Bitbucket Scriptrunner - not to allow READ permission to BB projects

Hi

I have added below code for BB script Event handler to restrict user to not to select READ and Write permission to BB projects - default permission.

Below script works good for Write permission(not allowing WRITE permission), but it is allowing READ permission, even though i have this condition in the script.

But i want admin user to give and add users to User access and Group access.

I want to restrict only Default permission - not to allow READ and WRITE permission to the project.

 

Events selected for Event handler

Events: ProjectPermissionModificationRequestedEvent,ProjectPermissionModifiedEvent

Repositories/Projects (1) :All

 

import com.atlassian.bitbucket.event.project.ProjectModificationRequestedEvent
import com.atlassian.bitbucket.event.permission.ProjectPermissionModificationRequestedEvent
import com.atlassian.bitbucket.permission.Permission
def event = event as ProjectPermissionModificationRequestedEvent
def project = event.project
def permission = event.permission


// Add projects allowed to be public here
def publicProjects = ["test project"]
if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects)) {
event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

Thanks for your help in advance and appreciate it.

1 answer

1 accepted

3 votes

You weren't too far off getting it to work.

The issue is that you need to use the: com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent

This will handle preventing going from the default project permission of "No access" to "Read" or "Write"

So your script should look like:

import com.atlassian.bitbucket.event.permission.ProjectPermissionGrantRequestedEvent
import com.atlassian.bitbucket.permission.Permission

def event = event as ProjectPermissionGrantRequestedEvent
def project = event.project
def permission = event.permission

// Add projects allowed to be public here
def publicProjects = ["test_proj"]

// we only want to block for the default permissions being changed
def groupOrUserChange = event.affectedUser || event.affectedGroup

if ((permission == Permission.PROJECT_READ || permission == Permission.PROJECT_WRITE) && !(project.key in publicProjects) && ! groupOrUserChange) {
    event.cancel(" Read or Write permission is forbidden for project: $event.project.name")
}

With your event handler set up to listen for the ProjectPermissionGrantRequestedEvent.

I looked at the Bitbucket source code and it seems that the ProjectPermissionRevocationRequestedEvent, ProjectPermissionRevokeRequestedEvent and ProjectPermissionModificationRequestedEvent can be fired depending on the default project permissions you are changing from. Its not very intuitive which ones are fired and when, worth having a play around and see.

Hope this helps,
Adam 

Adam

Thanks for your quick response. i have tried above code, yes, it works, but it is not allowing to add users in "User access" and "Group Access".

I want to restrict default project permission for Read and Write, but allow to add in User access and Group access. see the screen shot below, when i add user with read or write permission, i am getting below error.

image2016-11-29 9:56:12.png

I've updated the script to work only for the default permissions.

It seems to use the same event for both and if theres no affected group or affected event then that means its a default permissions change.

Adam

Thank you very much and that works great.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,749 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you