Bitbucket Scriptrunner - not to allow READ permission to BB projects

Hi

I have added below code for BB script Event handler to restrict user to not to select READ and Write permission to BB projects - default permission.

Below script works good for Write permission(not allowing WRITE permission), but it is allowing READ permission, even though i have this condition in the script.

But i want admin user to give and add users to User access and Group access.

I want to restrict only Default permission - not to allow READ and WRITE permission to the project.

 

Events selected for Event handler

Events: ProjectPermissionModificationRequestedEvent,ProjectPermissionModifiedEvent

Repositories/Projects (1) :All

 

import com.atlassian.bitbucket.event.project.ProjectModificationRequestedEvent
import com.atlassian.bitbucket.event.permission.ProjectPermissionModificationRequestedEvent
import com.atlassian.bitbucket.permission.Permission
def event = event as ProjectPermissionModificationRequestedEvent
def project = event.project
def permission = event.permission


// Add projects allowed to be public here
def publicProjects = ["test project"]
if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects)) {
event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

Thanks for your help in advance and appreciate it.

1 answer

1 accepted

3 votes

You weren't too far off getting it to work.

The issue is that you need to use the: com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent

This will handle preventing going from the default project permission of "No access" to "Read" or "Write"

So your script should look like:

import com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent
import com.atlassian.bitbucket.permission.Permission

def event = event as ProjectPermissionGrantRequestedEvent
def project = event.project
def permission = event.permission

// Add projects allowed to be public here
def publicProjects = ["test_proj"]

// we only want to block for the default permissions being changed
def groupOrUserChange = event.affectedUser || event.affectedGroup

if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects) && ! groupOrUserChange) {
    event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

With your event handler set up to listen for the ProjectPermissionGrantRequestedEvent.

I looked at the Bitbucket source code and it seems that the ProjectPermissionRevocationRequestedEvent, ProjectPermissionRevokeRequestedEvent and ProjectPermissionModificationRequestedEvent can be fired depending on the default project permissions you are changing from. Its not very intuitive which ones are fired and when, worth having a play around and see.

Hope this helps,
Adam 

Adam

Thanks for your quick response. i have tried above code, yes, it works, but it is not allowing to add users in "User access" and "Group Access".

I want to restrict default project permission for Read and Write, but allow to add in User access and Group access. see the screen shot below, when i add user with read or write permission, i am getting below error.

image2016-11-29 9:56:12.png

I've updated the script to work only for the default permissions.

It seems to use the same event for both and if theres no affected group or affected event then that means its a default permissions change.

Adam

Thank you very much and that works great.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

164 views 20 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you