It's possible to create a public repository under a private project using the API

Issue Summary

It's possible to create a public repository under a private project using the API.

Steps to Reproduce

• Make sure the projects in your workspace are private
• Use the following request to create a repository under this workspace: 

curl -X POST -u username:AppPassword -H "Content-Type: application/json" -d '{"scm": "git", "project": {"key": "{inform_the_project_key_here}" }}' https://api.bitbucket.org/2.0/repositories/{workspacename}/{repository_name}

• Don't specify if the repository is public or private and don't inform the project key 

Expected Results

• You should receive a rejected request saying that you can't create a public repository in a private project.

Actual Results

• A public repository will be created under a private project
• You will not be able to delete this repository through the UI
• You may not be able to change the repository to private using the UI due to this other bug: https://jira.atlassian.com/browse/BCLOUD-21027 

Workaround

• You can update the repo via a PUT request:

  curl -X PUT -u username:AppPassword -H "Content-Type: application/json" -d '{"is_private": true}' https://api.bitbucket.org/2.0/repositories/{workspace_name}/{repository_name}

• If you specify the project key and it's a private project, you will receive an error message saying that "Private projects cannot contain public repositories"