Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12101

PullRequestService.searchByCommit should require same permission as PullRequestService.search

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 7.0.0
    • API - Java
    • None
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem

      When a plugin job executor calls PullRequestService.searchByCommit, the call throws an exception because it requires an authenticated user. Escalating privileges with SecurityService.withPermission(Permission.REPO_READ, "reason") isn't enough.

      A roughly similar call, PullRequestService.search does not require an authenticated user. searchByCommit applies stricter security predicates.

      Proposed solution

      Apply the same security predicate in  PullRequestService.searchByCommit as PullRequestService.search.

      Attachments

        Issue Links

          is cloned from

          Suggestion - BSERV-12097 Provide a bulk lookup API for pullRequestService.searchByCommit

          • Gathering Interest

          Activity

            People

              bplump Brent P
              ephillips@atlassian.com Edward
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: