Is it possible to use the diff API across a private fork?
For example, if I have a private repository named: `repo/test` and I create a private fork of it `forked/test`. And and then I create a pull request from `forked/test` with a target of master on the original `repo/test`. I can see the pull request and changes in the bitbucket cloud UI, I can also use a url like this to compare the diff across the forked repository: https://bitbucket.org/repo/test/branches/compare/forked/test:f3609a3ec1e7..a36c91c1cf88#diff
Is there a way to get similar results to what the internal APIs are using? Because these pull requests are listed from the repo/test user's token so I would assume it would have the same behavior as the UI.
Hi @Daniil Penkin thanks for the quick response and helping test this out on your side. The message in the 404 is like this: "a36c91c1cf88..fork/test:f3609a3ec1e7"
Digging into this a little more and adding more context: we are using a bitbucket connect app access token for our authentication that is installed to the repo/test account and can request normal diffs within that account just fine.
This access token I am testing with does not have read access to the other fork/test repository, although it does list the forked pull request in the repo/test pull requests and its commits from the API. And any user of the repo/test repository can see the contents of the diff from this pull request on fork/test within the bitbucket UI even if it doesn't have access to the fork/test repo. I tried this out with another user account forking the repo into a private repo that my main account doesn't have access to and it still shows the diff in the UI for the pull request. However I can't request it via the API without a 404.
So I guess my theory is that it seems like maybe the security model applied to at least bitbucket connect apps is inconsistent with a user in the UI.
Thanks again for any help here! Trying to help support some of our customers that are using this flow.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What was the resolution of this? I'm attempting to do the exact same and getting a 404 too. However, I have the required privileges on my user account!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Martyn Lloyd-Kelly We weren't able to reach a resolution here yet unfortunately. We were able to get things working for github, gitlab, and bitbucket server using a different method of accessing remote refs for the pull requests in the git repo itself. However still not sure if its possible with bitbucket cloud as those remote refs don't exist that we could tell and we were getting these 404's from the APIs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
However, I don't think the endpoint is going to provide us with what we need to address the issue here since its just comparing two individual commits, not the whole difference between the two HEAD commits. I'm instead going to try and create a pull request using the API, then extract the files to be changed from the PR (again using the API), and go from there. Not sure if that strategy may help you too?
```Thanks for responding to me though, its very much appreciated!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.