Details
-
Bug
-
Resolution: Cannot Reproduce
-
Low
-
3.8.0
-
None
Description
A 401 unauthorized is thrown when trying to merge a conflicted pull request using REST if the user does not have read permission on the source repository. According to the documentation, the read permission is only needed on the target repository.
When using the following REST API for testing whether a pull request can be merged;
GET /rest/api/1.0/projects/<projectKey>/repos/<repositorySlug>/pull-requests/<pullRequestId>/merge
If a pull request is performed between 2 branches or a repo and a forked repo, if a user has Read permission on the target but not on the source and a conflict is met then the REST API returns an unauthorised 401 response.
If there is a conflict :
- if the user doesn't have REPO_READ on the source repository for the pull request, a 401 Unauthorized is received
- if the user has REPO_READ on the source repository, 200 OK is received as expected
The documentation for this states that this entry point only requires REPO_READ on the repository containing the pull request.
Workaround is to give permission to the users on both repositories/branches.
Attachments
Issue Links
- is duplicated by
-
BSERV-7968 "You are not permitted to access this resource" when viewing a Pull-Request
- Closed
- is related to
-
BSERV-7090 Merge conflict message not shown on the overview tab to read only users
- Closed
- relates to
-
BSERV-7974 Broken commit links in a cross-repository Pull Request
- Gathering Impact