• Type: Bug
• Resolution: Fixed
• Priority: High
• Fix Version/s: 5.15.0
• Affects Version/s: 5.7.0, 5.11.1, 5.14.0
• Component/s: Dashboard, UI
• Labels:

  • dob-pr
  • ui

[BSERV-10926] Dashboard returns 401 when user loses permissions to repository recently pushed to

Owen made changes - 10/Apr/2019 6:47 AM

Workflow

Original: Stash Workflow - Restricted [ 2693995 ]

New: JAC Bug Workflow v3 [ 3136908 ]

Owen made changes - 24/Oct/2018 5:29 AM

Symptom Severity

Original: Minor [ 14432 ]

New: Severity 3 - Minor [ 15832 ]

SET Analytics Bot made changes - 07/Sep/2018 2:12 AM

UIS

Original: 11

New: 14

Stefan made changes - 07/Sep/2018 1:34 AM

Resolution		New: Fixed [ 1 ]
Status	Original: To be reviewed [ 10026 ]	New: Closed [ 6 ]

John van der Loo (Inactive) made changes - 06/Sep/2018 3:34 PM

Description

Original: h3. Summary Bitbucket Server return a 401 ("You are not permitted to view this page" error) on the dashboard when a user has recent pushes to repositories they no longer have access to. h3. Steps to reproduce  # Create a user (not a system admin) and give it permissions to a particular repository (or project)  # Push to the repository as that user  # Revoke permissions for the repository (or project) for this user  # View the dashboard page h3. Expected Dashboard page loads correctly, with the recent pushes to the repository that the user no longer has access to filtered out. h3. Actual The dashboard page does not load correctly (a 401 error page is returned). Note that if you remain on the dashboard while permissions are revoked, the XHR request to pull request suggestions will throw a 401, but the page will still work.

New: h3. Summary Bitbucket Server returns a 401 ("You are not permitted to view this page" error) on the dashboard when a user has recent pushes to repositories they no longer have access to. h3. Steps to reproduce  # Create a user (not a system admin) and give it permissions to a particular repository (or project)  # Push to the repository as that user  # Revoke permissions for the repository (or project) for this user  # View the dashboard page h3. Expected Dashboard page loads correctly, with the recent pushes to the repository that the user no longer has access to filtered out. h3. Actual The dashboard page does not load correctly (a 401 error page is returned). Note that if you remain on the dashboard while permissions are revoked, the XHR request to pull request suggestions will throw a 401, but the page will still work.

Collapse comment: Stefan added a comment - 06/Sep/2018 2:45 AM

Stefan added a comment - 06/Sep/2018 2:45 AM

ymartin - as a possible workaround, you can be granted at least REPOSITORY_READ permissions to the repository you pushed to. Note that the dashboard only shows recent pushes in the last 48 hours, so after 48 hours it should be possible to access the dashboard again.

Expand comment: Stefan added a comment - 06/Sep/2018 2:45 AM

Stefan added a comment - 06/Sep/2018 2:45 AM ymartin - as a possible workaround, you can be granted at least REPOSITORY_READ permissions to the repository you pushed to. Note that the dashboard only shows recent pushes in the last 48 hours, so after 48 hours it should be possible to access the dashboard again.

Stefan made changes - 06/Sep/2018 2:23 AM

Summary

Original: 401 error in the dashboard

New: Dashboard returns 401 when user loses permissions to repository recently pushed to

Stefan made changes - 06/Sep/2018 2:23 AM

Description

Original: h3. Summary Bitbucket Server shows 401 (You are not permitted to view this page) on the dashboard when a user who previously had permission but not anymore to a project, tries to view the project URL. h3. Steps to reproduce  # Using a non-admin account (User 1) push to Repository A in Project A (Now if the dashboard is visited, this push will show up in the recent pushes)  # Remove permissions on Repository A for User 1  # Visit the dashboard again / refresh the dashboard  # You are now shown the 401 error page  (Note that if you remain on the dashboard, the XHR request to pull request suggestions will throw a 401, but otherwise have no effect on the dashboard) h3. Suggested Behavior Instead of redirecting the user to the 401 page, it should ignore the suggested pull requests on repositories to which the user no longer has access.

New: h3. Summary Bitbucket Server return a 401 ("You are not permitted to view this page" error) on the dashboard when a user has recent pushes to repositories they no longer have access to. h3. Steps to reproduce  # Create a user (not a system admin) and give it permissions to a particular repository (or project)  # Push to the repository as that user  # Revoke permissions for the repository (or project) for this user  # View the dashboard page h3. Expected Dashboard page loads correctly, with the recent pushes to the repository that the user no longer has access to filtered out. h3. Actual The dashboard page does not load correctly (a 401 error page is returned). Note that if you remain on the dashboard while permissions are revoked, the XHR request to pull request suggestions will throw a 401, but the page will still work.

Stefan made changes - 06/Sep/2018 2:17 AM

Fix Version/s

New: 5.15.0 [ 81798 ]

Stefan made changes - 06/Sep/2018 2:17 AM

Status

Original: In Progress [ 3 ]

New: To be reviewed [ 10026 ]

Load more older events