Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Fix
Priority: Low
Fix Version/s: None
Affects Version/s: 8.9.0, 8.19.0, 9.4.0, 9.6.0
Component/s: API - REST
Labels:
- ewt-ctb-improve-existing

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
1
EWT (CtB, RtB, DP):
CtB - Improve Existing

Issue Summary

The REST API endpoints for creating default reviewer conditions do not validate the "requiredApprovals" value passed in the payload:

REST APIs:

Create default reviewers condition at the Project level: https://developer.atlassian.com/server/bitbucket/rest/v819/api-group-pull-requests/#api-default-reviewers-latest-projects-projectkey-condition-post

Create default reviewers condition at the Repo level:
https://developer.atlassian.com/server/bitbucket/rest/v819/api-group-pull-requests/#api-default-reviewers-latest-projects-projectkey-repos-repositoryslug-condition-post

Because there's no validation, it is possible to create default reviewer conditions where the number of approvals required exceeds the configured default reviewers:

Samples:

In contrast, the UI caps the number of "Approvals required" dropdown field based on the number of users in the "Default reviewers" field:

Steps to Reproduce

Create default reviewer conditions via API.

Sample:

curl -k -u <BITBUCKET_ADMIN_USER> '<BITBUCKET_BASE_URL>/rest/default-reviewers/latest/projects/PROJ1/repos/repo1/condition' \
-H 'Content-Type: application/json' \
-d '{
    "sourceMatcher": {
        "active": true,
        "id": "ANY_REF_MATCHER_ID",
        "displayId": "ANY_REF_MATCHER_ID",
        "type": {
            "id": "ANY_REF",
            "name": "Any branch"
        }
    },
    "targetMatcher": {
        "id": "refs/heads/master",
        "displayId": "master",
        "type": {
            "id": "BRANCH",
            "name": "Branch"
        },
        "active": true
    },
    "reviewers": [
        {
            "slug": "user1",
            "id": 52
        },
        {
            "slug": "user2",
            "id": 102
        }        
    ],
    "requiredApprovals": 100
}'

set "requiredApprovals" to 100
however, there are only 2 users in the "reviewers" list

Expected Results

API endpoints should not allow setting "requiredApprovals" value to be more than the users in the "reviewers" list.

It should have validation consistent with the Bitbucket UI behavior.

Actual Results

It's possible to create default reviewer conditions where the "requiredApprovals" value is more than the number of reviewers.

Workaround

Create default reviewer conditions via the UI.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

default-reviewers-modal.png
509 kB
25/Aug/2025 8:15 AM
default-reviewers-created-via-api.png
359 kB
25/Aug/2025 8:13 AM

is related to

BSERV-14131 Default PR reviewer rules can be created without any reviewers in them

Closed

Assignee:: Unassigned
Reporter:: JP Mariano
Votes:: 1 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: 25/Aug/2025 8:20 AM
Updated:: 02/Sep/2025 3:14 AM
Resolved:: 28/Aug/2025 5:28 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Attachments

Issue Links

Activity

People

Dates