[BSERV-2507] Add permission to disable branch and tag deletion via git push

Type: Suggestion
Resolution: Done
Fix Version/s: 3.10.0
Component/s: Administration - Global Permissions, Projects - Permissions
Labels:
- pse-request

Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

It would be useful to have a separate permission to disable branch and tag deletion done via git push.

Ideally, this would be controlled independently of any permissions to delete branches and tags from the Stash web interface and is just intended to prevent accidental git push branch deletions.

is duplicated by

BSERV-3280 History protection / Branch deletion protection

Closed

BSERV-3567 Add option to deny branch deletion based on shell glob

Closed

BSERV-4175 Branch permissions control

Closed

BSERV-4227 Built-in support for blocking branch and tag deletion without administrative approval.

Closed

BSERV-7118 restrict ability to delete branches to REPO_ADMIN

Closed

is related to

BSERV-2521 Add commit hooks

Closed

BSERV-2586 Add user permission for allowing/denying non fast forward pushes

Closed

BSERV-5258 Option to disable deletion of certain branches when merging pull requests

Closed

BSERV-3794 Prevent moving/deleting tags

Gathering Interest

relates to

BSERV-2481 Branch Permissions

Closed

BSERV-3368 Expose Git level configuration options via the Stash UI

Closed

BSERV-7088 Turn off delete branch on merge pull request by default

Closed

BSERV-2758 Allow setting config options on hosted repository

Gathering Interest

mentioned in: Page Loading...; Page Loading...

(4 is related to, 4 relates to, 2 mentioned in)

Form Name

Christopher Timm added a comment - 16/Sep/2015 9:48 AM

The tag protection as part of branch protection is documented here:
https://confluence.atlassian.com/stash/branch-permission-patterns-313461041.html
A refernce to this documentation should suffice for now, as it provides a valid workaround, which we already use successfully.

Christopher Timm added a comment - 16/Sep/2015 9:48 AM The tag protection as part of branch protection is documented here: https://confluence.atlassian.com/stash/branch-permission-patterns-313461041.html A refernce to this documentation should suffice for now, as it provides a valid workaround, which we already use successfully.

Roger Barnes (Inactive) added a comment - 16/Sep/2015 8:23 AM

Hi xabierdavila,

I've linked to a related issue where we'll track the suggestion for better tag protection: STASH-3794.

In the meantime, it is already possible to protect tags by using a branch pattern match and explicitly entering a pattern using the full ref form, eg: refs/tags/foo-*

We'll get this fixed up in the documentation.

Roger Barnes (Inactive) added a comment - 16/Sep/2015 8:23 AM Hi xabierdavila , I've linked to a related issue where we'll track the suggestion for better tag protection: STASH-3794 . In the meantime, it is already possible to protect tags by using a branch pattern match and explicitly entering a pattern using the full ref form, eg: refs/tags/foo-* We'll get this fixed up in the documentation.

Xabier Davila added a comment - 15/Sep/2015 11:05 AM

I'm disappointed this issue has been closed without fixing the tag deletion issue.
I'm using Stash 3.11.1 and still can delete tags via

git push origin :refs/tags/foo-1.2.3

Xabier Davila added a comment - 15/Sep/2015 11:05 AM I'm disappointed this issue has been closed without fixing the tag deletion issue. I'm using Stash 3.11.1 and still can delete tags via git push origin :refs/tags/foo-1.2.3

Felix (Inactive) added a comment - 09/Jun/2015 1:19 AM

Starting with Stash 3.10.0 branch permissions can now "Prevent branch deletion". This will prevent deleting the branch both in the Stash UI as well as via pushes.

Felix (Inactive) added a comment - 09/Jun/2015 1:19 AM Starting with Stash 3.10.0 branch permissions can now "Prevent branch deletion". This will prevent deleting the branch both in the Stash UI as well as via pushes.

Michael Rappazzo added a comment - 22/Apr/2015 4:14 PM

I don't believe my plugin does that, but If I am not mistaken the plugin api would allow you to intercept that type of event.

Michael Rappazzo added a comment - 22/Apr/2015 4:14 PM I don't believe my plugin does that, but If I am not mistaken the plugin api would allow you to intercept that type of event.

Mark Gillespie added a comment - 22/Apr/2015 3:58 PM

@michael.rappazzo

I'm guessing your plugin also doesn't catch the stash merge delete issue I mentioned either?

Mark Gillespie added a comment - 22/Apr/2015 3:58 PM @michael.rappazzo I'm guessing your plugin also doesn't catch the stash merge delete issue I mentioned either?

Michael Rappazzo added a comment - 22/Apr/2015 3:43 PM

My company found the stash permissions lacking, so I was tasked to write a plugin which has more fined grained permissions. I made it use a syntax similar to gitolite (with RW+CD for permissions, regex branch names, and then user or group association), and added some of my own features. It didn't really take too long, so I would recommend this approach until stash catches up. We have been quite satisfied with this approach. Unfortunately, I can't release the source code at this point because it is a private company resource.

