Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-7118

restrict ability to delete branches to REPO_ADMIN

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Duplicate
    • None
    • API - REST, UI
    • None
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      In order to protect maintenance and release branches in Stash from being deleted via git push using refspecs, we used the ref-change-settings plugin. This restricted the ability to delete branches only to administrators.

      Unfortunately, with release 2.8, Stash offers anyone with the REPO_WRITE permission on a repository to delete any branch in that repository from the Branches tab in the Stash UI. (see STASH-3347).

      This was followed by the new REST API offered by the Branch Utilities Plugin, which also allowed anyone with the REPO_WRITE permission on a repository to delete any branch in that repository.

      The ref-change-settings plugin does not get called here and thus cannot help us protect these branches anymore.

      It would be a good idea to restrict such destructive actions (as was the intent of the ref-change-settings plugin) to a smaller group of people (e.g. people with the REPO_ADMIN permission)

            Unassigned Unassigned
            gthomas.cs02 george thomas
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: