Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.1.0, 5.16.2, 6.0.1
Affects Version/s: None
Component/s: Repositories
Labels:
- dob-pr

Support reference count:
1
Symptom Severity:
Severity 3 - Minor

Accessing the following specific URLs as a user who has only read access to a repository can see repository settings if they specifically use the following URLs

{BITBUCKET_URL}/projects/{PROJECT_SLUG}/repos/{REPO_SLUG}/settings/merge-checks
{BITBUCKET_URL}/projects/{PROJECT_SLUG}/repos/{REPO_SLUG}/settings/hooks
{BITBUCKET_URL}/projects/{PROJECT_SLUG}/settings/merge-checks
{BITBUCKET_URL}/projects/{PROJECT_SLUG}/settings/hooks

Expected Outcome:
Users receive a 401

Actual Outcome:
Users can see the checks and hooks. When you attempt to change them you receive a permissions error

causes

BSERV-14146 Hook settings rest endpoint is incorrectly documented as REPO_READ

Closed

mentioned in: Page Loading...

Assignee:: Kristy
Reporter:: Aaron
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 17/Jul/2018 2:46 PM
Updated:: 21/Jun/2023 12:43 AM
Resolved:: 11/Feb/2019 12:14 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates