Details
-
Bug
-
Resolution: Fixed
-
Low
-
3.6.0, 3.10.0
Description
The message "User not permitted" is being displayed when accessing Stash pull requests which has merge conflict whereby the source branch is from a forked repository and its target a branch in the main repository. This message is misleading and should either be changed or removed.
In addition, after receiving the "User not permitted" message for the pull requests with merge conflict:
1. The warning message box with text "This pull request can't be merged. You will need to resolve conflicts to be able to merge. More information."
2. The warning icon located on the left of the Merge button
are missing for the following scenario:
2a) As the reviewer, in the pull request's "Overview" tab
2b) As the creator of a pull request if the pull request is created in a Stash version prior to 3.6.0
Can you please investigate the "User not permitted" unexpected message and the missing merge warning indicators for pull requests with merge conflicts whereby the source branch is from a forked repository to a target branch in the main repository.
From further testing, noted that:
- "User not permitted" message appears if the reviewer does not have permission to access the forked repository
- "User not permitted" message does not appear if the reviewer has write permission to the forked repository
Perhaps there is a change in Stash v3.6.0 that introduced this behavior since we did not see this message with earlier versions of Stash.
Stack trace after reproducing it:
2015-02-17 12:38:05,687 DEBUG [http-nio-7990-exec-10] user1 @5XY73Fx758x820x2 1wmspco 0:0:0:0:0:0:0:1 "GET /rest/api/latest/projects/DUM/repos/dummy/pull-requests/1/merge HTTP/1.1" c.a.s.r.e.ServiceExceptionMapper Mapping ServiceException to REST response 401
com.atlassian.stash.exception.AuthorisationException: You are not permitted to access this resource
at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[stash-platform-3.6.0.jar:na]
at com.atlassian.stash.internal.branch.model.DefaultBranchModelService$1.doInTransaction(DefaultBranchModelService.java:94) ~[na:na]
at com.atlassian.stash.internal.branch.model.DefaultBranchModelService$1.doInTransaction(DefaultBranchModelService.java:91) ~[na:na]
at com.atlassian.sal.core.transaction.HostContextTransactionTemplate$1.doInTransaction(HostContextTransactionTemplate.java:25) ~[sal-core-2.13.3.jar:na]
at com.atlassian.stash.internal.sal.spi.HostContextAccessorImpl.doInTransaction(HostContextAccessorImpl.java:27) ~[stash-platform-3.6.0.jar:na]
at com.atlassian.sal.core.transaction.HostContextTransactionTemplate.execute(HostContextTransactionTemplate.java:21) ~[sal-core-2.13.3.jar:na]
at com.atlassian.activeobjects.internal.SalTransactionManager.inTransaction(SalTransactionManager.java:48) ~[na:na]
at com.atlassian.activeobjects.internal.AbstractLoggingTransactionManager.doInTransaction(AbstractLoggingTransactionManager.java:19) ~[na:na]
at com.atlassian.activeobjects.internal.EntityManagedActiveObjects.executeInTransaction(EntityManagedActiveObjects.java:276) ~[na:na]
at com.atlassian.activeobjects.osgi.TenantAwareActiveObjects.executeInTransaction(TenantAwareActiveObjects.java:383) ~[na:na]
at com.atlassian.stash.internal.branch.model.DefaultBranchModelService.getModel(DefaultBranchModelService.java:91) ~[na:na]
at com.atlassian.stash.internal.branch.MergeConflictPropertyProvider.provideSourceStabilityProperty(MergeConflictPropertyProvider.scala:53) ~[na:na]
at com.atlassian.stash.internal.branch.MergeConflictPropertyProvider.provideProperties(MergeConflictPropertyProvider.scala:29) ~[na:na]
at com.atlassian.stash.internal.pull.PluginPullRequestEnricher.enrich(PluginPullRequestEnricher.java:75) ~[stash-service-impl-3.6.0.jar:na]
at com.atlassian.stash.internal.pull.DefaultPullRequestService.canMerge(DefaultPullRequestService.java:1030) ~[stash-service-impl-3.6.0.jar:na]
at com.atlassian.stash.internal.pull.DefaultPullRequestService.canMerge(DefaultPullRequestService.java:305) ~[stash-service-impl-3.6.0.jar:na]
at com.atlassian.stash.internal.rest.pull.PullRequestResource.canMerge(PullRequestResource.java:383) ~[stash-rest-3.6.0.jar:na]
at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) [applinks-plugin-4.3.5_1421009824000.jar:na]
at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:86) [StashAuthenticationFilter.class:na]
at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:111) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:77) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) [atlassian-trusted-apps-core-3.0.8.jar:na]
at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.9_1421009824000.jar:na]
at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:32) [analytics-client-3.53_1421009826000.jar:na]
at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) [analytics-client-3.53_1421009826000.jar:na]
at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:89) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:85) [stash-service-impl-3.6.0.jar:na]
at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) [ConfigurableWebFilter.class:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_60]
... 362 frames trimmed
Caused by: org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.2.5.RELEASE.jar:3.2.5.RELEASE]
... 31 common frames omitted
Attachments
Issue Links
- is caused by
-
-
- Closed
-
- relates to
-
-
- Closed
-