It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bitbucket Scriptrunner - not to allow READ permission to BB projects

Raj Adluru Nov 28, 2016

Hi

I have added below code for BB script Event handler to restrict user to not to select READ and Write permission to BB projects - default permission.

Below script works good for Write permission(not allowing WRITE permission), but it is allowing READ permission, even though i have this condition in the script.

But i want admin user to give and add users to User access and Group access.

I want to restrict only Default permission - not to allow READ and WRITE permission to the project.

 

Events selected for Event handler

Events: ProjectPermissionModificationRequestedEvent,ProjectPermissionModifiedEvent

Repositories/Projects (1) :All

 

import com.atlassian.bitbucket.event.project.ProjectModificationRequestedEvent
import com.atlassian.bitbucket.event.permission.ProjectPermissionModificationRequestedEvent
import com.atlassian.bitbucket.permission.Permission
def event = event as ProjectPermissionModificationRequestedEvent
def project = event.project
def permission = event.permission


// Add projects allowed to be public here
def publicProjects = ["test project"]
if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects)) {
event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

Thanks for your help in advance and appreciate it.

1 answer

1 accepted

3 votes
Answer accepted
Adam Markham [Adaptavist] Community Leader Nov 28, 2016

You weren't too far off getting it to work.

The issue is that you need to use the: com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent

This will handle preventing going from the default project permission of "No access" to "Read" or "Write"

So your script should look like:

import com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent
import com.atlassian.bitbucket.permission.Permission

def event = event as ProjectPermissionGrantRequestedEvent
def project = event.project
def permission = event.permission

// Add projects allowed to be public here
def publicProjects = ["test_proj"]

// we only want to block for the default permissions being changed
def groupOrUserChange = event.affectedUser || event.affectedGroup

if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects) && ! groupOrUserChange) {
    event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

With your event handler set up to listen for the ProjectPermissionGrantRequestedEvent.

I looked at the Bitbucket source code and it seems that the ProjectPermissionRevocationRequestedEvent, ProjectPermissionRevokeRequestedEvent and ProjectPermissionModificationRequestedEvent can be fired depending on the default project permissions you are changing from. Its not very intuitive which ones are fired and when, worth having a play around and see.

Hope this helps,
Adam 

Raj Adluru Nov 29, 2016

Adam

Thanks for your quick response. i have tried above code, yes, it works, but it is not allowing to add users in "User access" and "Group Access".

I want to restrict default project permission for Read and Write, but allow to add in User access and Group access. see the screen shot below, when i add user with read or write permission, i am getting below error.

image2016-11-29 9:56:12.png

Adam Markham [Adaptavist] Community Leader Nov 29, 2016

I've updated the script to work only for the default permissions.

It seems to use the same event for both and if theres no affected group or affected event then that means its a default permissions change.

Raj Adluru Nov 29, 2016

Adam

Thank you very much and that works great.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

...ipe.sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

1,974 views 1 19
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you