Details
Description
Issue Summary
Identified in 5.16.3 and 7.18.2, the repository hooks API endpoint lists the permission for the GET method as REPO_READ. However, this conflicts with the repository permissions documentation, which states that the repository settings pages require Admin permission.
Resources:
- https://confluence.atlassian.com/bitbucketserver0516/using-repository-permissions-966061214.html
- https://confluence.atlassian.com/bitbucketserver0718/using-repository-permissions-1097182533.html
- https://docs.atlassian.com/bitbucket-server/rest/5.16.3/bitbucket-rest.html#idm46078929867776
- https://docs.atlassian.com/bitbucket-server/rest/7.18.2/bitbucket-rest.html#idp382
Steps to Reproduce
- Create user with read only permission to a repository
- Make a curl call to the hooks endpoint
curl -u user -k --request GET https://my.internal.bitbucket/rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/settings/hooks
Expected Results
(as per API documentation)
User should receive the hook settings for the repository.
Actual Results
The below exception is thrown:
{"errors":[{"context":null,"message":"You are not permitted to access this resource","exceptionName":"com.atlassian.bitbucket.AuthorisationException"}]}
Workaround
The user requesting this endpoint must have Admin permissions to the repository as noted in our repository permissions documentation.
Attachments
Issue Links
- is duplicated by
-
BSERV-14146 Hook settings rest endpoint is incorrectly documented as REPO_READ
- Closed