fixed #397 Private repository groups shows up before login

- added relevant test for this issue

--HG--
branch : beta

3 files changed, 90 insertions, 9 deletions

diff --git a/docs/changelog.rst b/docs/changelog.rst
index 56fa414d..e8bb85f9 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -30,6 +30,7 @@ fixes
 - fixed error occurring during recursive group creation in API 
   create_repo function
 - fixed #393 py2.5 fixes for routes url generator
+- fixed #397 Private repository groups shows up before login
 
 1.3.3 (**2012-03-02**)
 ----------------------
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
index d2411c27..f1d59347 100644
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -298,14 +298,15 @@ class UserModel(BaseModel):
         try:
             if user.username == 'default':
                 raise DefaultUserException(
-                                _("You can't remove this user since it's"
-                                  " crucial for entire application"))
+                    _("You can't remove this user since it's"
+                      " crucial for entire application")
+                )
             if user.repositories:
-                raise UserOwnsReposException(_('This user still owns %s '
-                                               'repositories and cannot be '
-                                               'removed. Switch owners or '
-                                               'remove those repositories') \
-                                               % user.repositories)
+                raise UserOwnsReposException(
+                    _('user "%s" still owns %s repositories and cannot be '
+                      'removed. Switch owners or remove those repositories')
+                    % (user.username, user.repositories)
+                )
             self.sa.delete(user)
         except:
             log.error(traceback.format_exc())
@@ -500,7 +501,7 @@ class UserModel(BaseModel):
              self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
              .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
              .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
-             .filter(UserRepoToPerm.user_id == uid)\
+             .filter(UserRepoGroupToPerm.user_id == uid)\
              .all()
 
             for perm in user_repo_groups_perms:
@@ -509,7 +510,6 @@ class UserModel(BaseModel):
                 cur_perm = user.permissions[GK][rg_k]
                 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                     user.permissions[GK][rg_k] = p
-
         return user
 
     def has_perm(self, user, perm):
diff --git a/rhodecode/tests/test_models.py b/rhodecode/tests/test_models.py
index 4863d2eb..8e1c0cd2 100644
--- a/rhodecode/tests/test_models.py
+++ b/rhodecode/tests/test_models.py
@@ -430,6 +430,11 @@ class TestPermissions(unittest.TestCase):
             username=u'u1', password=u'qweqwe',
             email=u'u1@rhodecode.org', name=u'u1', lastname=u'u1'
         )
+        self.u2 = UserModel().create_or_update(
+            username=u'u2', password=u'qweqwe',
+            email=u'u2@rhodecode.org', name=u'u2', lastname=u'u2'
+        )
+        self.anon = User.get_by_username('default')
         self.a1 = UserModel().create_or_update(
             username=u'a1', password=u'qweqwe',
             email=u'a1@rhodecode.org', name=u'a1', lastname=u'a1', admin=True
@@ -437,7 +442,10 @@ class TestPermissions(unittest.TestCase):
         Session.commit()
 
     def tearDown(self):
+        if hasattr(self, 'test_repo'):
+            RepoModel().delete(repo=self.test_repo)
         UserModel().delete(self.u1)
+        UserModel().delete(self.u2)
         UserModel().delete(self.a1)
         if hasattr(self, 'g1'):
             ReposGroupModel().delete(self.g1.group_id)
@@ -578,3 +586,75 @@ class TestPermissions(unittest.TestCase):
                          new_perm_h)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
+
+    def test_repo_in_group_permissions(self):
+        self.g1 = _make_group('group1', skip_if_exists=True)
+        self.g2 = _make_group('group2', skip_if_exists=True)
+        Session.commit()
+        # both perms should be read !
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories_groups'],
+                         {u'group1': u'group.read', u'group2': u'group.read'})
+
+        a1_auth = AuthUser(user_id=self.anon.user_id)
+        self.assertEqual(a1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.read', u'group2': u'group.read'})
+
+        #Change perms to none for both groups
+        ReposGroupModel().grant_user_permission(repos_group=self.g1,
+                                                user=self.anon,
+                                                perm='group.none')
+        ReposGroupModel().grant_user_permission(repos_group=self.g2,
+                                                user=self.anon,
+                                                perm='group.none')
+
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.none', u'group2': u'group.none'})
+
+        a1_auth = AuthUser(user_id=self.anon.user_id)
+        self.assertEqual(a1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.none', u'group2': u'group.none'})
+
+        # add repo to group
+        form_data = {
+            'repo_name':HG_REPO,
+            'repo_name_full':os.path.join(self.g1.group_name,HG_REPO),
+            'repo_type':'hg',
+            'clone_uri':'',
+            'repo_group':self.g1.group_id,
+            'description':'desc',
+            'private':False
+        }
+        self.test_repo = RepoModel().create(form_data, cur_user=self.u1)
+        Session.commit()
+
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.none', u'group2': u'group.none'})
+
+        a1_auth = AuthUser(user_id=self.anon.user_id)
+        self.assertEqual(a1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.none', u'group2': u'group.none'})
+
+        #grant permission for u2 !
+        ReposGroupModel().grant_user_permission(repos_group=self.g1,
+                                                user=self.u2,
+                                                perm='group.read')
+        ReposGroupModel().grant_user_permission(repos_group=self.g2,
+                                                user=self.u2,
+                                                perm='group.read')
+        Session.commit()
+        self.assertNotEqual(self.u1, self.u2)
+        #u1 and anon should have not change perms while u2 should !
+        u1_auth = AuthUser(user_id=self.u1.user_id)
+        self.assertEqual(u1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.none', u'group2': u'group.none'})
+
+        u2_auth = AuthUser(user_id=self.u2.user_id)
+        self.assertEqual(u2_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.read', u'group2': u'group.read'})
+
+        a1_auth = AuthUser(user_id=self.anon.user_id)
+        self.assertEqual(a1_auth.permissions['repositories_groups'],
+                 {u'group1': u'group.none', u'group2': u'group.none'})