# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 1363021178 -3600
# Node ID 0cef54d346059dfb140468c24531d87653b18214
# Parent  3be4e290c42be81fb5c473bcda917c2bfad3999a
Pass in old groups data to CanWriteToGroup validator for later skipping group checks.
This will be a part of refactoring done to do user permissions changes without messing with main
repo form data

diff -r 3be4e290c42b -r 0cef54d34605 rhodecode/controllers/admin/repos.py
--- a/rhodecode/controllers/admin/repos.py	Sun Mar 10 20:10:51 2013 +0100
+++ b/rhodecode/controllers/admin/repos.py	Mon Mar 11 17:59:38 2013 +0100
@@ -231,8 +231,10 @@
         #override the choices with extracted revisions !
         choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
         c.landing_revs_choices = choices
-
-        _form = RepoForm(edit=True, old_data={'repo_name': repo_name},
+        repo = Repository.get_by_repo_name(repo_name)
+        _form = RepoForm(edit=True, old_data={'repo_name': repo_name,
+                                              'repo_group': repo.group.get_dict() \
+                                              if repo.group else {}},
                          repo_groups=c.repo_groups_choices,
                          landing_revs=c.landing_revs_choices)()
         try:
diff -r 3be4e290c42b -r 0cef54d34605 rhodecode/controllers/settings.py
--- a/rhodecode/controllers/settings.py	Sun Mar 10 20:10:51 2013 +0100
+++ b/rhodecode/controllers/settings.py	Mon Mar 11 17:59:38 2013 +0100
@@ -107,9 +107,11 @@
         #override the choices with extracted revisions !
         choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
         c.landing_revs_choices = choices
-
+        repo = Repository.get_by_repo_name(repo_name)
         _form = RepoSettingsForm(edit=True,
-                                 old_data={'repo_name': repo_name},
+                                old_data={'repo_name': repo_name,
+                                          'repo_group': repo.group.get_dict() \
+                                              if repo.group else {}},
                                  repo_groups=c.repo_groups_choices,
                                  landing_revs=c.landing_revs_choices)()
         try:
diff -r 3be4e290c42b -r 0cef54d34605 rhodecode/model/forms.py
--- a/rhodecode/model/forms.py	Sun Mar 10 20:10:51 2013 +0100
+++ b/rhodecode/model/forms.py	Mon Mar 11 17:59:38 2013 +0100
@@ -176,7 +176,7 @@
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
-        repo_group = All(v.CanWriteGroup(),
+        repo_group = All(v.CanWriteGroup(old_data),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = v.OneOf(supported_backends)
         repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
@@ -205,7 +205,7 @@
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
-        repo_group = All(v.CanWriteGroup(),
+        repo_group = All(v.CanWriteGroup(old_data),
                          v.OneOf(repo_groups, hideList=True))
         repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
         repo_private = v.StringBoolean(if_missing=False)
diff -r 3be4e290c42b -r 0cef54d34605 rhodecode/model/validators.py
--- a/rhodecode/model/validators.py	Sun Mar 10 20:10:51 2013 +0100
+++ b/rhodecode/model/validators.py	Mon Mar 11 17:59:38 2013 +0100
@@ -16,11 +16,12 @@
 from rhodecode.lib.compat import OrderedSet
 from rhodecode.lib import ipaddr
 from rhodecode.lib.utils import repo_name_slug
+from rhodecode.lib.utils2 import safe_int
 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
     ChangesetStatus
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.config.routing import ADMIN_PREFIX
-from rhodecode.lib.auth import HasReposGroupPermissionAny
+from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny
 
 # silence warnings and pylint
 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
@@ -472,7 +473,7 @@
     return _validator
 
 
-def CanWriteGroup():
+def CanWriteGroup(old_data=None):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'permission_denied': _(u"You don't have permissions "
@@ -481,13 +482,58 @@
 
         def validate_python(self, value, state):
             gr = RepoGroup.get(value)
-            if not HasReposGroupPermissionAny(
-                'group.write', 'group.admin'
-            )(gr.group_name, 'get group of repo form'):
+            gr_name = gr.group_name if gr else None  # None means ROOT location
+            val = HasReposGroupPermissionAny('group.write', 'group.admin')
+            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
+            forbidden = not val(gr_name, 'can write into group validator')
+            value_changed = old_data['repo_group'].get('group_id') != safe_int(value)
+            if value_changed:  # do check if we changed the value
+                #parent group need to be existing
+                if gr and forbidden:
+                    msg = M(self, 'permission_denied', state)
+                    raise formencode.Invalid(msg, value, state,
+                        error_dict=dict(repo_type=msg)
+                    )
+                ## check if we can write to root location !
+                elif gr is None and can_create_repos() is False:
+                    msg = M(self, 'permission_denied_root', state)
+                    raise formencode.Invalid(msg, value, state,
+                        error_dict=dict(repo_type=msg)
+                    )
+
+    return _validator
+
+
+def CanCreateGroup(can_create_in_root=False):
+    class _validator(formencode.validators.FancyValidator):
+        messages = {
+            'permission_denied': _(u"You don't have permissions "
+                                   "to create a group in this location")
+        }
+
+        def to_python(self, value, state):
+            #root location
+            if value in [-1, "-1"]:
+                return None
+            return value
+
+        def validate_python(self, value, state):
+            gr = RepoGroup.get(value)
+            gr_name = gr.group_name if gr else None  # None means ROOT location
+
+            if can_create_in_root and gr is None:
+                #we can create in root, we're fine no validations required
+                return
+
+            forbidden_in_root = gr is None and can_create_in_root is False
+            val = HasReposGroupPermissionAny('group.admin')
+            forbidden = not val(gr_name, 'can create group validator')
+            if forbidden_in_root or forbidden:
                 msg = M(self, 'permission_denied', state)
                 raise formencode.Invalid(msg, value, state,
-                    error_dict=dict(repo_type=msg)
+                    error_dict=dict(group_parent_id=msg)
                 )
+
     return _validator