rhodecode-enterprise-ce Commit - r4671:d6153155

release: Merge default into stable for release preparation

milka -

r4671:d6153155 stable

parent child

Context file:

r4671:d6153155

docs/release-notes/release-notes-4.25.0.rst created 644 +76 0

@@ -0,0 +1,76 b''
	1	\|RCE\| 4.25.0 \|RNS\|
	2	------------------
	3
	4	Release Date
	5	^^^^^^^^^^^^
	6
	7	- 2021-04-02
	8
	9
	10	New Features
	11	^^^^^^^^^^^^
	12
	13	- SSH: allow clone by ID via SSH operations.
	14	- Artifacts: added an admin panel to manage artifacts.
	15	- Redmine: added option to add note to a ticket without changing its status in Redmine integration.
	16
	17
	18	General
	19	^^^^^^^
	20
	21	- Git: change lookups logic. Prioritize reference names over numerical ids.
	22	Numerical ids are supported as a fallback if ref matching is unsuccessful.
	23	- Permissions: changed fork permission help text to reflect the actual state on how it works.
	24	- Permissions: flush permissions on owner changes for repo and repo groups. This
	25	would fix problems when owner of repository changes then the new owner lacked permissions
	26	until cache expired.
	27	- Artifacts: added API function to remove artifacts.
	28	- Archives: use a special name for non-hashed archives to fix caching issues.
	29	- Packaging: fixed few packages requirements for a proper builds.
	30	- Packaging: fix rhodecode-tools for docker builds.
	31	- Packaging: fixed some problem after latest setuptools-scm release.
	32	- Packaging: added setuptools-scm to packages for build.
	33	- Packaging: fix jira package for reproducible builds.
	34	- Packaging: fix zipp package patches.
	35
	36
	37	Security
	38	^^^^^^^^
	39
	40	- Comments: forbid removal of comments by anyone except the owners.
	41	Previously admins of a repository could remove them if they would construct a special url with data.
	42	- Pull requests: fixed some xss problems when a deleted file with special characters were commented on.
	43
	44
	45	Performance
	46	^^^^^^^^^^^
	47
	48	- License: skip channelstream connect on license checks logic to reduce calls handling times.
	49	- Core: optimize some calls to skip license/scm detection on them. Each license check is expensive
	50	and we don't need them on each call.
	51
	52
	53	Fixes
	54	^^^^^
	55
	56	- Branch-permissions: fixed ce view. Fixes #5656
	57	- Feed: fix errors on feed access of empty repositories.
	58	- Archives: if implicit ref name was used (e.g master) to obtain archive, we now
	59	redirect to explicit commit sha so we can have the proper caching for references names.
	60	- rcextensions: fixed pre-files extractor return code support.
	61	- Svn: fix subprocess problems on some of the calls for file checking.
	62	- Pull requests: fixed multiple repetitions of referenced tickets in pull requests summary sidebar.
	63	- Maintenance: fixed bad routes def
	64	- clone-uri: fixed the problems with key mismatch that caused errors on summary page.
	65	- Largefiles: added fix for downloading largefiles which had no extension in file name.
	66	- Compare: fix referenced commits bug.
	67	- Git: fix for unicode branches
	68
	69
	70	Upgrade notes
	71	^^^^^^^^^^^^^
	72
	73	- Scheduled release 4.25.0.
	74
	75
	76

pkgs/patches/channelstream/setuptools.patch created 644 +13 0

@@ -0,0 +1,13 b''
	1	diff -rup channelstream-0.6.14-orig/setup.py channelstream-0.6.14/setup.py
	2
	3	--- channelstream-0.6.14/setup-orig.py 2021-03-11 12:34:45.000000000 +0100
	4	+++ channelstream-0.6.14/setup.py 2021-03-11 12:34:56.000000000 +0100
	5	@@ -52,7 +52,7 @@ setup(
	6	include_package_data=True,
	7	install_requires=requires,
	8	python_requires=">=2.7",
	9	- setup_requires=["pytest-runner"],
	10	+ setup_requires=["pytest-runner==5.1.0"],
	11	extras_require={
	12	"dev": ["coverage", "pytest", "pyramid", "tox", "mock", "webtest"],
	13	"lint": ["black"],

pkgs/patches/configparser/pyproject.patch created 644 +10 0

@@ -0,0 +1,10 b''
	1	diff -rup configparser-4.0.2-orig/pyproject.toml configparser-4.0.2/pyproject.toml
	2	--- configparser-4.0.2-orig/pyproject.toml 2021-03-22 21:28:11.000000000 +0100
	3	+++ configparser-4.0.2/pyproject.toml 2021-03-22 21:28:11.000000000 +0100
	4	@@ -1,5 +1,5 @@
	5	[build-system]
	6	-requires = ["setuptools>=40.7", "wheel", "setuptools_scm>=1.15"]
	7	+requires = ["setuptools<=42.0", "wheel", "setuptools_scm<6.0.0"]
	8	build-backend = "setuptools.build_meta"
	9
	10	[tool.black]

pkgs/patches/importlib_metadata/pyproject.patch created 644 +7 0

@@ -0,0 +1,7 b''
	1	diff -rup importlib-metadata-1.6.0-orig/yproject.toml importlib-metadata-1.6.0/pyproject.toml
	2	--- importlib-metadata-1.6.0-orig/yproject.toml 2021-03-22 22:10:33.000000000 +0100
	3	+++ importlib-metadata-1.6.0/pyproject.toml 2021-03-22 22:11:09.000000000 +0100
	4	@@ -1,3 +1,3 @@
	5	[build-system]
	6	-requires = ["setuptools>=30.3", "wheel", "setuptools_scm"]
	7	+requires = ["setuptools<42.0", "wheel", "setuptools_scm<6.0.0"]

pkgs/patches/pyramid_apispec/setuptools.patch created 644 +12 0

@@ -0,0 +1,12 b''
	1	diff -rup pyramid-apispec-0.3.2-orig/setup.py pyramid-apispec-0.3.2/setup.py
	2	--- pyramid-apispec-0.3.2-orig/setup.py 2021-03-11 11:19:26.000000000 +0100
	3	+++ pyramid-apispec-0.3.2/setup.py 2021-03-11 11:19:51.000000000 +0100
	4	@@ -44,7 +44,7 @@ setup(
	5	packages=find_packages(exclude=["contrib", "docs", "tests"]),
	6	package_data={"pyramid_apispec": ["static/."], "": ["LICENSE"]},
	7	install_requires=["apispec[yaml]==1.0.0"],
	8	- setup_requires=["pytest-runner"],
	9	+ setup_requires=["pytest-runner==5.1"],
	10	extras_require={
	11	"dev": ["coverage", "pytest", "pyramid", "tox", "webtest"],
	12	"demo": ["marshmallow==2.15.3", "pyramid", "apispec", "webtest"], No newline at end of file

pkgs/patches/rhodecode_tools/setuptools.patch created 644 +12 0

@@ -0,0 +1,12 b''
	1	diff -rup rhodecode-tools-1.4.0-orig/setup.py rhodecode-tools-1.4.0/setup.py
	2	--- rhodecode-tools-1.4.0/setup-orig.py 2021-03-11 12:34:45.000000000 +0100
	3	+++ rhodecode-tools-1.4.0/setup.py 2021-03-11 12:34:56.000000000 +0100
	4	@@ -69,7 +69,7 @@ def _get_requirements(req_filename, excl
	5
	6
	7	# requirements extract
	8	-setup_requirements = ['pytest-runner']
	9	+setup_requirements = ['pytest-runner==5.1.0']
	10	install_requirements = _get_requirements(
	11	'requirements.txt', exclude=['setuptools'])
	12	test_requirements = _get_requirements('requirements_test.txt') No newline at end of file

pkgs/patches/zipp/pyproject.patch created 644 +10 0

@@ -0,0 +1,10 b''
	1	diff -rup zip-1.2.0-orig/pyproject.toml zip-1.2.0/pyproject.toml
	2	--- zip-1.2.0-orig/pyproject.toml 2021-03-23 10:55:37.000000000 +0100
	3	+++ zip-1.2.0/pyproject.toml 2021-03-23 10:56:05.000000000 +0100
	4	@@ -1,5 +1,5 @@
	5	[build-system]
	6	-requires = ["setuptools>=34.4", "wheel", "setuptools_scm>=1.15"]
	7	+requires = ["setuptools<42.0", "wheel", "setuptools_scm<6.0.0"]
	8	build-backend = "setuptools.build_meta"
	9
	10	[tool.black]

rhodecode/apps/repository/tests/test_repo_maintainance.py created 644 +74 0

@@ -0,0 +1,74 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2010-2020 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import mock
	22	import pytest
	23
	24	from rhodecode.lib.utils2 import str2bool
	25	from rhodecode.lib.vcs.exceptions import RepositoryRequirementError
	26	from rhodecode.model.db import Repository, UserRepoToPerm, Permission, User
	27	from rhodecode.model.meta import Session
	28	from rhodecode.tests import (
	29	TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN, assert_session_flash)
	30	from rhodecode.tests.fixture import Fixture
	31
	32	fixture = Fixture()
	33
	34
	35	def route_path(name, params=None, **kwargs):
	36	import urllib
	37
	38	base_url = {
	39	'edit_repo_maintenance': '/{repo_name}/settings/maintenance',
	40	'edit_repo_maintenance_execute': '/{repo_name}/settings/maintenance/execute',
	41
	42	}[name].format(**kwargs)
	43
	44	if params:
	45	base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
	46	return base_url
	47
	48
	49	def _get_permission_for_user(user, repo):
	50	perm = UserRepoToPerm.query()\
	51	.filter(UserRepoToPerm.repository ==
	52	Repository.get_by_repo_name(repo))\
	53	.filter(UserRepoToPerm.user == User.get_by_username(user))\
	54	.all()
	55	return perm
	56
	57
	58	@pytest.mark.usefixtures('autologin_user', 'app')
	59	class TestAdminRepoMaintenance(object):
	60	@pytest.mark.parametrize('urlname', [
	61	'edit_repo_maintenance',
	62	])
	63	def test_show_page(self, urlname, app, backend):
	64	app.get(route_path(urlname, repo_name=backend.repo_name), status=200)
	65
	66	def test_execute_maintenance_for_repo_hg(self, app, backend_hg, autologin_user, xhr_header):
	67	repo_name = backend_hg.repo_name
	68
	69	response = app.get(
	70	route_path('edit_repo_maintenance_execute',
	71	repo_name=repo_name,),
	72	extra_environ=xhr_header)
	73
	74	assert "HG Verify repo" in ''.join(response.json)

.bumpversion.cfg +1 -2

             [bumpversion]
-            current_version = 4.24.1
+            current_version = 4.25.0
             message = release: Bump version {current_version} to {new_version}
             [bumpversion:file:rhodecode/VERSION]

.release.cfg +4 -9

             done = true
             [task:rc_tools_pinned]
-            done = true
             [task:fixes_on_stable]
-            done = true
             [task:pip2nix_generated]
-            done = true
             [task:changelog_updated]
-            done = true
             [task:generate_api_docs]
-            done = true
+            [task:updated_translation]
             [release]
-            state = prepared
+            state = in_progress
-            version = 4.24.1
+            version = 4.25.0
-            [task:updated_translation]
             [task:generate_js_routes]

docs/api/methods/store-methods.rst +18 0

@@ -130,6 +130,24 b' file_store_get_info (EE only)'
130	error : null	130	error : null
131		131
132		132
		133	file_store_delete (EE only)
		134	---------------------------
		135
		136	.. py:function:: file_store_delete(apiuser, store_fid)
		137
		138	Delete an artifact based on the secret uuid.
		139
		140	Example output:
		141
		142	.. code-block:: bash
		143
		144	id : <id_given_in_input>
		145	result: {
		146	"artifact" : {"uid": "some uid", "removed": true}
		147	}
		148	error : null
		149
		150
133	file_store_add_metadata (EE only)	151	file_store_add_metadata (EE only)
134	---------------------------------	152	---------------------------------
135		153

docs/release-notes/release-notes.rst +1 0

             .. toctree::
                :maxdepth: 1
+               release-notes-4.25.0.rst
                release-notes-4.24.1.rst
                release-notes-4.24.0.rst
                release-notes-4.23.2.rst

pkgs/patches/pytest/setuptools.patch +1 -1

                  setup(
                      use_scm_version={"write_to": "src/_pytest/_version.py"},
             -        setup_requires=["setuptools-scm", "setuptools>=40.0"],
-            +        setup_requires=["setuptools-scm", "setuptools<=42.0"],
+            +        setup_requires=["setuptools-scm<6.0.0", "setuptools<=42.0"],
                      package_dir={"": "src"},
                      # fmt: off
                      extras_require={

pkgs/python-packages-overrides.nix +66 0

@@ -280,6 +280,72 b' self: super: {'
280	];	280	];
281	});	281	});
282		282
		283	"pytest-runner" = super."pytest-runner".override (attrs: {
		284	propagatedBuildInputs = [
		285	self."setuptools-scm"
		286	];
		287	});
		288
		289	"py" = super."py".override (attrs: {
		290	propagatedBuildInputs = [
		291	self."setuptools-scm"
		292	];
		293	});
		294
		295	"python-dateutil" = super."python-dateutil".override (attrs: {
		296	propagatedBuildInputs = attrs.propagatedBuildInputs ++ [
		297	self."setuptools-scm"
		298	];
		299	});
		300
		301	"configparser" = super."configparser".override (attrs: {
		302	patches = [
		303	./patches/configparser/pyproject.patch
		304	];
		305	propagatedBuildInputs = [
		306	self."setuptools-scm"
		307	];
		308	});
		309
		310	"importlib-metadata" = super."importlib-metadata".override (attrs: {
		311
		312	patches = [
		313	./patches/importlib_metadata/pyproject.patch
		314	];
		315
		316	propagatedBuildInputs = attrs.propagatedBuildInputs ++ [
		317	self."setuptools-scm"
		318	];
		319
		320	});
		321
		322	"zipp" = super."zipp".override (attrs: {
		323	patches = [
		324	./patches/zipp/pyproject.patch
		325	];
		326	propagatedBuildInputs = attrs.propagatedBuildInputs ++ [
		327	self."setuptools-scm"
		328	];
		329	});
		330
		331	"pyramid-apispec" = super."pyramid-apispec".override (attrs: {
		332	patches = [
		333	./patches/pyramid_apispec/setuptools.patch
		334	];
		335	});
		336
		337	"channelstream" = super."channelstream".override (attrs: {
		338	patches = [
		339	./patches/channelstream/setuptools.patch
		340	];
		341	});
		342
		343	"rhodecode-tools" = super."rhodecode-tools".override (attrs: {
		344	patches = [
		345	./patches/rhodecode_tools/setuptools.patch
		346	];
		347	});
		348
283	# Avoid that base packages screw up the build process	349	# Avoid that base packages screw up the build process
284	inherit (basePythonPackages)	350	inherit (basePythonPackages)
285	setuptools;	351	setuptools;