Michael Rappazzo added a comment - 22/Apr/2015 3:43 PM My company found the stash permissions lacking, so I was tasked to write a plugin which has more fined grained permissions. I made it use a syntax similar to gitolite (with RW+CD for permissions, regex branch names, and then user or group association), and added some of my own features. It didn't really take too long, so I would recommend this approach until stash catches up. We have been quite satisfied with this approach. Unfortunately, I can't release the source code at this point because it is a private company resource.

Ted W added a comment - 22/Apr/2015 1:30 PM

Another month, another comment to keep this thing alive.

Our organization has lost two release branches as a result of "branch permissions" not actually preventing all the methods in which a user can delete a branch. We've installed the "Protect Branches" Plugin, the "Protect Branches with unmerged pull requests" hook and configured the built in branch permissions and yet there is still a way to delete branches via the UI. Please make the branch permissions do what they advertise.

Ted W added a comment - 22/Apr/2015 1:30 PM Another month, another comment to keep this thing alive. Our organization has lost two release branches as a result of "branch permissions" not actually preventing all the methods in which a user can delete a branch. We've installed the "Protect Branches" Plugin, the "Protect Branches with unmerged pull requests" hook and configured the built in branch permissions and yet there is still a way to delete branches via the UI. Please make the branch permissions do what they advertise.

chendil added a comment - 10/Mar/2015 4:38 AM

it is bad that an user can delete the branches from UI even though STASH application has various level of permission inheritance and blocking an access at branch level, but just because of this issue, other features for restrictions is not worth.

Can STASH take this as a critical issue and develop a fix for this

chendil added a comment - 10/Mar/2015 4:38 AM it is bad that an user can delete the branches from UI even though STASH application has various level of permission inheritance and blocking an access at branch level, but just because of this issue, other features for restrictions is not worth. Can STASH take this as a critical issue and develop a fix for this

markgillespien added a comment - 03/Mar/2015 9:40 AM - edited

Will that plugin also prevent deletion of the branch in the Stash Merge UI, where the "Delete Source Branch After Merging" tickbox is?

EDIT: Sadly it seems not to.

markgillespien added a comment - 03/Mar/2015 9:40 AM - edited Will that plugin also prevent deletion of the branch in the Stash Merge UI, where the "Delete Source Branch After Merging" tickbox is? EDIT: Sadly it seems not to.

Assignee:: Unassigned

Reporter:: savviness

Votes:: 94 Vote for this issue

Watchers:: 83 Start watching this issue

Created:: 08/May/2012 7:50 AM

Updated:: 19/Sep/2019 5:48 AM

Resolved:: 09/Jun/2015 12:57 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Christopher Timm added a comment - 16/Sep/2015 9:48 AM

Expand comment: Christopher Timm added a comment - 16/Sep/2015 9:48 AM

Collapse comment: Roger Barnes (Inactive) added a comment - 16/Sep/2015 8:23 AM

Expand comment: Roger Barnes (Inactive) added a comment - 16/Sep/2015 8:23 AM

Collapse comment: Xabier Davila added a comment - 15/Sep/2015 11:05 AM

Expand comment: Xabier Davila added a comment - 15/Sep/2015 11:05 AM

Collapse comment: Felix (Inactive) added a comment - 09/Jun/2015 1:19 AM

Expand comment: Felix (Inactive) added a comment - 09/Jun/2015 1:19 AM

Collapse comment: Michael Rappazzo added a comment - 22/Apr/2015 4:14 PM

Expand comment: Michael Rappazzo added a comment - 22/Apr/2015 4:14 PM

Collapse comment: Mark Gillespie added a comment - 22/Apr/2015 3:58 PM

Expand comment: Mark Gillespie added a comment - 22/Apr/2015 3:58 PM

Collapse comment: Michael Rappazzo added a comment - 22/Apr/2015 3:43 PM

Expand comment: Michael Rappazzo added a comment - 22/Apr/2015 3:43 PM

Collapse comment: Ted W added a comment - 22/Apr/2015 1:30 PM

Expand comment: Ted W added a comment - 22/Apr/2015 1:30 PM

Collapse comment: chendil added a comment - 10/Mar/2015 4:38 AM

Expand comment: chendil added a comment - 10/Mar/2015 4:38 AM

Collapse comment: markgillespien added a comment - 03/Mar/2015 9:40 AM, Edited by markgillespien - 03/Mar/2015 10:03 AM

Expand comment: markgillespien added a comment - 03/Mar/2015 9:40 AM, Edited by markgillespien - 03/Mar/2015 10:03 AM

People

Dates

Backbone Issue Sync