:

291

p.permission.permission_name})

291

p.permission.permission_name})

292

293

for p in c.user_group.user_group_user_group_to_perm:

293

for p in c.user_group.user_group_user_group_to_perm:

294

defaults.update({'g_perm_%s' % p.user_group.users_group_id:

294

defaults.update({'g_perm_%s' % p.user_group.users_group_id:

295

p.permission.permission_name})

295

p.permission.permission_name})

296

297

data = render(

297

data = render(

298

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

298

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

299

self._get_template_context(c), self.request)

299

self._get_template_context(c), self.request)

300

html = formencode.htmlfill.render(

300

html = formencode.htmlfill.render(

301

data,

301

data,

302

defaults=defaults,

302

defaults=defaults,

303

encoding="UTF-8",

303

encoding="UTF-8",

304

force_defaults=False

304

force_defaults=False

305

)

305

)

306

return Response(html)

306

return Response(html)

307

308

@LoginRequired()

308

@LoginRequired()

309

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

309

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

310

@CSRFRequired()

310

@CSRFRequired()

311

@view_config(

311

@view_config(

312

route_name='edit_user_group_perms_update', request_method='POST',

312

route_name='edit_user_group_perms_update', request_method='POST',

313

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

313

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

314

def user_group_update_perms(self):

314

def user_group_update_perms(self):

315

"""

315

"""

316

grant permission for given user group

316

grant permission for given user group

317

"""

317

"""

318

_ = self.request.translate

318

_ = self.request.translate

319

320

user_group = self.db_user_group

320

user_group = self.db_user_group

321

user_group_id = user_group.users_group_id

321

user_group_id = user_group.users_group_id

322

c = self.load_default_context()

322

c = self.load_default_context()

323

c.user_group = user_group

323

c.user_group = user_group

324

form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)

324

form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)

325

326

if not self._rhodecode_user.is_admin:

326

if not self._rhodecode_user.is_admin:

327

if self._revoke_perms_on_yourself(form):

327

if self._revoke_perms_on_yourself(form):

328

msg = _('Cannot change permission for yourself as admin')

328

msg = _('Cannot change permission for yourself as admin')

329

h.flash(msg, category='warning')

329

h.flash(msg, category='warning')

330

raise HTTPFound(

330

raise HTTPFound(

331

h.route_path('edit_user_group_perms',

331

h.route_path('edit_user_group_perms',

332

user_group_id=user_group_id))

332

user_group_id=user_group_id))

333

334

try:

334

try:

335

changes = UserGroupModel().update_permissions(

335

changes = UserGroupModel().update_permissions(

336

user_group~~_id~~,

336

user_group,

337

form['perm_additions'], form['perm_updates'],

337

form['perm_additions'], form['perm_updates'],

338

form['perm_deletions'])

338

form['perm_deletions'])

339

340

except RepoGroupAssignmentError:

340

except RepoGroupAssignmentError:

341

h.flash(_('Target group cannot be the same'), category='error')

341

h.flash(_('Target group cannot be the same'), category='error')

342

raise HTTPFound(

342

raise HTTPFound(

343

h.route_path('edit_user_group_perms',

343

h.route_path('edit_user_group_perms',

344

user_group_id=user_group_id))

344

user_group_id=user_group_id))

345

346

action_data = {

346

action_data = {

347

'added': changes['added'],

347

'added': changes['added'],

348

'updated': changes['updated'],

348

'updated': changes['updated'],

349

'deleted': changes['deleted'],

349

'deleted': changes['deleted'],

350

}

350

}

351

audit_logger.store_web(

351

audit_logger.store_web(

352

'user_group.edit.permissions', action_data=action_data,

352

'user_group.edit.permissions', action_data=action_data,

353

user=self._rhodecode_user)

353

user=self._rhodecode_user)

354

355

Session().commit()

355

Session().commit()

356

h.flash(_('User Group permissions updated'), category='success')

356

h.flash(_('User Group permissions updated'), category='success')

