That is the correct approach, but to boil it down to the very essentials, the primary goal here will be preventing un-reviewed code from being pushed to specific branch(es), and that part is actually really straightforward.
The post at https://blog.bitbucket.org/2013/09/16/take-control-with-branch-restrictions/ provide an introduction to the Branch Restrictions feature, that will prevent unauthorized changes to branches. Use this to ensure that only trusted people can merge changes.
Next, ask your outside developers to do all work on new branches, creating a different new branch for each topic of work, such as a specific bug or feature. When they feel their work is complete and ready to merge, they would file a Pull Request and add reviewers that are trusted to modify the protected branches. When the reviewers are satisfied that the changes are consistent with your code guidelines, they can "approve" to signal that this is confirmed, or "merge" to introduce it to another branch. If there are concerns, the reviewers can make comments directly against the pull request, or against individual lines in the "diff" to guide the submitter to make changes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.