# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 2013-04-10 21:45:04
# Node ID 46b17730ca32ff960d0052cf0ff94da302b909f7
# Parent  87e6960e250bcd08c622a18e7eeca59284ae48cf

implemented usergroup permissions checks.
- each user who has now explicit or inherited permissions can create usersgrous
- user is automatically an admin of that usergroup, and can manage it

diff --git a/rhodecode/controllers/admin/users_groups.py b/rhodecode/controllers/admin/users_groups.py
--- a/rhodecode/controllers/admin/users_groups.py
+++ b/rhodecode/controllers/admin/users_groups.py
@@ -36,7 +36,7 @@ from rhodecode.lib import helpers as h
 from rhodecode.lib.exceptions import UserGroupsAssignedException
 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
-    HasUserGroupPermissionAnyDecorator
+    HasUserGroupPermissionAnyDecorator, HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.scm import UserGroupList
 from rhodecode.model.users_group import UserGroupModel
@@ -137,7 +137,7 @@ class UsersGroupsController(BaseControll
         c.users_groups_list = sorted(group_iter, key=sk)
         return render('admin/users_groups/users_groups.html')
 
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
     def create(self):
         """POST /users_groups: Create a new item"""
         # url('users_groups')
@@ -169,7 +169,7 @@ class UsersGroupsController(BaseControll
 
         return redirect(url('users_groups'))
 
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
     def new(self, format='html'):
         """GET /users_groups/new: Form to create a new item"""
         # url('new_users_group')
diff --git a/rhodecode/model/users_group.py b/rhodecode/model/users_group.py
--- a/rhodecode/model/users_group.py
+++ b/rhodecode/model/users_group.py
@@ -106,6 +106,10 @@ class UserGroupModel(BaseModel):
             self.sa.add(new_user_group)
             perm_obj = self._create_default_perms(new_user_group)
             self.sa.add(perm_obj)
+
+            self.grant_user_permission(user_group=new_user_group,
+                                       user=owner, perm='usergroup.admin')
+
             return new_user_group
         except Exception:
             log.error(traceback.format_exc())
diff --git a/rhodecode/templates/admin/users_groups/users_groups.html b/rhodecode/templates/admin/users_groups/users_groups.html
--- a/rhodecode/templates/admin/users_groups/users_groups.html
+++ b/rhodecode/templates/admin/users_groups/users_groups.html
@@ -21,10 +21,11 @@
     <div class="title">
         ${self.breadcrumbs()}
         <ul class="links">
+        %if h.HasPermissionAny('hg.usergroup.create.true')():
           <li>
             <span>${h.link_to(_(u'Add new user group'),h.url('new_users_group'))}</span>
           </li>
-
+        %endif
         </ul>
     </div>
     <!-- end box / title -->