pkgs/python-packages.nix +12 -1

                 };
               };
               "rhodecode-enterprise-ce" = super.buildPythonPackage {
-                name = "rhodecode-enterprise-ce-4.24.1";
+                name = "rhodecode-enterprise-ce-4.25.0";
                 buildInputs = [
                   self."pytest"
                   self."py"
                   license = [ pkgs.lib.licenses.mit ];
                 };
               };
+              "setuptools-scm" = super.buildPythonPackage {
+                name = "setuptools-scm-3.5.0";
+                doCheck = false;
+                src = fetchurl {
+                  url = "https://files.pythonhosted.org/packages/b2/f7/60a645aae001a2e06cf4b8db2fba9d9f36b8fd378f10647e3e218b61b74b/setuptools_scm-3.5.0.tar.gz";
+                  sha256 = "5bdf21a05792903cafe7ae0c9501182ab52497614fa6b1750d9dbae7b60c1a87";
+                };
+                meta = {
+                  license = [ pkgs.lib.licenses.psfl ];
+                };
+              };
               "simplegeneric" = super.buildPythonPackage {
                 name = "simplegeneric-0.8.1";
                 doCheck = false;

rhodecode/VERSION +1 -1

	@@ -1,1 +1,1 b''
	1	4.2~~4.1~~ No newline at end of file		1	4.25.0 No newline at end of file

rhodecode/api/views/repo_api.py +1 -1

                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                     # check if the regular user has at least fork permissions as well
-                    if not HasPermissionAnyApi('hg.fork.repository')(user=apiuser):
+                    if not HasPermissionAnyApi(PermissionModel.FORKING_ENABLED)(user=apiuser):
                         raise JSONRPCForbidden()
                 # check if user can set owner parameter

rhodecode/apps/file_store/backends/local_store.py +3 -2

                     return filename, metadata
-                def get_metadata(self, filename):
+                def get_metadata(self, filename, ignore_missing=False):
                     """
                     Reads JSON stored metadata for a file
                     """
                     filename = self.store_path(filename)
                     filename_meta = filename + '.meta'
+                    if ignore_missing and not os.path.isfile(filename_meta):
+                        return {}
                     with open(filename_meta, "rb") as source_meta:
                         return json.loads(source_meta.read())

rhodecode/apps/repository/__init__.py +6 -6

                     name='edit_repo_perms_branch',
                     pattern='/{repo_name:.*?[^/]}/settings/branch_permissions', repo_route=True)
                 config.add_view(
-                    RepoBranchesView,
+                    RepoSettingsBranchPermissionsView,
-                    attr='branches',
+                    attr='branch_permissions',
                     route_name='edit_repo_perms_branch', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 config.add_view(
                     RepoMaintenanceView,
                     attr='repo_maintenance',
-                    route_name='edit_repo_maintenance_execute', request_method='GET',
+                    route_name='edit_repo_maintenance', request_method='GET',
-                    renderer='json', xhr=True)
+                    renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 config.add_route(
                     name='edit_repo_maintenance_execute',
                 config.add_view(
                     RepoMaintenanceView,
                     attr='repo_maintenance_execute',
-                    route_name='edit_repo_maintenance', request_method='GET',
+                    route_name='edit_repo_maintenance_execute', request_method='GET',
-                    renderer='rhodecode:templates/admin/repos/repo_edit.mako')
+                    renderer='json', xhr=True)
                 # Fields
                 config.add_route(

rhodecode/apps/repository/tests/test_repo_files.py +22 0

@@ -542,6 +542,28 b' class TestRepositoryArchival(object):'
542	for header in headers:	542	for header in headers:
543	assert header in response.headers.items()	543	assert header in response.headers.items()
544		544
		545	def test_archival_no_hash(self, backend):
		546	backend.enable_downloads()
		547	commit = backend.repo.get_commit(commit_idx=173)
		548	for a_type, content_type, extension in settings.ARCHIVE_SPECS:
		549
		550	short = 'plain' + extension
		551	fname = commit.raw_id + extension
		552	filename = '%s-%s' % (backend.repo_name, short)
		553	response = self.app.get(
		554	route_path('repo_archivefile',
		555	repo_name=backend.repo_name,
		556	fname=fname, params={'with_hash': 0}))
		557
		558	assert response.status == '200 OK'
		559	headers = [
		560	('Content-Disposition', 'attachment; filename=%s' % filename),
		561	('Content-Type', '%s' % content_type),
		562	]
		563
		564	for header in headers:
		565	assert header in response.headers.items()
		566
545	@pytest.mark.parametrize('arch_ext',[	567	@pytest.mark.parametrize('arch_ext',[
546	'tar', 'rar', 'x', '..ax', '.zipz', 'tar.gz.tar'])	568	'tar', 'rar', 'x', '..ax', '.zipz', 'tar.gz.tar'])
547	def test_archival_wrong_ext(self, backend, arch_ext):	569	def test_archival_wrong_ext(self, backend, arch_ext):

rhodecode/apps/repository/views/repo_changelog.py +2 -2

             from rhodecode.lib.ext_json import json
             from rhodecode.lib.graphmod import _colored, _dagwalker
             from rhodecode.lib.helpers import RepoPage
-            from rhodecode.lib.utils2 import safe_int, safe_str, str2bool
+            from rhodecode.lib.utils2 import safe_int, safe_str, str2bool, safe_unicode
             from rhodecode.lib.vcs.exceptions import (
                 RepositoryError, CommitDoesNotExistError,
                 CommitError, NodeDoesNotExistError, EmptyRepositoryError)
                 def _check_if_valid_branch(self, branch_name, repo_name, f_path):
                     if branch_name not in self.rhodecode_vcs_repo.branches_all:
-                        h.flash('Branch {} is not found.'.format(h.escape(branch_name)),
+                        h.flash(u'Branch {} is not found.'.format(h.escape(safe_unicode(branch_name))),
                                 category='warning')
                         redirect_url = h.route_path(
                             'repo_commits_file', repo_name=repo_name,

rhodecode/apps/repository/views/repo_commits.py +4 0

                     is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id
                     comment_repo_admin = is_repo_admin and is_repo_comment
+                    if comment.draft and not comment_owner:
+                        # We never allow to delete draft comments for other than owners
+                        raise HTTPNotFound()
                     if super_admin or comment_owner or comment_repo_admin:
                         CommentsModel().delete(comment=comment, auth_user=self._rhodecode_user)
                         Session().commit()

rhodecode/apps/repository/views/repo_feed.py +4 0

                 def _get_commits(self):
                     pre_load = ['author', 'branch', 'date', 'message', 'parents']
+                    if self.rhodecode_vcs_repo.is_empty():
+                        return []
                     collection = self.rhodecode_vcs_repo.get_commits(
                         branch_name=None, show_hidden=False, pre_load=pre_load,
                         translate_tags=False)
                             language=self.language,
                             ttl=self.ttl
                         )
                         for commit in reversed(self._get_commits()):
                             date = self._set_timezone(commit.date)
                             feed.add_item(