357

raise HTTPFound(

357

raise HTTPFound(

358

h.route_path('edit_user_group_perms', user_group_id=user_group_id))

358

h.route_path('edit_user_group_perms', user_group_id=user_group_id))

359

360

@LoginRequired()

360

@LoginRequired()

361

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

361

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

362

@view_config(

362

@view_config(

363

route_name='edit_user_group_global_perms', request_method='GET',

363

route_name='edit_user_group_global_perms', request_method='GET',

364

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

364

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

365

def user_group_global_perms_edit(self):

365

def user_group_global_perms_edit(self):

366

user_group = self.db_user_group

366

user_group = self.db_user_group

367

c = self.load_default_context()

367

c = self.load_default_context()

368

c.user_group = user_group

368

c.user_group = user_group

369

c.active = 'global_perms'

369

c.active = 'global_perms'

370

371

c.default_user = User.get_default_user()

371

c.default_user = User.get_default_user()

372

defaults = c.user_group.get_dict()

372

defaults = c.user_group.get_dict()

373

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

373

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

374

defaults.update(c.user_group.get_default_perms())

374

defaults.update(c.user_group.get_default_perms())

375

376

data = render(

376

data = render(

377

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

377

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

378

self._get_template_context(c), self.request)

378

self._get_template_context(c), self.request)

379

html = formencode.htmlfill.render(

379

html = formencode.htmlfill.render(

380

data,

380

data,

381

defaults=defaults,

381

defaults=defaults,

382

encoding="UTF-8",

382

encoding="UTF-8",

383

force_defaults=False

383

force_defaults=False

384

)

384

)

385

return Response(html)

385

return Response(html)

386

387

@LoginRequired()

387

@LoginRequired()

388

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

388

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

389

@CSRFRequired()

389

@CSRFRequired()

390

@view_config(

390

@view_config(

391

route_name='edit_user_group_global_perms_update', request_method='POST',

391

route_name='edit_user_group_global_perms_update', request_method='POST',

392

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

392

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

393

def user_group_global_perms_update(self):

393

def user_group_global_perms_update(self):

394

_ = self.request.translate

394

_ = self.request.translate

395

user_group = self.db_user_group

395

user_group = self.db_user_group

396

user_group_id = self.db_user_group.users_group_id

396

user_group_id = self.db_user_group.users_group_id

397

398

c = self.load_default_context()

398

c = self.load_default_context()

399

c.user_group = user_group

399

c.user_group = user_group

400

c.active = 'global_perms'

400

c.active = 'global_perms'

401

402

try:

402

try:

403

# first stage that verifies the checkbox

403

# first stage that verifies the checkbox

404

_form = UserIndividualPermissionsForm(self.request.translate)

404

_form = UserIndividualPermissionsForm(self.request.translate)

405

form_result = _form.to_python(dict(self.request.POST))

405

form_result = _form.to_python(dict(self.request.POST))

406

inherit_perms = form_result['inherit_default_permissions']

406

inherit_perms = form_result['inherit_default_permissions']

407

user_group.inherit_default_permissions = inherit_perms

407

user_group.inherit_default_permissions = inherit_perms

408

Session().add(user_group)

408

Session().add(user_group)

409

410

if not inherit_perms:

410

if not inherit_perms:

411

# only update the individual ones if we un check the flag

411

# only update the individual ones if we un check the flag

412

_form = UserPermissionsForm(

412

_form = UserPermissionsForm(

413

self.request.translate,

413

self.request.translate,

414

[x[0] for x in c.repo_create_choices],

414

[x[0] for x in c.repo_create_choices],

415

[x[0] for x in c.repo_create_on_write_choices],

415

[x[0] for x in c.repo_create_on_write_choices],

416

[x[0] for x in c.repo_group_create_choices],

416

[x[0] for x in c.repo_group_create_choices],

417

[x[0] for x in c.user_group_create_choices],

417

[x[0] for x in c.user_group_create_choices],

418

[x[0] for x in c.fork_choices],

418

[x[0] for x in c.fork_choices],

419

[x[0] for x in c.inherit_default_permission_choices])()

