The web service api/ce/submit API ignores the parameter sonar.branch when checking the scan permission on existing projects.
- Create a project with a branch (project key should be <project>:<branch>)
- Make sure the project has one user with the project-based Execute Analysis permission
- Make sure that user does not have the Global Execute Analysis permission
- Run the scanner with -Dsonar.projectKey=<project>:<branch> - the analysis executes successfully
- Run the scanner with -Dsonar.projectKey=<project> -Dsonar.branch=<branch> - the analysis fails with HTTP 403, whereas it should success
The permission correctly uses sonar.branch when provisioning the project (first analysis).