Branch permissions not working as expected?

I've been experimenting with branch permissions on bitbucket cloud recently, and found some weird logic that seems to get applied, and I'm wondering whether it's supposed to work that way, or if I found bugs.

In short, we don't want to allow any commits to master direct, only PR's will be allowed there, all changes (bugfixes and new features) should be done via specific branches and merged to master after PR. Then we would like to standardize which branch names we allow to be created on our bitbucket instance. For features, they should start with feature/*, for bugfixes they should be bugfix/* (the slash groups things nicely together in sourcetree). We don't want to allow users to create branches with any other naming pattern.

First oddity I noticed was in regards to the 'Everyone' group that can be selected when configuring branch permissions. We only have one group with write access per repository, so using that group ("<reponame>-developers") should have the same effect as using 'Everyone'. So I created 4 branch permissions:

  • pattern: '*', nobody has write or merge access (this prevents using non-standardized branch names)
  • pattern: 'master', nobody has write access, 'Everyone' has merge access
  • pattern: 'feature/*', Everybody has write access, 'Allow deleting this branch' is checked
  • pattern: 'bugfix/*', Same as above

So the idea here is that topmost * pattern will prevent any non-standardized branch names to be created. The feature and bugfix ones are the exception on this. Stangly when using the 'Everyone' group, this does not work, users who do have write access can not create branches which should be allowed (e.g. 'freature/somefeature'). When I replace the 'Everyone' group with their designated developer group, this works perfectly. This isn't a big deal but sounds like a bug to me?

OK, so I replace 'Everyone' with the developer group and continue testing. Now I can do everything I expect to, I can create 'freature/*' and 'bugfix/*' branches and merge them into master, no problem. Only when I try to delete those feature and bugfix branches, it doesn't allow me to do this. I clearly checked 'Allow deleting this branch' on the feature and bugfix permissions, but this does not seem to overrule the default '*' pattern permission. Only if I remove that permission (or allow our developers group to write to it), can I delete those branches. It seems to me that if the 'feature/*' pattern overrules the '*' permission when creating and committing/pushing to these branches, the delete permission should also be overruled, no?

1 answer

This widget could not be displayed.

Same problem here. 

Bitbucket Branch permission is not working.

not working

Hi Ther,

I added one ADMIN user onto the * branch pattern (So that no one else has the permission to create such branches. :-) ) and allowed deletion of branches on it.

Now the deletion of branches on other branch patterns works fine. This is an issue with bitbucket i guess, but the above work around worked.

Hope this helps.

Regards

Chethan

Hi all

It is BLOCKER!

Today i can't add new employee in branch permissions.

I have error in browser console: branch-permissions:34 PUT https://bitbucket.org/!api/internal/repositories/{project}/{repName}/branch-restrictions/by-pattern/develop 400

branch-permissions:34 Uncaught TypeError: Cannot read property 'set' of undefined
at user-group-completion.js:108
at Array.forEach (<anonymous>)
at I.r.updateSource (user-group-completion.js:107)
at HTMLInputElement.dispatch (jquery.js:4435)
at HTMLInputElement.g.handle (jquery.js:4121)
at Object.trigger (jquery.js:4350)
at Object.e.event.trigger (jquery-migrate.js:493)
at HTMLInputElement.<anonymous> (jquery.js:4901)
at Function.each (jquery.js:374)
at e.fn.init.each (jquery.js:139)
at e.fn.init.trigger (jquery.js:4900)
at r.triggerChange (jquery.select2.js:1065)
at r.onSelect (jquery.select2.js:2793)
at r.selectHighlighted (jquery.select2.js:1718)
at r.<anonymous> (jquery.select2.js:748)
at HTMLUListElement.<anonymous> (jquery.select2.js:651)
at HTMLDivElement.dispatch (jquery.js:4435)
at HTMLDivElement.g.handle (jquery.js:4121)
at HTMLDivElement.n (raven.js?ae06***:377)
at HTMLDivElement.nrWrapper (branch-permissions:34)

When i add in write access - tab is created, but when i click on save button i see this error

Please, help me 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,327 views 8 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you