Help Center/ CodeArts Repo/ API Reference/ APIs/ V4/ Repository/ Obtaining the Branch-Level or Tag-Level Permissions of a CR Repository User
Updated on 2026-04-28 GMT+08:00
View PDF

Obtaining the Branch-Level or Tag-Level Permissions of a CR Repository User

Function

This API is used to obtain the branch-level or tag-level permission of the CR repository user.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

URI

GET https://{hostURL}/v4/repositories/{repository_id}/user-ref-permission

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

repository_id

Yes

Integer

Definition

You can query the project list to obtain the repository ID by calling the API used to query user's all repositories.

Constraints

N/A.

Value range:

1~2147483647
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

target_ref

Yes

String

Definition:

Branch or tag name.

Constraints:

Special characters such as [, , <, ~, ^, :, ?, *, !, (), ', ", | are not supported. It cannot end with a period (.), slash (/), or .lock. Branches must start with refs or head. Tags must start with refs or tag.

Value range:

1 to 210 characters.

Default value:

N/A.

action

No

String

Definition:

Action type, which can be used to query the permission of a specified action.

  • read: View.

  • review: Review.

  • approval: Approve.

  • create-change: Create a change request.

  • merge: Merge a change request.

  • create-delete: Create or delete a branch.

  • push: Push.

Enumeration values:

  • read

  • review

  • approval

  • create-change

  • merge

  • create-delete

  • push

change_request_iid

No

Integer

Definition:

ID of the change request in a repository.

Value range:

1~2147483647

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token. Obtain a token by calling the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the user token.

Constraints

Mandatory.

Range

1–100,000 characters.

Default Value

N/A.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

read

UserRefPermissionBasicDto object

Definition:

This API is used to view permission.

review

UserRefPermissionBasicDto object

Definition:

This API is used to review permission.

approval

UserRefPermissionBasicDto object

Definition:

Review permission.

create_change

UserRefPermissionBasicDto object

Definition:

Permission to create change requests.

merge

UserRefPermissionBasicDto object

Definition:

Permission to merge change requests.

create_delete

UserRefPermissionBasicDto object

Definition:

Permission to create and delete branches.

push

UserRefPermissionBasicDto object

Definition:

Push permission.
Table 5 UserRefPermissionBasicDto

Parameter

Type

Description

has_permission

Boolean

Definition:

Whether the user has the permissions.

Value range:

true: Yes; false: No.

is_protect

Boolean

Definition:

Whether it is protected branches.

Value range:

true: Yes; false: No.

Status code: 401

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Definition

Error code.

error_msg

String

Definition

Error message.

Status code: 403

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Definition

Error code.

error_msg

String

Definition

Error message.

Example Requests

GET https://{endpoint}/v4/repositories/1/user-ref-permission?target_ref=refs/head/master

Example Responses

Status code: 200

OK

{
  "read" : {
    "has_permission" : true,
    "is_protect" : false
  },
  "review" : {
    "has_permission" : true,
    "is_protect" : false
  },
  "approval" : {
    "has_permission" : true,
    "is_protect" : false
  },
  "create_change" : {
    "has_permission" : true,
    "is_protect" : false
  },
  "merge" : {
    "has_permission" : true,
    "is_protect" : false
  },
  "create_delete" : {
    "has_permission" : true,
    "is_protect" : false
  },
  "push" : {
    "has_permission" : true,
    "is_protect" : false
  }
}

Status code: 401

Unauthorized

{
  "error_code" : "DEV.00000003",
  "error_msg" : "Authentication information expired."
}

Status code: 403

Bad Request

{
  "error_code" : "CH.004403",
  "error_msg" : "Insufficient permissions. Apply for the required permissions and try again."
}

Status Codes

Status Code

Description

200

OK

401

Unauthorized

403

Bad Request

Error Codes

See Error Codes.

Parent topic: Repository