Determine whether authenticated user has "write" access to a repository? (BB-9628)

Issue #8542 open
freitaga
created an issue

If I'm not mistaken, there's currently no way to determine whether the authenticated user has write access to a specific repository using the Bitbucket API.

I know it is possible to determine whether it has "admin" access using the "privileges" resource. Similar goes for "read" access. Nonetheless determining if the user has "write" access is not possible without trying to actually write to the repository.

But determining "write"/"admin" access in advance is crucial for any serious application built upon the API.

My proposal is simply adapting following resource: https://confluence.atlassian.com/display/BITBUCKET/privileges+Endpoint#privilegesEndpoint-GETprivilegesforanindividual It is currently restricted to: "only the repository owner, a team account administrator, or an account with administrative rights on the repository can make this call."

Making this resource available to the user that is being queried (so the authenticated user can query this resource about himself for every repository) would solve the whole problematic, providing a clean way of determining the access level to a repository.

Comments (8)

  1. Philipp Kant

    Hi,

    I just stumbled upon this issue because I have the same problem as the original poster: determining whether the currently authenticated user has read and/or write access to a specific repository.

    Seeing that the issue is nearly two years old, I'd like to ask whether this is still being worked on, or maybe if there's a solution by now that I have missed?

    Best, Philipp

  2. Erik van Zijst staff

    I'm afraid it is not currently being worked on, but there is somewhat of a workaround.

    The 2.0 repositories API supports a role parameter that is used to filter a result set down according to the privileges the authenticated user has on them. For instance, to retrieve all of team "foo"'s repositories that the authenticated user can write to, hit:

    GET /2.0/repositories/{username}?role=contributor
    
  3. enji_bkk

    On our private server I no not have access to the 2.0 APIs nor to the 1.0 privileges end points. I came up with another workaround (windows CMD commands)

    curl -s -u %USER%:%PASSWORD% "https://my.server.url/rest/api/1.0/users?filter=%USER%&permission=REPO_WRITE&permission.projectKey=%PROJECT%&permission.repositorySlug=%REPOSITORY%" -w "\n%{http_code}\n" 
    
    • If user/password is not valid, I get an HTTP 401
    • If user/password is valid, and user has REPO_WRITE access, I get HTTP 200, with content:
    {"size":1,"limit":25,"isLastPage":true,"values":[{"name":"my-user-name","emailAddress":"","id":69073,"displayName":"my-user-name","active":true,"slug":"my-user-name","type":"NORMAL","links":{"self":[{"href":"https://my.server.url/users/my-user-name"}]}}],"start":0}
    
    • if user/password is valid, but user does NOT have REPO_WRITE access I get HTTP 200 and
    {"size":0,"limit":25,"isLastPage":true,"values":[],"start":0}
    

    This is giving the result I expect (success if REPO_WRITE is granted at either repository or project level, failure otherwise)

    (N.B.: in case I have a user whose name would match /my-user-name.*/, having REPO_WRITE permission, he would be returned too. The result should be parsed to find if one of the returned users is as exact match)

  4. Log in to comment