Details
-
Bug
-
Resolution: Fixed
-
High
-
4.1.0, 4.9.1, 4.14.1, 5.2.2
-
Severity 3 - Minor
-
Description
Summary
If a username contains an uppercase letter, AND the user has read only permissions to a repository, they are unable to add OR remove themselves as a "Reviewer" for a Pull Request.
Environment
User Directory - Embedded or Remote Directory
Version - Bitbucket Server 5.2.2, 4.14.1, 4.9.1, 4.1.0
Steps to Reproduce
- Create User with Capital letter in username field
- Apply "Bitbucket User" Global Permissions
- Apply Read Only access Permission to Repository
- Log in with new user and find active Pull Request in the Web UI
- Press the "+" symbol for "Add yourself as a reviewer" OR Press the "-" symbol after hovering over your name.
Expected Results
Be added or removed as a Reviewer as only Read Permissions are required. Usernames that are all lowercase can use this feature as expected.
Actual Results
The following pop-up is displayed:
The below exception is thrown in the atlassian-bitbucket.log file:
"POST /rest/api/latest/projects/BIT/repos/<Repository Name>/pull-requests/1/participants HTTP/1.0" c.a.s.i.r.e.ServiceExceptionMapper Mapping ServiceException to REST response 401 com.atlassian.bitbucket.AuthorisationException: You do not have permission to update reviewers.
Workaround
As a workaround, the Pull Request can be edited by the creator or those with similar permission to manually add or remove the reviewer on the Pull Request.