com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource

Atlassian JIRA | Gustavo Refosco [Atlassian] | 4 months ago
  1. 0

    h3.Summary A user, who's a reviewer in the pull request and have access to the target repository, isn't able to re-open this pull request after it has been declined, receiving a "User not permitted" exception. h3.Environment *Pull request configuration* * Source: bitbucket483one-userbfork / branch feature1 * Destination: bitbucket483one / branch master * No merge conflict involved *Users* * usera * userb *Repositories involved* * bitbucket483one ** usera is admin. ** userb has write permission. * bitbucket483one-userbfork ** Fork made by userb. Only userb has access h3.Steps to Reproduce # *bitbucket483one* is created and some code is committed to it on *master*. # *userb* forks the repository, creating *bitbucket483one-userbfork*. # *userb* creates the branch *feature1* from *master* on his fork. # *userb* commits a new file to branch *feature1*. # *userb* creates a pull request from *bitbucket483one-userbfork/feature1* to *bitbucket483one/master*, and adds *usera* as a reviewer. # The pull request is declined. # *usera* accessed the pull request and tries to re-open it. h3.Expected Results * The "Re-open" button shouldn't be available to the *usera*, since this user doesn't have the *Read* permission on the source repository. The reason for that is because the branch may have been updated on the source repository, and by reopening it the *usera* would be essentially giving himself access to new changes he doesn't have permission to see. h3.Actual Results * *usera* receives the following message: !usernotpermitted.png|thumbnail! * The below exception is thrown in the atlassian-bitbucket.log file: {noformat} 2016-08-10 19:05:44,507 DEBUG [http-nio-7990-exec-4] usera @666J1x1145x548x0 ujs29w 0:0:0:0:0:0:0:1 "POST /rest/api/latest/projects/PROJ/repos/bitbucket483one/pull-requests/1/reopen HTTP/1.1" c.a.s.i.r.e.ServiceExceptionMapper Mapping ServiceException to REST response 401 com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[bitbucket-platform-4.8.3.jar:na] at com.atlassian.stash.internal.pull.DefaultPullRequestService.checkRefExistsForReopen(DefaultPullRequestService.java:1130) ~[bitbucket-service-impl-4.8.3.jar:na] at com.atlassian.stash.internal.pull.DefaultPullRequestService.internalReopen(DefaultPullRequestService.java:1384) ~[bitbucket-service-impl-4.8.3.jar:na] at com.atlassian.stash.internal.pull.DefaultPullRequestService.reopen(DefaultPullRequestService.java:756) ~[bitbucket-service-impl-4.8.3.jar:na] at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26) ~[atlassian-plugins-core-4.1.8.jar:na] at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) ~[na:na] at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) ~[na:na] at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) ~[na:na] at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) ~[na:na] at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) ~[na:na] at com.atlassian.stash.internal.rest.pull.PullRequestResource.reopen(PullRequestResource.java:549) ~[bitbucket-rest-4.8.3.jar:na] at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) [applinks-plugin-5.2.2_1469663356000.jar:na] at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) [applinks-plugin-5.2.2_1469663356000.jar:na] at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) [applinks-plugin-5.2.2_1469663356000.jar:na] at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) [applinks-plugin-5.2.2_1469663356000.jar:na] at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24) [applinks-plugin-5.2.2_1469663356000.jar:na] at com.atlassian.plugin.connect.plugin.auth.scope.ApiScopingFilter.doFilter(ApiScopingFilter.java:81) [atlassian-connect-plugin-1.1.86-bitbucket-04.jar:na] at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:88) [classes/:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:109) [classes/:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [classes/:na] at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94) [atlassian-trusted-apps-core-4.2.0.jar:na] at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67) [atlassian-oauth-service-provider-plugin-2.0.3_1469663358000.jar:na] at com.atlassian.core.filters.ServletContextThreadLocalFilter.doFilter(ServletContextThreadLocalFilter.java:21) [atlassian-core-4.6.19.jar:na] at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) [atlassian-core-4.6.19.jar:na] at com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109) [atlassian-connect-plugin-1.1.86-bitbucket-04.jar:na] at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32) [jwt-plugin-1.5.11-0002_1469663358000.jar:na] at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:38) [analytics-client-5.2.7_1469663356000.jar:na] at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39) [analytics-client-5.2.7_1469663356000.jar:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:87) [classes/:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) [classes/:na] at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:86) ~[bitbucket-service-impl-4.8.3.jar:na] at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) ~[classes/:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[na:1.8.0_74] at java.lang.Thread.run(Thread.java:745) ~[na:1.8.0_74] ... 290 frames trimmed Caused by: org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.2.7.RELEASE.jar:3.2.7.RELEASE] ... 34 common frames omitted {noformat} h3.Workaround * Give *usera* at least a *Read* permission on the source repository.

