Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Scriptrunner - not to allow READ permission to BB projects

Raj Adluru
Raj Adluru November 28, 2016

Hi

I have added below code for BB script Event handler to restrict user to not to select READ and Write permission to BB projects - default permission.

Below script works good for Write permission(not allowing WRITE permission), but it is allowing READ permission, even though i have this condition in the script.

But i want admin user to give and add users to User access and Group access.

I want to restrict only Default permission - not to allow READ and WRITE permission to the project.

 

Events selected for Event handler

Events: ProjectPermissionModificationRequestedEvent,ProjectPermissionModifiedEvent

Repositories/Projects (1) :All

 

import com.atlassian.bitbucket.event.project.ProjectModificationRequestedEvent
import com.atlassian.bitbucket.event.permission.ProjectPermissionModificationRequestedEvent
import com.atlassian.bitbucket.permission.Permission
def event = event as ProjectPermissionModificationRequestedEvent
def project = event.project
def permission = event.permission


// Add projects allowed to be public here
def publicProjects = ["test project"]
if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects)) {
event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

Thanks for your help in advance and appreciate it.

Answer
Watch
Like adammarkham likes this
851 views

1 answer

1 accepted

3 votes
Answer accepted
adammarkham
adammarkham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 28, 2016

You weren't too far off getting it to work.

The issue is that you need to use the: com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent

This will handle preventing going from the default project permission of "No access" to "Read" or "Write"

So your script should look like:

import com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent
import com.atlassian.bitbucket.permission.Permission

def event = event as ProjectPermissionGrantRequestedEvent
def project = event.project
def permission = event.permission

// Add projects allowed to be public here
def publicProjects = ["test_proj"]

// we only want to block for the default permissions being changed
def groupOrUserChange = event.affectedUser || event.affectedGroup

if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects) && ! groupOrUserChange) {
    event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

With your event handler set up to listen for the ProjectPermissionGrantRequestedEvent.

I looked at the Bitbucket source code and it seems that the ProjectPermissionRevocationRequestedEvent, ProjectPermissionRevokeRequestedEvent and ProjectPermissionModificationRequestedEvent can be fired depending on the default project permissions you are changing from. Its not very intuitive which ones are fired and when, worth having a play around and see.

Hope this helps,
Adam 

View More Comments
Raj Adluru
Raj Adluru November 29, 2016

Adam

Thanks for your quick response. i have tried above code, yes, it works, but it is not allowing to add users in "User access" and "Group Access".

I want to restrict default project permission for Read and Write, but allow to add in User access and Group access. see the screen shot below, when i add user with read or write permission, i am getting below error.

image2016-11-29 9:56:12.png

Like
adammarkham
adammarkham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 29, 2016

I've updated the script to work only for the default permissions.

It seems to use the same event for both and if theres no affected group or affected event then that means its a default permissions change.

Like
Raj Adluru
Raj Adluru November 29, 2016

Adam

Thank you very much and that works great.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events