Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
Problem
When a plugin job executor calls PullRequestService.searchByCommit, the call throws an exception because it requires an authenticated user. Escalating privileges with SecurityService.withPermission(Permission.REPO_READ, "reason") isn't enough.
A roughly similar call, PullRequestService.search does not require an authenticated user. searchByCommit applies stricter security predicates.
Proposed solution
Apply the same security predicate in PullRequestService.searchByCommit as PullRequestService.search.
Attachments
Issue Links
- is cloned from
-
BSERV-12097 Provide a bulk lookup API for pullRequestService.searchByCommit
- Gathering Interest