419

[x[0] for x in c.inherit_default_permission_choices])()

420

421

form_result = _form.to_python(dict(self.request.POST))

421

form_result = _form.to_python(dict(self.request.POST))

422

form_result.update(

422

form_result.update(

423

{'perm_user_group_id': user_group.users_group_id})

423

{'perm_user_group_id': user_group.users_group_id})

424

425

PermissionModel().update_user_group_permissions(form_result)

425

PermissionModel().update_user_group_permissions(form_result)

426

427

Session().commit()

427

Session().commit()

428

h.flash(_('User Group global permissions updated successfully'),

428

h.flash(_('User Group global permissions updated successfully'),

429

category='success')

429

category='success')

430

431

except formencode.Invalid as errors:

431

except formencode.Invalid as errors:

432

defaults = errors.value

432

defaults = errors.value

433

434

data = render(

434

data = render(

435

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

435

'rhodecode:templates/admin/user_groups/user_group_edit.mako',

436

self._get_template_context(c), self.request)

436

self._get_template_context(c), self.request)

437

html = formencode.htmlfill.render(

437

html = formencode.htmlfill.render(

438

data,

438

data,

439

defaults=defaults,

439

defaults=defaults,

440

errors=errors.error_dict or {},

440

errors=errors.error_dict or {},

441

prefix_error=False,

441

prefix_error=False,

442

encoding="UTF-8",

442

encoding="UTF-8",

443

force_defaults=False

443

force_defaults=False

444

)

444

)

445

return Response(html)

445

return Response(html)

446

except Exception:

446

except Exception:

447

log.exception("Exception during permissions saving")

447

log.exception("Exception during permissions saving")

448

h.flash(_('An error occurred during permissions saving'),

448

h.flash(_('An error occurred during permissions saving'),

449

category='error')

449

category='error')

450

451

raise HTTPFound(

451

raise HTTPFound(

452

h.route_path('edit_user_group_global_perms',

452

h.route_path('edit_user_group_global_perms',

453

user_group_id=user_group_id))

453

user_group_id=user_group_id))

454

455

@LoginRequired()

455

@LoginRequired()

456

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

456

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

457

@view_config(

457

@view_config(

458

route_name='edit_user_group_advanced', request_method='GET',

458

route_name='edit_user_group_advanced', request_method='GET',

459

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

459

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

460

def user_group_edit_advanced(self):

460

def user_group_edit_advanced(self):

461

user_group = self.db_user_group

461

user_group = self.db_user_group

462

463

c = self.load_default_context()

463

c = self.load_default_context()

464

c.user_group = user_group

464

c.user_group = user_group

465

c.active = 'advanced'

465

c.active = 'advanced'

466

c.group_members_obj = sorted(

466

c.group_members_obj = sorted(

467

(x.user for x in c.user_group.members),

467

(x.user for x in c.user_group.members),

468

key=lambda u: u.username.lower())

468

key=lambda u: u.username.lower())

469

470

c.group_to_repos = sorted(

470

c.group_to_repos = sorted(

471

(x.repository for x in c.user_group.users_group_repo_to_perm),

471

(x.repository for x in c.user_group.users_group_repo_to_perm),

472

key=lambda u: u.repo_name.lower())

472

key=lambda u: u.repo_name.lower())

473

474

c.group_to_repo_groups = sorted(

474

c.group_to_repo_groups = sorted(

475

(x.group for x in c.user_group.users_group_repo_group_to_perm),

475

(x.group for x in c.user_group.users_group_repo_group_to_perm),

476

key=lambda u: u.group_name.lower())

476

key=lambda u: u.group_name.lower())

477

478

c.group_to_review_rules = sorted(

478

c.group_to_review_rules = sorted(

479

(x.users_group for x in c.user_group.user_group_review_rules),

479

(x.users_group for x in c.user_group.user_group_review_rules),

480

key=lambda u: u.users_group_name.lower())

480

key=lambda u: u.users_group_name.lower())

481

482

return self._get_template_context(c)

482

return self._get_template_context(c)

483

484

@LoginRequired()

484

@LoginRequired()

485

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

485

@HasUserGroupPermissionAnyDecorator('usergroup.admin')

486

@CSRFRequired()

486

@CSRFRequired()

487

@view_config(

487

@view_config(

488

route_name='edit_user_group_advanced_sync', request_method='POST',

488

route_name='edit_user_group_advanced_sync', request_method='POST',

489

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

489

renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')

490

def user_group_edit_advanced_set_synchronization(self):

490

def user_group_edit_advanced_set_synchronization(self):

491

_ = self.request.translate

491

_ = self.request.translate

492

user_group = self.db_user_group

492

user_group = self.db_user_group

493

user_group_id = user_group.users_group_id

493

user_group_id = user_group.users_group_id

494

495

existing = user_group.group_data.get('extern_type')

495

existing = user_group.group_data.get('extern_type')

496

497

if existing:

497

if existing:

498

new_state = user_group.group_data

498

new_state = user_group.group_data

499

new_state['extern_type'] = None

499

new_state['extern_type'] = None

500

else:

500

else:

501

new_state = user_group.group_data

501

new_state = user_group.group_data

502

new_state['extern_type'] = 'manual'

502

new_state['extern_type'] = 'manual'

503

new_state['extern_type_set_by'] = self._rhodecode_user.username

503

new_state['extern_type_set_by'] = self._rhodecode_user.username

504

505

try:

505

try:

506

user_group.group_data = new_state

506

user_group.group_data = new_state

507

Session().add(user_group)

507

Session().add(user_group)

508

Session().commit()

508

Session().commit()

509

510

h.flash(_('User Group synchronization updated successfully'),

510

h.flash(_('User Group synchronization updated successfully'),

511

category='success')

511

category='success')

512

except Exception:

512

except Exception:

513

log.exception("Exception during sync settings saving")

513

log.exception("Exception during sync settings saving")

514

h.flash(_('An error occurred during synchronization update'),

514

h.flash(_('An error occurred during synchronization update'),

515

category='error')

515

category='error')

516

517

raise HTTPFound(

517

raise HTTPFound(

518

h.route_path('edit_user_group_advanced',

518

h.route_path('edit_user_group_advanced',

519

user_group_id=user_group_id))

519

user_group_id=user_group_id))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import peppercorn
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from pyramid.response import Response
             from pyramid.renderers import render
             from rhodecode.lib.exceptions import (
                 RepoGroupAssignmentError, UserGroupAssignedException)
             from rhodecode.model.forms import (
                 UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,
                 UserPermissionsForm)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.apps._base import UserGroupAppView
             from rhodecode.lib.auth import (
                 LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h, audit_logger
             from rhodecode.lib.utils2 import str2bool
             from rhodecode.model.db import User
             from rhodecode.model.meta import Session
             from rhodecode.model.user_group import UserGroupModel
             log = logging.getLogger(__name__)
             class UserGroupsView(UserGroupAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     PermissionModel().set_global_permission_choices(
                         c, gettext_translator=self.request.translate)
                     return c
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='user_group_members_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_group_members(self):
                     """
                     Return members of given user group
                     """
                     self.load_default_context()
                     user_group = self.db_user_group
                     group_members_obj = sorted((x.user for x in user_group.members),
                                                key=lambda u: u.username.lower())
                     group_members = [
                         {
                             'id': user.user_id,
                             'first_name': user.first_name,
                             'last_name': user.last_name,
                             'username': user.username,
                             'icon_link': h.gravatar_url(user.email, 30),
                             'value_display': h.person(user.email),
                             'value': user.username,
                             'value_type': 'user',
                             'active': user.active,
                         }
                         for user in group_members_obj
                     ]
                     return {
                         'members': group_members
                     }
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_perms_summary', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_perms_summary(self):
                     c = self.load_default_context()
                     c.user_group = self.db_user_group
                     c.active = 'perms_summary'
                     c.permissions = UserGroupModel().get_perms_summary(
                         c.user_group.users_group_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_perms_summary_json', request_method='GET',
                     renderer='json_ext')
                 def user_group_perms_summary_json(self):
                     self.load_default_context()
                     user_group = self.db_user_group
                     return UserGroupModel().get_perms_summary(user_group.users_group_id)
                 def _revoke_perms_on_yourself(self, form_result):
                     _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                       form_result['perm_updates'])
                     _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_additions'])
                     _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_deletions'])
                     admin_perm = 'usergroup.admin'
                     if _updates   and _updates[0][1]   != admin_perm or \
                        _additions and _additions[0][1] != admin_perm or \
                        _deletions and _deletions[0][1] != admin_perm:
                         return True
                     return False
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_groups_update', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_update(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = user_group.users_group_id
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.group_members_obj = [x.user for x in c.user_group.members]
                     c.group_members_obj.sort(key=lambda u: u.username.lower())
                     c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
                     c.active = 'settings'
                     users_group_form = UserGroupForm(
                         self.request.translate, edit=True,
                         old_data=c.user_group.get_dict(), allow_disabled=True)()
                     old_values = c.user_group.get_api_data()
                     user_group_name = self.request.POST.get('users_group_name')
                     try:
                         form_result = users_group_form.to_python(self.request.POST)
                         pstruct = peppercorn.parse(self.request.POST.items())
                         form_result['users_group_members'] = pstruct['user_group_members']
                         user_group, added_members, removed_members = \
                             UserGroupModel().update(c.user_group, form_result)
                         updated_user_group = form_result['users_group_name']
                         for user_id in added_members:
                             user = User.get(user_id)
                             user_data = user.get_api_data()
                             audit_logger.store_web(
                                 'user_group.edit.member.add',
                                 action_data={'user': user_data, 'old_data': old_values},
                                 user=self._rhodecode_user)
                         for user_id in removed_members:
                             user = User.get(user_id)
                             user_data = user.get_api_data()
                             audit_logger.store_web(
                                 'user_group.edit.member.delete',
                                 action_data={'user': user_data, 'old_data': old_values},
                                 user=self._rhodecode_user)
                         audit_logger.store_web(
                             'user_group.edit', action_data={'old_data': old_values},
                             user=self._rhodecode_user)
                         h.flash(_('Updated user group %s') % updated_user_group,
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         data = render(
                             'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during update of user group")
                         h.flash(_('Error occurred during update of user group %s')
                                 % user_group_name, category='error')
                     raise HTTPFound(
                         h.route_path('edit_user_group', user_group_id=user_group_id))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_groups_delete', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_delete(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     self.load_default_context()
                     force = str2bool(self.request.POST.get('force'))
                     old_values = user_group.get_api_data()
                     try:
                         UserGroupModel().delete(user_group, force=force)
                         audit_logger.store_web(
                             'user.delete', action_data={'old_data': old_values},
                             user=self._rhodecode_user)
                         Session().commit()
                         h.flash(_('Successfully deleted user group'), category='success')
                     except UserGroupAssignedException as e:
