Community moderators have prevented the ability to post new answers.
There are a couple of ways to do this with SR4BB... you could have a pre-receive hook that does the block. But I think it's better that the personal repo owner knows that they can't open up their personal repos to pushes from elsewhere, so I would do it by blocking changes to the permissions.
Admin -> Script Event Handlers, add Custom Event Handler:
image2016-5-20 12:16:30.png
The script contains:
import com.atlassian.bitbucket.auth.AuthenticationContext import com.atlassian.bitbucket.event.CancelableEvent import com.atlassian.bitbucket.event.permission.RepositoryPermissionEvent import com.atlassian.bitbucket.event.permission.RepositoryPermissionGrantRequestedEvent import com.atlassian.bitbucket.permission.Permission import com.atlassian.bitbucket.permission.PermissionService import com.atlassian.bitbucket.project.ProjectType import com.atlassian.sal.api.component.ComponentLocator def event = event as RepositoryPermissionEvent def authContext = ComponentLocator.getComponent(AuthenticationContext) def permissionService = ComponentLocator.getComponent(PermissionService) if (event.repository.project.type == ProjectType.PERSONAL) { if (! permissionService.hasGlobalPermission(authContext.getCurrentUser(), Permission.ADMIN)) { if (event instanceof RepositoryPermissionGrantRequestedEvent && event.permission == Permission.REPO_READ) { return // allow users to grant read access } (event as CancelableEvent).cancel("You cannot change permissions on personal repositories") } }
I've made it so that global admins can change personal repo perms, and I've allowed users to grant and revoke READ perms but none other.
Oh - unfortunately BBS does not display the cancel message, it just displays some generic message. This is a bit annoying, probably a BBS RFE:
image2016-5-20 12:31:15.png
Thank you for the detailed response.
The remaining step would be to remove existing permissions for personal projects and repositories. I guess this would be using the script console?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
yep, several examples of bulk modifying perms here: https://scriptrunner.adaptavist.com/latest/bitbucket/ScriptConsole.html#_bulk_project_permissions_update
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Needs minor changes to make it work for repos rather than projects...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes sure
Currently, users can create a personal repository and assign repository permissions to other users to allow access. I am asking how to block users from pushing to somebody else's personal repository even if they have permissions to do so.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Robert...
Can you expand a little... by default, according to the docs, personal repos should not be accessible to other users. It's possible to expand the permissions to make them accessible to other users - are you saying you want to prevent them doing that? Or is something else going on here...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.