Details
-
Bug
-
Resolution: Cannot Reproduce
-
Low
-
None
-
Severity 3 - Minor
-
1
-
1
-
Description
Issue Summary
It's possible to create a public repository under a private project using the API.
Steps to Reproduce
- Make sure the projects in your workspace are private
- Use the following request to create a repository under this workspace:
curl -X POST -u username:AppPassword -H "Content-Type: application/json" -d '{"scm": "git", "project": {"key": "{inform_the_project_key_here}" }}' https://api.bitbucket.org/2.0/repositories/{workspacename}/{repository_name}
- Don't specify if the repository is public or private and don't inform the project key
Expected Results
- You should receive a rejected request saying that you can't create a public repository in a private project.
Actual Results
- A public repository will be created under a private project
- You will not be able to delete this repository through the UI
- You may not be able to change the repository to private using the UI due to this other bug: https://jira.atlassian.com/browse/BCLOUD-21027
Workaround
- You can update the repo via a PUT request:
curl -X PUT -u username:AppPassword -H "Content-Type: application/json" -d '{"is_private": true}' https://api.bitbucket.org/2.0/repositories/{workspace_name}/{repository_name}
- If you specify the project key and it's a private project, you will receive an error message saying that "Private projects cannot contain public repositories"