User has access to project and repository after global permission has been removed

Problem

User has access to project and repository after global permission has been removed.
Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user.

Environment

• Tested on 7.5 and 7.3

Steps to Reproduce

• Create group
• Create project and add the new group to write to it
• Create repo in project and push a file to it
• Add user to group and make sure the user can see a file
• Remove user from group
• Refresh page to see that file. Initially you'll get 403s but after trying a few times you get a 200 and are able to view the file

Expected Results

• the user should not have access when removed from the group
• the user should have access when added to the group

Actual Results

• The user can click the refresh buttons enough times until a pop up is displayed that states "User not permitted - You are not permitted to access this resource"
• The pop up has a "back to dashboard" button and a "close" hyperlink
• The user can click the "close" hyperlink and now has access to the repo

Workaround

Add the following to bitbucket.properties and restart

• http.scmrequest.async.enabled=false

Notes