1 files changed, 69 insertions, 0 deletions

diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py
index 2ec9d1d6..625762f2 100644
--- a/rhodecode/model/repos_group.py
+++ b/rhodecode/model/repos_group.py
@@ -28,8 +28,10 @@ import logging
 import traceback
 import shutil
 import datetime
+from grp import getgrnam
 
 from rhodecode.lib.utils2 import LazyProperty
+from rhodecode.lib.system_command import SystemCommand
 
 from rhodecode.model import BaseModel
 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
@@ -41,6 +43,7 @@ log = logging.getLogger(__name__)
 class ReposGroupModel(BaseModel):
 
     cls = RepoGroup
+    URL_SEPARATOR = RepoGroup.url_sep()
 
     def __get_users_group(self, users_group):
         return self._get_instance(UsersGroup, users_group,
@@ -140,6 +143,11 @@ class ReposGroupModel(BaseModel):
                                           group.name)
                 shutil.move(rm_path, os.path.join(self.repos_path, _d))
 
+            system_group_name = "%s-%s" % (
+                group.group_name.split(self.URL_SEPARATOR)[-1],
+                group.group_id)
+            SystemCommand.delete_group(system_group_name)
+
     def create(self, group_name, group_description, parent=None, just_db=False):
         try:
             new_repos_group = RepoGroup()
@@ -156,6 +164,17 @@ class ReposGroupModel(BaseModel):
                 self.sa.flush()
                 self.__create_group(new_repos_group.group_name)
 
+                # Create corresponding system group.
+                system_group_name = "%s-%s" % (
+                    group_name.split(self.URL_SEPARATOR)[-1],
+                    new_repos_group.group_id)
+                SystemCommand.add_group(system_group_name)
+                create_path = os.path.join(self.repos_path,
+                                           new_repos_group.group_name)
+                os.chmod(create_path, 0775)
+                SystemCommand.change_ownership(new_repos_group.group_name,
+                                               system_group_name)
+
             return new_repos_group
         except:
             log.error(traceback.format_exc())
@@ -277,6 +296,14 @@ class ReposGroupModel(BaseModel):
 
             self.__rename_group(old_path, new_path)
 
+            old_system_name = "%s-%s" % (
+                old_path.split(self.URL_SEPARATOR)[-1],
+                repos_group.group_id)
+            new_system_name = "%s-%s" % (
+                new_path.split(self.URL_SEPARATOR)[-1],
+                repos_group.group_id)
+            SystemCommand.rename_group(old_system_name, new_system_name)
+
             return repos_group
         except:
             log.error(traceback.format_exc())
@@ -359,6 +386,24 @@ class ReposGroupModel(BaseModel):
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
 
+        system_group_name = "%s-%s" % (
+            repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+            repos_group.group_id)
+        group_path = os.path.join(self.repos_path, repos_group.group_name)
+
+        if permission.permission_name in ["group.none", "group.read"]:
+            if user.username=="default":
+                os.chmod(group_path, 0775)
+            else:
+                SystemCommand.remove_user_from_group(system_group_name,
+                                                     user.username)
+        else:
+            if user.username=="default":
+                os.chmod(group_path, 0777)
+            else:
+                SystemCommand.add_user_to_group(system_group_name,
+                                                user.username)
+
     def revoke_user_permission(self, repos_group, user):
         """
         Revoke permission for user on given repositories group
@@ -379,6 +424,11 @@ class ReposGroupModel(BaseModel):
             self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (repos_group, user))
 
+        system_group_name = "%s-%s" % (
+            repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+            repos_group.group_id)
+        SystemCommand.remove_user_from_group(system_group_name, user.username)
+
     def grant_users_group_permission(self, repos_group, group_name, perm):
         """
         Grant permission for users group on given repositories group, or update
@@ -410,6 +460,18 @@ class ReposGroupModel(BaseModel):
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
 
+        system_group_name = "%s-%s" % (
+            repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+            repos_group.group_id)
+
+        for member in group_name.members:
+            if permission.permission_name in ["group.none", "group.read"]:
+                SystemCommand.remove_user_from_group(system_group_name,
+                                                     member.user.username)
+            else:
+                SystemCommand.add_user_to_group(system_group_name,
+                                                member.user.username)
+
     def revoke_users_group_permission(self, repos_group, group_name):
         """
         Revoke permission for users group on given repositories group
@@ -429,3 +491,10 @@ class ReposGroupModel(BaseModel):
         if obj:
             self.sa.delete(obj)
             log.debug('Revoked perm to %s on %s' % (repos_group, group_name))
+
+        system_group_name = "%s-%s" % (
+            repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+            repos_group.group_id)
+        for member in group_name.members:
+            SystemCommand.remove_user_from_group(system_group_name,
+                                                 member.user.username)