Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Validate Approver against Assignee for Pull Request

Vijay kumar12
Vijay kumar October 13, 2015

While creating a PULL REQUEST on BitBucket, we can choose the reviewers for the PULL REQUEST...but in our current setup, anybody (other than the one who created the PULL REQUEST) can approve / reject the PULL REQUEST. Is there a way to authenticate / validate, if the person approving / rejecting the PULL is among the list of people to whom the PULL REQUEST was assigned for review ?

 

Answer
Watch
Like Be the first to like this
583 views

2 answers

0 votes
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 14, 2015

Anyone with the appropriate permissions on the repo will be able to review pull requests.  Remember that 'approving' a pull request is just a thumbs-up, it doesn't actually merge the request.

View More Comments
Vijay kumar12
Vijay kumar October 14, 2015

This defeats the very purpose of having a "Reviewers" field while creating a PULL REQUEST. When a user / list of users / a group is requested for performing a review of a PULL REQUEST, the system should ideally not allow anybody who is not on that list to approve the PULL REQUEST. Is there a mechanism where we can raise this as bug / enhancement request for Bitbucket development team ?

Like
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 15, 2015

You can enter requests at jira.atlassian.com. If you do, put a link here so that people can view it and vote for it. I think the purpose, as conceived, of putting people into the "Reviewers" field is so that those people will get notifications (both within the web interface and in email) of the pull request, not necessarily to exclude other people with appropriate permissions on the repo itself from also reviewing. Of course only someone with 'write' permission on the repo (and the particular branch) can actually 'Merge' the pull request. 'Approving' it equates to nothing more than saying "looks good to me" (and, I suppose, potentially helping to meet the criteria of minimum approvals needed, which is maybe what you're trying to avoid uninvited reviewers from being able to do). One thing that might be helpful to you is the WorkZone plugin, which allows you to specify users as mandatory reviewers, if you want to prevent a pull request from being merged until specific individuals have signed off on it. https://marketplace.atlassian.com/plugins/com.izymes.workzone/versions#b3001002020

Like
Reply
0 votes
Deleted user October 14, 2015

Anybody including the one's with READ and/or WRITE access? You can limit the "merge" permission, but I'm not sure about who can 'approve/decline' it other than the reviewers.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events