Validate Approver against Assignee for Pull Request

While creating a PULL REQUEST on BitBucket, we can choose the reviewers for the PULL REQUEST...but in our current setup, anybody (other than the one who created the PULL REQUEST) can approve / reject the PULL REQUEST. Is there a way to authenticate / validate, if the person approving / rejecting the PULL is among the list of people to whom the PULL REQUEST was assigned for review ?

 

2 answers

Anybody including the one's with READ and/or WRITE access? You can limit the "merge" permission, but I'm not sure about who can 'approve/decline' it other than the reviewers.

Anyone with the appropriate permissions on the repo will be able to review pull requests.  Remember that 'approving' a pull request is just a thumbs-up, it doesn't actually merge the request.

This defeats the very purpose of having a "Reviewers" field while creating a PULL REQUEST. When a user / list of users / a group is requested for performing a review of a PULL REQUEST, the system should ideally not allow anybody who is not on that list to approve the PULL REQUEST. Is there a mechanism where we can raise this as bug / enhancement request for Bitbucket development team ?

You can enter requests at jira.atlassian.com. If you do, put a link here so that people can view it and vote for it. I think the purpose, as conceived, of putting people into the "Reviewers" field is so that those people will get notifications (both within the web interface and in email) of the pull request, not necessarily to exclude other people with appropriate permissions on the repo itself from also reviewing. Of course only someone with 'write' permission on the repo (and the particular branch) can actually 'Merge' the pull request. 'Approving' it equates to nothing more than saying "looks good to me" (and, I suppose, potentially helping to meet the criteria of minimum approvals needed, which is maybe what you're trying to avoid uninvited reviewers from being able to do). One thing that might be helpful to you is the WorkZone plugin, which allows you to specify users as mandatory reviewers, if you want to prevent a pull request from being merged until specific individuals have signed off on it. https://marketplace.atlassian.com/plugins/com.izymes.workzone/versions#b3001002020

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

27,452 views 26 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you