We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-22526

Inaccurate repositories list for 2SV-enabled public workspaces

      Issue Summary

      In Bitbucket Cloud, the logic for displaying the list of workspace repositories that a user has access to is incorrect in the following scenario:

      • Public workspace with private repo(s)
      • 2SV enabled for the workspace
      • User without 2SV enabled accesses the workspace

      This is NOT reproducible on Data Center.

      Steps to Reproduce

      1. User A creates a public Bitbucket Cloud workspace
      2. User A creates a private repository in the new workspace
      3. User A updates the workspace access controls to require two-step verification
      4. User A grants User B access to the workspace
      5. User B disables 2SV on their Bitbucket Cloud account
      6. User B accepts the workspace invitation
      7. User B visits the workspace repositories list (`https://bitbucket.org/<workspace>/workspace/repositories`)

      Expected Results

      User B should not be able to see the private repository in the list of repositories, because their workspace requires 2SV but they have not enabled it for their user account.

      Actual Results

      User B is able to see the private repository in the workspace repositories list, even though they don't have 2SV enabled.

      If the user clicks on the repository name, they are navigated to the repository with only the top and side navigation visible (the content area of the page shows a spinner). 

      Workaround

      If the user hard refreshes the repository page (the one with the spinner), they are taken to the expected error page indicating that they need to enable 2SV.

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
            Uploaded image for project: 'Bitbucket Cloud'
            1. Bitbucket Cloud
            2. BCLOUD-22526

            Inaccurate repositories list for 2SV-enabled public workspaces

                Issue Summary

                In Bitbucket Cloud, the logic for displaying the list of workspace repositories that a user has access to is incorrect in the following scenario:

                • Public workspace with private repo(s)
                • 2SV enabled for the workspace
                • User without 2SV enabled accesses the workspace

                This is NOT reproducible on Data Center.

                Steps to Reproduce

                1. User A creates a public Bitbucket Cloud workspace
                2. User A creates a private repository in the new workspace
                3. User A updates the workspace access controls to require two-step verification
                4. User A grants User B access to the workspace
                5. User B disables 2SV on their Bitbucket Cloud account
                6. User B accepts the workspace invitation
                7. User B visits the workspace repositories list (`https://bitbucket.org/<workspace>/workspace/repositories`)

                Expected Results

                User B should not be able to see the private repository in the list of repositories, because their workspace requires 2SV but they have not enabled it for their user account.

                Actual Results

                User B is able to see the private repository in the workspace repositories list, even though they don't have 2SV enabled.

                If the user clicks on the repository name, they are navigated to the repository with only the top and side navigation visible (the content area of the page shows a spinner). 

                Workaround

                If the user hard refreshes the repository page (the one with the spinner), they are taken to the expected error page indicating that they need to enable 2SV.

                        Unassigned Unassigned
                        dparrish Dave Parrish [Atlassian]
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        2 Start watching this issue

                          Created:
                          Updated:

                            Unassigned Unassigned
                            dparrish Dave Parrish [Atlassian]
                            Affected customers:
                            0 This affects my team
                            Watchers:
                            2 Start watching this issue

                              Created:
                              Updated: