Details
Medium Description
Summary
Users without project-specific access (or admins) can't search public projects.
Environment
(Optional - If Applicable)
- Bitbucket 5.16 and 5.15
- embedded and standalone ES
Steps to Reproduce
- Create a project and change the access to 'public'.
- Create a repository in that project, push code.
- Try to search the code as an admin -
- results returned - Log out and log in as a non-privileged user
- Try to search the code -
- no results returned - Give access permissions to the project to a non-privileged user
- Try to search the code as the same user - - results returned
Expected Results
Results returned for all public repositories for all users.
Actual Results
No results returned for public repositories if searched as a non-admin or non-privileged user.
atlassian-bitbucket.log:
User PT1 without permissions, public project, no result:
2018-12-17 06:44:05,853 DEBUG [http-nio-7990-exec-6] PT1 @P2308Cx404x856x1 1epu91b 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.a.b.i.s.s.DefaultSearchService [52] Search query: {
"bool": {
"must": {
"match": {
"content": {
"query": "code",
"operator": "and"
}
}
},
"should": {
"term": {
"fork": false
}
},
"filter": {
"term": {
"public": true
}
}
}
}
2018-12-17 06:44:05,886 DEBUG [http-nio-7990-exec-9] PT1 @P2308Cx404x855x0 1epu91b 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search execution took PT0.029S [29 ms], total number of hits: 0
2018-12-17 06:44:05,887 DEBUG [http-nio-7990-exec-9] PT1 @P2308Cx404x855x0 1epu91b 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search request execution took 50.90 ms [50 ms] for query 'code'
2018-12-17 06:44:05,890 DEBUG [http-nio-7990-exec-6] PT1 @P2308Cx404x856x1 1epu91b 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search execution took PT0.007S [7 ms], total number of hits: 0
2018-12-17 06:44:05,891 DEBUG [http-nio-7990-exec-6] PT1 @P2308Cx404x856x1 1epu91b 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search request execution took 40.77 ms [40 ms] for query 'code'
User PT1 with repository permission, public project, results returned:
2018-12-17 06:46:48,353 DEBUG [http-nio-7990-exec-8] PT1 @P2308Cx406x936x1 1ahjnk4 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.a.b.i.s.s.DefaultSearchService [52] Search query: { "bool": { "must": { "match": { "content": { "query": "code", "operator": "and" } } }, "should": { "term": { "fork": false } }, "filter": { "bool": { "should": [ { "terms": { "repositoryId": [ 12 ] } }, { "term": { "public": true } } ] } } } } 2018-12-17 06:46:48,374 DEBUG [http-nio-7990-exec-2] PT1 @P2308Cx406x935x0 1ahjnk4 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search execution took PT0.035S [35 ms], total number of hits: 0 2018-12-17 06:46:48,374 DEBUG [http-nio-7990-exec-2] PT1 @P2308Cx406x935x0 1ahjnk4 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search request execution took 52.07 ms [52 ms] for query 'code' 2018-12-17 06:46:48,391 DEBUG [http-nio-7990-exec-8] PT1 @P2308Cx406x936x1 1ahjnk4 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search execution took PT0.01S [10 ms], total number of hits: 1 2018-12-17 06:46:48,400 DEBUG [http-nio-7990-exec-8] PT1 @P2308Cx406x936x1 1ahjnk4 192.168.237.1 "POST /rest/search/latest/search HTTP/1.1" c.atlassian.bitbucket.search.timing Timing: Search request execution took 49.85 ms [49 ms] for query 'code'
Notes
The project is being indexed irrespectively if it's public or not. Looks like the permission issue.
Tested in 5.15 and 5.16.
Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available