    Atlassian JIRA | 4 months ago | Gustavo Refosco [Atlassian]
    com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource

    Root Cause Analysis

    1. com.atlassian.bitbucket.AuthorisationException

      You are not permitted to access this resource

      at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing()
    2. com.atlassian.stash
      DefaultPullRequestService.reopen
      1. com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36)[bitbucket-platform-4.8.3.jar:na]
      2. com.atlassian.stash.internal.pull.DefaultPullRequestService.checkRefExistsForReopen(DefaultPullRequestService.java:1130)[bitbucket-service-impl-4.8.3.jar:na]
      3. com.atlassian.stash.internal.pull.DefaultPullRequestService.internalReopen(DefaultPullRequestService.java:1384)[bitbucket-service-impl-4.8.3.jar:na]
      4. com.atlassian.stash.internal.pull.DefaultPullRequestService.reopen(DefaultPullRequestService.java:756)[bitbucket-service-impl-4.8.3.jar:na]
      4 frames
    3. com.atlassian.plugin
      ContextClassLoaderSettingInvocationHandler.invoke
      1. com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26)[atlassian-plugins-core-4.1.8.jar:na]
      1 frame
    4. org.eclipse.gemini
      LocalBundleContextAdvice.invoke
      1. org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)[na:na]
      2. org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)[na:na]
      3. org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70)[na:na]
      4. org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53)[na:na]
      5. org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)[na:na]
      5 frames
    5. com.atlassian.stash
      PullRequestResource.reopen
      1. com.atlassian.stash.internal.rest.pull.PullRequestResource.reopen(PullRequestResource.java:549)[bitbucket-rest-4.8.3.jar:na]
      1 frame
    6. com.atlassian.applinks
      ContextFilter.doFilter
      1. com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)[applinks-plugin-5.2.2_1469663356000.jar:na]
      2. com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)[applinks-plugin-5.2.2_1469663356000.jar:na]
      3. com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)[applinks-plugin-5.2.2_1469663356000.jar:na]
      4. com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)[applinks-plugin-5.2.2_1469663356000.jar:na]
      5. com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)[applinks-plugin-5.2.2_1469663356000.jar:na]
      5 frames
    7. com.atlassian.plugin
      ApiScopingFilter.doFilter
      1. com.atlassian.plugin.connect.plugin.auth.scope.ApiScopingFilter.doFilter(ApiScopingFilter.java:81)[atlassian-connect-plugin-1.1.86-bitbucket-04.jar:na]
      1 frame
    8. com.atlassian.stash
      BeforeLoginPluginAuthenticationFilter.doFilter
      1. com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:88)[classes/:na]
      2. com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:109)[classes/:na]
      3. com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75)[classes/:na]
      3 frames
    9. com.atlassian.security
      TrustedApplicationsFilter.doFilter
      1. com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94)[atlassian-trusted-apps-core-4.2.0.jar:na]
      1 frame
    10. com.atlassian.oauth
      OAuthFilter.doFilter
      1. com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67)[atlassian-oauth-service-provider-plugin-2.0.3_1469663358000.jar:na]
      1 frame
    11. com.atlassian.core
      AbstractHttpFilter.doFilter
      1. com.atlassian.core.filters.ServletContextThreadLocalFilter.doFilter(ServletContextThreadLocalFilter.java:21)[atlassian-core-4.6.19.jar:na]
      2. com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)[atlassian-core-4.6.19.jar:na]
      2 frames
    12. com.atlassian.plugin
      ThreeLeggedAuthFilter.doFilter
      1. com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109)[atlassian-connect-plugin-1.1.86-bitbucket-04.jar:na]
      1 frame
    13. com.atlassian.jwt
      JwtAuthFilter.doFilter
      1. com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32)[jwt-plugin-1.5.11-0002_1469663358000.jar:na]
      1 frame
    14. com.atlassian.analytics
      AbstractHttpFilter.doFilter
      1. com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:38)[analytics-client-5.2.7_1469663356000.jar:na]
      2. com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39)[analytics-client-5.2.7_1469663356000.jar:na]
      2 frames
    15. com.atlassian.stash
      ConfigurableWebFilter.doFilter
      1. com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:87)[classes/:na]
      2. com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)[classes/:na]
      3. com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:86)[bitbucket-service-impl-4.8.3.jar:na]
      4. com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)[classes/:na]
      4 frames
    16. Java RT
      Thread.run
      1. java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[na:1.8.0_74]
      2. java.lang.Thread.run(Thread.java:745)[na:1.8.0_74]
      2 frames