Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12646

User has access to project and repository after global permission has been removed

    XMLWordPrintable

    Details

      Description

      Problem

      User has access to project and repository after global permission has been removed.
      Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user.

      Environment

      • Tested on 7.5 and 7.3

      Steps to Reproduce

      • Create group
      • Create project and add the new group to write to it
      • Create repo in project and push a file to it
      • Add user to group and make sure the user can see a file
      • Remove user from group
      • Refresh page to see that file. Initially you'll get 403s but after trying a few times you get a 200 and are able to view the file

      Expected Results

      • the user should not have access when removed from the group
      • the user should have access when added to the group

      Actual Results

      • The user can click the refresh buttons enough times until a pop up is displayed that states "User not permitted - You are not permitted to access this resource"
      • The pop up has a "back to dashboard" button and a "close" hyperlink
      • The user can click the "close" hyperlink and now has access to the repo

      Workaround

      Add the following to bitbucket.properties and restart

      • http.scmrequest.async.enabled=false

      Notes

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mheemskerk Michael Heemskerk
              Reporter:
              nhansberry Nate Hansberry
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Backbone Issue Sync

                  • Synchronized with BBSJAC
                    Synced with:
                    BBSJAC-591
                    Issue sync status:
                    UP TO DATE
                    Last received:
                    Last sent: