# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 1360025857 -3600
# Node ID 92dfc033ee6f9dd32466adae61998368819c8927
# Parent  0379e15f0b8509dd86ab5836eb9e1db7c8c8c1af
forbid removing yourself as beeing an admin of a group

diff -r 0379e15f0b85 -r 92dfc033ee6f rhodecode/controllers/admin/repos_groups.py
--- a/rhodecode/controllers/admin/repos_groups.py	Tue Feb 05 01:02:36 2013 +0100
+++ b/rhodecode/controllers/admin/repos_groups.py	Tue Feb 05 01:57:37 2013 +0100
@@ -106,6 +106,15 @@
 
         return data
 
+    def _revoke_perms_on_yourself(self, form_result):
+        _up = filter(lambda u: c.rhodecode_user.username == u[0],
+                     form_result['perms_updates'])
+        _new = filter(lambda u: c.rhodecode_user.username == u[0],
+                      form_result['perms_new'])
+        if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':
+            return True
+        return False
+
     def index(self, format='html'):
         """GET /repos_groups: All items in the collection"""
         # url('repos_groups')
@@ -200,6 +209,12 @@
         )()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
+            if not c.rhodecode_user.is_admin:
+                if self._revoke_perms_on_yourself(form_result):
+                    msg = _('Cannot revoke permission for yourself as admin')
+                    h.flash(msg, category='warning')
+                    raise Exception('revoke admin permission on self')
+
             new_gr = ReposGroupModel().update(group_name, form_result)
             Session().commit()
             h.flash(_('updated repos group %s') \
@@ -272,6 +287,11 @@
         :param group_name:
         """
         try:
+            if not c.rhodecode_user.is_admin:
+                if c.rhodecode_user.user_id == safe_int(request.POST['user_id']):
+                    msg = _('Cannot revoke permission for yourself as admin')
+                    h.flash(msg, category='warning')
+                    raise Exception('revoke admin permission on self')
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['user_id'],
diff -r 0379e15f0b85 -r 92dfc033ee6f rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html
--- a/rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html	Tue Feb 05 01:02:36 2013 +0100
+++ b/rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html	Tue Feb 05 01:57:37 2013 +0100
@@ -9,7 +9,9 @@
     </tr>
     ## USERS
     %for r2p in c.repos_group.repo_group_to_perm:
+        ##forbid revoking permission from yourself
         <tr id="id${id(r2p.user.username)}">
+            %if c.rhodecode_user.user_id != r2p.user.user_id or c.rhodecode_user.is_admin:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>
@@ -24,6 +26,17 @@
                 </span>
               %endif
             </td>
+            %else:
+            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td>
+            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td>
+            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td>
+            <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td>
+            <td style="white-space: nowrap;">
+                <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
+            </td>
+            <td>
+            </td>
+            %endif
         </tr>
     %endfor