Validate Approver against Assignee for Pull Request

While creating a PULL REQUEST on BitBucket, we can choose the reviewers for the PULL REQUEST...but in our current setup, anybody (other than the one who created the PULL REQUEST) can approve / reject the PULL REQUEST. Is there a way to authenticate / validate, if the person approving / rejecting the PULL is among the list of people to whom the PULL REQUEST was assigned for review ?

 

2 answers

Anybody including the one's with READ and/or WRITE access? You can limit the "merge" permission, but I'm not sure about who can 'approve/decline' it other than the reviewers.

Anyone with the appropriate permissions on the repo will be able to review pull requests.  Remember that 'approving' a pull request is just a thumbs-up, it doesn't actually merge the request.

This defeats the very purpose of having a "Reviewers" field while creating a PULL REQUEST. When a user / list of users / a group is requested for performing a review of a PULL REQUEST, the system should ideally not allow anybody who is not on that list to approve the PULL REQUEST. Is there a mechanism where we can raise this as bug / enhancement request for Bitbucket development team ?

You can enter requests at jira.atlassian.com. If you do, put a link here so that people can view it and vote for it. I think the purpose, as conceived, of putting people into the "Reviewers" field is so that those people will get notifications (both within the web interface and in email) of the pull request, not necessarily to exclude other people with appropriate permissions on the repo itself from also reviewing. Of course only someone with 'write' permission on the repo (and the particular branch) can actually 'Merge' the pull request. 'Approving' it equates to nothing more than saying "looks good to me" (and, I suppose, potentially helping to meet the criteria of minimum approvals needed, which is maybe what you're trying to avoid uninvited reviewers from being able to do). One thing that might be helpful to you is the WorkZone plugin, which allows you to specify users as mandatory reviewers, if you want to prevent a pull request from being merged until specific individuals have signed off on it. https://marketplace.atlassian.com/plugins/com.izymes.workzone/versions#b3001002020

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,967 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you