Change notice - Updating commit status permissions
On May 21, 2021 Bitbucket /2.0/.../commit/{node}/statuses/build API for creating and retrieving commit build statues will have updated permissions. Only the creator of the build status will be able to overwrite existing records (PUT/POST requests). If you are using this API endpoint, please read on.
While writing new commit statuses only requires the repository:read scope we will be restricting any subsequent modifications (PUT requests) to the author that originally created the status.
During POST requests, if the specified key already exists, the existing status object will be overwritten. The restriction will apply in this case too.
The account object of the commit status author will be added to the API response.
Admins of the repo are exempt and will be able to continue overwriting existing build statuses.
Also, this change will not be retroactive. Commit statuses created before May 21, 2021 will not have this restriction.
What action do you need to take?
If you are using the commit status API and your client overwrites existing build status records, you'll need to ensure that the user that creates the build status is the same user that is updating the object (POST/PUT requests). If not, you'll need to update your integration so that only a single user is creating and updating a specific commit status.