We have a repository with a number of read only users. However, these users appear to be able to edit and decline pull requests. The only difference between a user with commit access and a user without commit access appears to be the ability to merge. This seems counter-intuitive.
I would expect read only users to be able to approve of a pull request, comment on a pull request and edit/decline their own pull requests. I would not expect a read only user to be able to edit or decline other users pull requests.
Some additional information:
- The repository was a transfer from a user account to a newly created bitbucket team
- The team is listed as the owner of the repository
- The users have been added as members to the bitbucket team with read only access
- The users are also listed as read only access on the specific repositories access management page
- The overview page of the repository shows read permissions for the user