It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Branch permissions not working as expected?

I've been experimenting with branch permissions on bitbucket cloud recently, and found some weird logic that seems to get applied, and I'm wondering whether it's supposed to work that way, or if I found bugs.

In short, we don't want to allow any commits to master direct, only PR's will be allowed there, all changes (bugfixes and new features) should be done via specific branches and merged to master after PR. Then we would like to standardize which branch names we allow to be created on our bitbucket instance. For features, they should start with feature/*, for bugfixes they should be bugfix/* (the slash groups things nicely together in sourcetree). We don't want to allow users to create branches with any other naming pattern.

First oddity I noticed was in regards to the 'Everyone' group that can be selected when configuring branch permissions. We only have one group with write access per repository, so using that group ("<reponame>-developers") should have the same effect as using 'Everyone'. So I created 4 branch permissions:

  • pattern: '*', nobody has write or merge access (this prevents using non-standardized branch names)
  • pattern: 'master', nobody has write access, 'Everyone' has merge access
  • pattern: 'feature/*', Everybody has write access, 'Allow deleting this branch' is checked
  • pattern: 'bugfix/*', Same as above

So the idea here is that topmost * pattern will prevent any non-standardized branch names to be created. The feature and bugfix ones are the exception on this. Stangly when using the 'Everyone' group, this does not work, users who do have write access can not create branches which should be allowed (e.g. 'freature/somefeature'). When I replace the 'Everyone' group with their designated developer group, this works perfectly. This isn't a big deal but sounds like a bug to me?

OK, so I replace 'Everyone' with the developer group and continue testing. Now I can do everything I expect to, I can create 'freature/*' and 'bugfix/*' branches and merge them into master, no problem. Only when I try to delete those feature and bugfix branches, it doesn't allow me to do this. I clearly checked 'Allow deleting this branch' on the feature and bugfix permissions, but this does not seem to overrule the default '*' pattern permission. Only if I remove that permission (or allow our developers group to write to it), can I delete those branches. It seems to me that if the 'feature/*' pattern overrules the '*' permission when creating and committing/pushing to these branches, the delete permission should also be overruled, no?

1 answer

Same problem here. 

Bitbucket Branch permission is not working.

Hi Ther,

I added one ADMIN user onto the * branch pattern (So that no one else has the permission to create such branches. :-) ) and allowed deletion of branches on it.

Now the deletion of branches on other branch patterns works fine. This is an issue with bitbucket i guess, but the above work around worked.

Hope this helps.

Regards

Chethan

Hi all

It is BLOCKER!

Today i can't add new employee in branch permissions.

I have error in browser console: branch-permissions:34 PUT https://bitbucket.org/!api/internal/repositories/{project}/{repName}/branch-restrictions/by-pattern/develop 400

branch-permissions:34 Uncaught TypeError: Cannot read property 'set' of undefined
at user-group-completion.js:108
at Array.forEach (<anonymous>)
at I.r.updateSource (user-group-completion.js:107)
at HTMLInputElement.dispatch (jquery.js:4435)
at HTMLInputElement.g.handle (jquery.js:4121)
at Object.trigger (jquery.js:4350)
at Object.e.event.trigger (jquery-migrate.js:493)
at HTMLInputElement.<anonymous> (jquery.js:4901)
at Function.each (jquery.js:374)
at e.fn.init.each (jquery.js:139)
at e.fn.init.trigger (jquery.js:4900)
at r.triggerChange (jquery.select2.js:1065)
at r.onSelect (jquery.select2.js:2793)
at r.selectHighlighted (jquery.select2.js:1718)
at r.<anonymous> (jquery.select2.js:748)
at HTMLUListElement.<anonymous> (jquery.select2.js:651)
at HTMLDivElement.dispatch (jquery.js:4435)
at HTMLDivElement.g.handle (jquery.js:4121)
at HTMLDivElement.n (raven.js?ae06***:377)
at HTMLDivElement.nrWrapper (branch-permissions:34)

When i add in write access - tab is created, but when i click on save button i see this error

Please, help me 
-------------------------------------------

Update: workaround

--------------------------------------------

The reason of this - branch permission was created other employe before me, he leaves our company and we delete him account. But he was owner this branch permissions. I'm just remove his branch permissions and create new branch permission and after it's work fine. This is workaround, i want that Bitbucket company resolve this problem or create some toaster\alert\notification why you can not add user in older branch permission

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Atlassian supported Jenkins integration for Bitbucket Server

We’ve been building a plugin to integrate Bitbucket Server and Jenkins CI, and I’m excited to announce that our alpha is ready to download and install. It lets you seamlessly configure a Jenkins job ...

990 views 1 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you