Details
-
Bug
-
Resolution: Not a bug
-
Low
-
None
-
8.0.4, 8.1.4, 8.2.3, 7.17.11, 7.21.5, 8.3.2, 8.4.1, 8.5.0
-
None
-
1
-
Severity 3 - Minor
-
3
-
Description
Issue Summary
Having branch permissions on both project and repository level causes repository level permissions to be ignored when there is an exemption on project level branch permissions.
This is reproducible on Data Center: yes
Steps to Reproduce
- Go to a repository and create a feature branch named as test-branch
- Go to Project settings -> Branch permissions -> Add permissions
Select Branch pattern feature/ and add the following restrictions with an exempted user:- Prevent deletion (exempted user: user-a)
- Prevent changes without a pull request (exempted user: user-a)
- Prevent all changes (exempted user: user-a)
- Go to Repository settings -> Branch permissions -> Add permissions
Select Branch name(feature/test-branch) and add the following restrictions:- Prevent deletion (no exemption)
- Prevent changes without a pull request (no exemption)
- Prevent all changes (no exemption)
As a summary branch permissions will look like as in the following:
Expected Results
When logged in with the user user-a, with the branch permissions above(both with project and repository level branch permissions), user-a should not be able to delete the branch feature/test-branch .
Actual Results
The user user-a can delete the branch feature/test-branch.
Workaround
After removing Prevent deletion (exempted user: user-a) from project level branch permissions, user-a can not delete the branch feature/test-branch as expected.
