Add branch restriction via REST API

Hi!

BItbucket 5.13.4

We are trying to use the restrictions REST Api
https://docs.atlassian.com/bitbucket-server/rest/5.0.1/bitbucket-ref-restriction-rest.html

We want to add/remove Repository Branch Restrictions via REST.

We are using a user with SYS_ADMIN permission and we are able to remove a restriction from a repo but we are not able to add a restriction via REST, we always receive a 401 error with the message
“You are not permitted to access this resource”.

The same user is able to add/remove restrictions via the Bitbucket GUI.

Any idea on what could be the problem would be greatly appreciated!

Thanks in advance,
Hans

Hi @computerpraxis,

Can you please show us the request you’re making? I believe that the GUI uses the public REST API so it seems unlikely that there is a bug - perhaps our REST API documentation is wrong, or there is a problem with your request. Knowing exactly what you tried would help us narrow that down.

Thanks,
Kristy
Developer on Bitbucket Server

Hi Kristy!

Thanx for Your reply!

{"type":"read-only","matcher":{"id":"**","displayId":"**","type":{"id":"PATTERN","name":"Pattern"},"active":true},"users":[],"groups":[],"accessKeys":[]}

This is the reply
statuscode 401
message: You are not permitted to access this resource
exceptionName: com.atlassian.bitbucket.AuthorisationException

Regards,
Hans

Hi!

Using the Chrome Developer Tools I see a different JSON payload being sent when adding a branch restriction via the GUI:

[{"matcher":{"id":"**","displayId":"**","type":{"id":"PATTERN"}},"scope":{"type":"REPOSITORY","resourceId":2205},"type":"read-only"}]`

So maybe there is aa problem with the docu ?

https://docs.atlassian.com/bitbucket-server/rest/5.0.1/bitbucket-ref-restriction-rest.html

regards,
Hans

Ah, it seems that the GUI uses the bulk interface instead.

I tried your Json payload on 5.13.4 and it seems to work fine:

> curl -v 'http://localhost:7990/bitbucket/rest/branch-permissions/latest/projects/PROJECT_1/repos/rep_1/restrictions'  -u admin:admin -H 'Content-Type: application/json' -d '{"type":"read-o
nly","matcher":{"id":"**","displayId":"**","type":{"id":"PATTERN","name":"Pattern"},"active":true},"users":[],"groups":[],"accessKeys":[]}'
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 7990 (#0)
* Server auth using Basic with user 'admin'
> POST /bitbucket/rest/branch-permissions/latest/projects/PROJECT_1/repos/rep_1/restrictions HTTP/1.1
> Host: localhost:7990
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 153
>
* upload completely sent off: 153 out of 153 bytes
< HTTP/1.1 200
< X-AREQUESTID: @MKAMO2x886x91x0
< X-AUSERID: 1
< X-AUSERNAME: admin
< Cache-Control: no-cache, no-transform
< Vary: X-AUSERNAME,Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: application/json;charset=UTF-8
< X-Content-Type-Options: nosniff
< Date: Thu, 22 Apr 2021 04:46:31 GMT
<
* Connection #0 to host localhost left intact
{"id":1,"scope":{"type":"REPOSITORY","resourceId":1},"type":"read-only","matcher":{"id":"**","displayId":"**","type":{"id":"PATTERN","name":"Pattern"},"active":true},"users":[],"groups":[],"accessKeys":[]}

Maybe there is something wrong with the authentication you’re using?

  • Are you using basic or bearer authentication?
  • Are you using a personal access token or the user’s password?
  • If you’re using a personal access token, what permission is it scoped to?
  • Do you have basic authentication disabled?

Hi!

Thanks for Your investigations!

I found out, that the Url for the REST Call was missing “stash”.
After adding that to the Url, adding a branch permission/restriction worked fine.

Interestingly, the removal of a branch permission/restriction worked fine before, WITHOUT having “stash” in the Url …

Everything works now.

Thanks & Regards,
Hans