How to disable file content editing in 4.13

After installing version 4.13, I realized that the new "edit file in browser" feature is enabled by default.  I attempted to use the feature and discovered a couple issues:

  1. I have an 'update' hook enabled on the repository to validate commit messages.  The 'update' hook does not appear to be invoked.  I was unable to reject commits for invalid commit message.
  2. I attempted to disable the file edit feature by setting content.upload.max.size=0.  This caused the "commit" button to be disabled, but did not disable the "edit" button.  I expected to see the "edit" button disabled.
  3. I was able to commit directly to the master branch.

 

This is an interesting feature, but it needs a bit more control.  For example, is there a way to prevent commits directly to master from this feature.  It should be possible to configure that all edits from the UI and REST API require a pull request.

Documentation should explain how to enforce commit message validation.

It seems the only control is on file size.  There should be a separate option to disable Edit and remove the button from the UI completely.

I've reverted to version 4.12.1 for now.

All that said, it is possible I overlooked some relevant documentation.  If these issues are already addressed, I would appreciate someone pointing me to the related docs.

 

Michael Giroux

 

2 answers

3 votes

The "edit in browser" feature was added in 4.13 but can be disabled by setting the following property in your bitbucket.properties file:

feature.file.editor=false

See the Bitbucket Server config properties for a full list of all configuration options

With respect to the issues you mentioned:

I have an 'update' hook enabled on the repository to validate commit messages.  The 'update' hook does not appear to be invoked.  I was unable to reject commits for invalid commit message.

I think you're referring to a pre-receive hook? Anyway, pre-receive hooks only get called when people push to a repository and not a branch or tag is updated through the browser or REST api (for example, merging a pull request, creating/deleting a branch or tag, or now editing a file in the browser). There is still a way for plugins to block these update attempts though.

If your plugin adds an event listener for the FileEditRequestedEvent, you'll get a callback just before the change is committed. Your event listener can validate the proposed change and call event.cancel(message) to prevent the change from going through.

I attempted to disable the file edit feature by setting content.upload.max.size=0.  This caused the "commit" button to be disabled, but did not disable the "edit" button.  I expected to see the "edit" button disabled.

As mentioned above, you can use the feature.file.editor flag to completely disable the feature

I was able to commit directly to the master branch.

The file edit feature should take your branch permissions into account. If you're able to directly push to the master branch, you will be able to directly commit on the master branch. The same permissions will apply if you create the commit in Bitbucket directly or you do it locally and push it up to Bitbucket. 

Michael, do you communicate with author of Editor for Bitbucket plugin? It does the same thing. We already paid it. The standard 4.13 editor ignored totally all branch permissions and make direct commits sad It also does not configurable per repository and it also can't deny changes without pull request. We turn it off via bitbucket.properties...

>The file edit feature should take your branch permissions into account.

It does not. We tested it. Check if branch permission deny changes without pull request and try to edit file.

@Alexey Efimov, can you provide more information about what doesn't work? We've tried to reproduce it on 4.13 and cannot reproduce the problem you reported; See the recording below: branch permissions are taken into account. 

edit-and-branch-permissions.png

Oops, missed master** pattern where i was present. So, sorry, my bad. Actually it work smile

Regarding Editor for Bitbucket, what you recommend? We need to throw it away, or Atlassian will create some solution for users of this plugin?

If your plugin adds an event listener for the FileEditRequestedEvent, you'll get a callback just before the change is committed.

Actually, we are not using a plugin.  We are using the standard Git hooks found in the repository/hooks directory.  We have a cron that adds a symlink to a site standard 'update' hook to all new repositories, and any repository that does not have an 'update' hook.  But as you say, this is a pre-receive hook.  I suspect we need to configure the commit-msg client side hook to achieve this.

The file edit feature should take your branch permissions into account.

I will retest using branch permissions.

Edit:  It is provided by core Bitbucket as of 4.13! I expected to see a ticket in the Bitbucket 4.13 release notes, and didn't notice the huge new section at the top of the release notes called, "Edit files from the browser."  Oops!

@Michael Heemskerk - why no mention at all of this new feature in BSERV-3032 ?   

 

I think this feature is provided by the "Editor for Bitbucket (Stash)" add-on and does not come included in the core Bitbucket offering (otherwise BSERV-3032 would not be an open ticket!).

You should be able to disable direct pushes through the add-on's own configuration menu (repository --> settings --> add-ons --> editor for bitbucket).

 

p.s. Don't forget to try my add-on!  Bit-Booster for Bitbucket Server

Thanks for pointing out that BSERV-3032 hadn't been updated yet. We've updated the description and added a comment.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,739 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you