PullRequestService.searchByCommit should require same permission as PullRequestService.search

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 7.0.0
    • Component/s: API - Java
    • None

      Problem

      When a plugin job executor calls PullRequestService.searchByCommit, the call throws an exception because it requires an authenticated user. Escalating privileges with SecurityService.withPermission(Permission.REPO_READ, "reason") isn't enough.

      A roughly similar call, PullRequestService.search does not require an authenticated user. searchByCommit applies stricter security predicates.

      Proposed solution

      Apply the same security predicate in  PullRequestService.searchByCommit as PullRequestService.search.

            Assignee:
            Brent P
            Reporter:
            Edward
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: