Replicate Stash branch permissions in local Git repo

I have been experimenting with git branch permissions in Stash, but I may be missing something, as in my current understanding there appears to be a flaw in the branch permissions model.

I've successfully defined branch permissions to let certain users push only to a particular branch, call it "feature1", whilst another user (the build manager) is able to push to master. This means that the build manager can merge changes from feature1 to master in his local repo and push them to Stash. The other users can't push from their local master branch to Stash, but there appears to be nothing to stop them either working on master (by mistake) or merging to master in their local repo (again by mistake). Then when they try to push, the Stash branch permission prevents it, leaving them with a commit that can't go anywhere and which has to be removed using a hard reset.

In other words, how can I replicate the branch permissions in a Stash repo down to the local repo? I know that users can pretty much do what they like in their own repo, but it would be good to have some scheme that prevented accidental commits and merges to the wrong local branch.

I don't currently use Pull requests, if that is part of the answer.

2 answers

1 accepted

1 vote

Hi John,

You are correct in recognizing that users can in fact do whatever they want. The advantage of a distributed version control system :)

You can create a pre-commit hook (see https://www.kernel.org/pub/software/scm/git/docs/githooks.html) that can be added to the local repositories of your users that will abort the commit if the commit is about to commited to master.

E.g. something like this:

#!/bin/sh
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments.  The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-commit".


CURRENT_BRANCH=`git rev-parse --abbrev-ref HEAD`

if [ "$CURRENT_BRANCH" == "master" ] ; then
    echo "You are trying to commit to the master branch."
    echo ""
    echo "Commit directly to master is forbidden"
    exit -1
fi

But again, this only works if users actually add the pre-receive hook to their local repositories so it's not enforcing anything only helping to prevent doing the wrong thing.

HTH,

Stefan

Hi Stefan,

Sorry for the delay in acknowledging your reply, but this is very helpful and I will give it a try. I can probably sell it with "it's in your own best interests to do this" and since I have a fairly small development team to deal with who are new to Git it'll probably be bought!

Thanks, and best regards,

John

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

2,007 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you