rhodecode/apps/repository/views/repo_files.py +12 -5

                     return lf_enabled
-                def _get_archive_name(self, db_repo_name, commit_sha, ext, subrepos=False, path_sha=''):
+                def _get_archive_name(self, db_repo_name, commit_sha, ext, subrepos=False, path_sha='', with_hash=True):
                     # original backward compat name of archive
                     clean_name = safe_str(db_repo_name.replace('/', '_'))
                     # e.g vcsserver.zip
                     # e.g vcsserver-abcdefgh.zip
                     # e.g vcsserver-abcdefgh-defghijk.zip
-                    archive_name = '{}{}{}{}{}'.format(
+                    archive_name = '{}{}{}{}{}{}'.format(
                         clean_name,
                         '-sub' if subrepos else '',
                         commit_sha,
+                        '-{}'.format('plain') if not with_hash else '',
                         '-{}'.format(path_sha) if path_sha else '',
                         ext)
                     return archive_name
                     except EmptyRepositoryError:
                         return Response(_('Empty repository'))
+                    # we used a ref, or a shorter version, lets redirect client ot use explicit hash
+                    if commit_id != commit.raw_id:
+                        fname='{}{}'.format(commit.raw_id, ext)
+                        raise HTTPFound(self.request.current_route_path(fname=fname))
                     try:
                         at_path = commit.get_node(at_path).path or default_at_path
                     except Exception:
                     # used for cache etc
                     archive_name = self._get_archive_name(
                         self.db_repo_name, commit_sha=short_sha, ext=ext, subrepos=subrepos,
-                        path_sha=path_sha)
+                        path_sha=path_sha, with_hash=with_hash)
                     if not with_hash:
                         short_sha = ''
                     # what end client gets served
                     response_archive_name = self._get_archive_name(
                         self.db_repo_name, commit_sha=short_sha, ext=ext, subrepos=subrepos,
-                        path_sha=path_sha)
+                        path_sha=path_sha, with_hash=with_hash)
                     # remove extension from our archive directory name
                     archive_dir_name = response_archive_name[:-len(ext)]
                     cached_archive_path = None
                     if archive_cache_enabled:
-                        # check if we it's ok to write
+                        # check if we it's ok to write, and re-create the archive cache
                         if not os.path.isdir(CONFIG['archive_cache_dir']):
                             os.makedirs(CONFIG['archive_cache_dir'])
                         cached_archive_path = os.path.join(
                             CONFIG['archive_cache_dir'], archive_name)
                         if os.path.isfile(cached_archive_path):

rhodecode/apps/repository/views/repo_forks.py +2 -2

                 @LoginRequired()
                 @NotAnonymous()
-                @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
+                @HasPermissionAnyDecorator('hg.admin', PermissionModel.FORKING_ENABLED)
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 def repo_fork_new(self):
                 @LoginRequired()
                 @NotAnonymous()
-                @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
+                @HasPermissionAnyDecorator('hg.admin', PermissionModel.FORKING_ENABLED)
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @CSRFRequired()

rhodecode/apps/repository/views/repo_pull_requests.py +4 0

                     is_repo_comment = comment.repo.repo_name == self.db_repo_name
                     comment_repo_admin = is_repo_admin and is_repo_comment
+                    if comment.draft and not comment_owner:
+                        # We never allow to delete draft comments for other than owners
+                        raise HTTPNotFound()
                     if super_admin or comment_owner or comment_repo_admin:
                         old_calculated_status = comment.pull_request.calculated_review_status()
                         CommentsModel().delete(comment=comment, auth_user=self._rhodecode_user)

rhodecode/apps/ssh_support/lib/backends/__init__.py +10 -2

                     return conn
+                def maybe_translate_repo_uid(self, repo_name):
+                    if repo_name.startswith('_'):
+                        from rhodecode.model.repo import RepoModel
+                        by_id_match = RepoModel().get_repo_by_id(repo_name)
+                        if by_id_match:
+                            repo_name = by_id_match.repo_name
+                    return repo_name
                 def get_repo_details(self, mode):
                     vcs_type = mode if mode in ['svn', 'hg', 'git'] else None
                     repo_name = None
                     hg_match = re.match(hg_pattern, self.command)
                     if hg_match is not None:
                         vcs_type = 'hg'
-                        repo_name = hg_match.group(1).strip('/')
+                        repo_name = self.maybe_translate_repo_uid(hg_match.group(1).strip('/'))
                         return vcs_type, repo_name, mode
                     git_pattern = r'^git-(receive-pack|upload-pack)\s\'[/]?(\S+?)(|\.git)\'$'
                     git_match = re.match(git_pattern, self.command)
                     if git_match is not None:
                         vcs_type = 'git'
-                        repo_name = git_match.group(2).strip('/')
+                        repo_name = self.maybe_translate_repo_uid(git_match.group(2).strip('/'))
                         mode = git_match.group(1)
                         return vcs_type, repo_name, mode

rhodecode/apps/ssh_support/tests/test_server_git.py +4 0

             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import json
+            import os
             import mock
             import<