I am doing some work on Bitbucket Server 6.10.1 and I'm a little confused by the personal access token permissions. I created one with Project: Read and Repo: Read access. According to the docs at https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html I was expecting that I would NOT be able to create a pull request (since this should require Repo: Write) but it looks like I am able to create one.
I am sending a POST to http://localhost:7990/bitbucket/rest/api/1.0/projects/PROJECT_1/repos/rep_1/pull-requests with a body
Instead of a 403, I am getting a 201 Created.
To sanity test the tokens themselves, I also tried testing a git push using the two different tokens. I get a
fatal: remote error: Insufficient permissions
with the repo: read access, and I get a successful push with the repo: write token. So it looks like the tokens were valid and there is some level of authorization being handled, just not where I expected.
Can anyone help explain what is happening? I'm using a local version for integration testing, so could there be some differences with the permission model than what is used in other versions?
Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event