                         h.flash(str(e), category='error')
                     except Exception:
                         log.exception("Exception during deletion of user group")
                         h.flash(_('An error occurred during deletion of user group'),
                                 category='error')
                     raise HTTPFound(h.route_path('user_groups'))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.group_members_obj = [x.user for x in c.user_group.members]
                     c.group_members_obj.sort(key=lambda u: u.username.lower())
                     c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
                     c.active = 'settings'
                     defaults = user_group.get_dict()
                     # fill owner
                     if user_group.user:
                         defaults.update({'user': user_group.user.username})
                     else:
                         replacement_user = User.get_first_super_admin().username
                         defaults.update({'user': replacement_user})
                     data = render(
                         'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit_perms(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'perms'
                     defaults = {}
                     # fill user group users
                     for p in c.user_group.user_user_group_to_perm:
                         defaults.update({'u_perm_%s' % p.user.user_id:
                                          p.permission.permission_name})
                     for p in c.user_group.user_group_user_group_to_perm:
                         defaults.update({'g_perm_%s' % p.user_group.users_group_id:
                                          p.permission.permission_name})
                     data = render(
                         'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_group_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_update_perms(self):
                     """
                     grant permission for given user group
                     """
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = user_group.users_group_id
                     c = self.load_default_context()
                     c.user_group = user_group
                     form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)
                     if not self._rhodecode_user.is_admin:
                         if self._revoke_perms_on_yourself(form):
                             msg = _('Cannot change permission for yourself as admin')
                             h.flash(msg, category='warning')
                             raise HTTPFound(
                                 h.route_path('edit_user_group_perms',
                                              user_group_id=user_group_id))
                     try:
                         changes = UserGroupModel().update_permissions(
-                            user_group_id,
+                            user_group,
                             form['perm_additions'], form['perm_updates'],
                             form['perm_deletions'])
                     except RepoGroupAssignmentError:
                         h.flash(_('Target group cannot be the same'), category='error')
                         raise HTTPFound(
                             h.route_path('edit_user_group_perms',
                                          user_group_id=user_group_id))
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'user_group.edit.permissions', action_data=action_data,
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_('User Group permissions updated'), category='success')
                     raise HTTPFound(
                         h.route_path('edit_user_group_perms', user_group_id=user_group_id))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_global_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_global_perms_edit(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user_group.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.user_group.get_default_perms())
                     data = render(
                         'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_group_global_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_global_perms_update(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = self.db_user_group.users_group_id
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm(self.request.translate)
                         form_result = _form.to_python(dict(self.request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user_group.inherit_default_permissions = inherit_perms
                         Session().add(user_group)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 self.request.translate,
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(self.request.POST))
                             form_result.update(
                                 {'perm_user_group_id': user_group.users_group_id})
                             PermissionModel().update_user_group_permissions(form_result)
                         Session().commit()
                         h.flash(_('User Group global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         data = render(
                             'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     raise HTTPFound(
                         h.route_path('edit_user_group_global_perms',
                                      user_group_id=user_group_id))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_advanced', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit_advanced(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'advanced'
                     c.group_members_obj = sorted(
                         (x.user for x in c.user_group.members),
                         key=lambda u: u.username.lower())
                     c.group_to_repos = sorted(
                         (x.repository for x in c.user_group.users_group_repo_to_perm),
                         key=lambda u: u.repo_name.lower())
                     c.group_to_repo_groups = sorted(
                         (x.group for x in c.user_group.users_group_repo_group_to_perm),
                         key=lambda u: u.group_name.lower())
                     c.group_to_review_rules = sorted(
                         (x.users_group for x in c.user_group.user_group_review_rules),
                         key=lambda u: u.users_group_name.lower())
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_group_advanced_sync', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit_advanced_set_synchronization(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = user_group.users_group_id
                     existing = user_group.group_data.get('extern_type')
                     if existing:
                         new_state = user_group.group_data
                         new_state['extern_type'] = None
                     else:
                         new_state = user_group.group_data
                         new_state['extern_type'] = 'manual'
                         new_state['extern_type_set_by'] = self._rhodecode_user.username
                     try:
                         user_group.group_data = new_state
                         Session().add(user_group)
                         Session().commit()
                         h.flash(_('User Group synchronization updated successfully'),
                                 category='success')
                     except Exception:
                         log.exception("Exception during sync settings saving")
                         h.flash(_('An error occurred during synchronization update'),
                                 category='error')
                     raise HTTPFound(
                         h.route_path('edit_user_group_advanced',
                                      user_group_id=user_group_id))