PullRequestService.searchByCommit should require same permission as PullRequestService.search

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 7.0.0
    • Component/s: API - Java
    • None

      Problem

      When a plugin job executor calls PullRequestService.searchByCommit, the call throws an exception because it requires an authenticated user. Escalating privileges with SecurityService.withPermission(Permission.REPO_READ, "reason") isn't enough.

      A roughly similar call, PullRequestService.search does not require an authenticated user. searchByCommit applies stricter security predicates.

      Proposed solution

      Apply the same security predicate in  PullRequestService.searchByCommit as PullRequestService.search.

              Assignee:
              Brent P
              Reporter:
              Edward
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: