Issue #8213 resolved

I deleted a repository that I shouldn't have been allowed to.

38 Zeros avatar38 Zeros created an issue

I imported all my repositories from Github and somehow Bitbucket automatically detected that one of them was a fork of an existing repository. Except that in my feed it labeled that earlier repository as a fork of mine.

Then I went through and cleaned out the repositories that I didn't want on this account.

And I mindlessly clicked through to the (owned by someone else) "forked" one, to delete it after deleting the repository that I imported that bitbucket thought had been forked.

And unfortunately I think it worked.

Here are the entries from my activity (in reverse chronological order, as listed): 38 Zeros 38 Zeros deleted keyvanfatehi/followingrobot 11 minutes ago 38 Zeros 38 Zeros deleted 38zeros/followingrobot 11 minutes ago

And here are the entries from the other account's activity: 38 Zeros deleted keyvanfatehi/followingrobot 11 minutes ago

And the repository is not listed at: https://bitbucket.org/keyvanfatehi/profile/repositories

Keep in mind I don't know if it ever was listed there -- I have no relation to the other account holder other than I forked one of their repositories on Github.

Comments (3)

  1. Brian Nguyen

    Hi,

    Thanks for letting us know. We are currently contacting the owner of that repository.

    We believe that the user forked your repository and inherited permissions such that you were given admin permission on the repository. We are currently confirming this with the user.

    Cheers, Brian

  2. keyvanfatehi

    Hi guys

    Yeah I forked the followingrobot project -- I don't think you should be able to delete someone else's fork of your public project, so it's definitely a bug.

    You don't need to restore it though as I did not make any source changes... I was mainly testing bitbucket's fork feature out and found that particular project interesting.

    I was really trying to "Star" the project, but bitbucket lacks that particular feature, so in order to 'bookmark' a project your only choice is to fork it or use the browser's bookmark feature.

  3. Brian Nguyen

    Hi,

    Thanks for replying. I believe that the problem is due to the fact that the fork inherits permissions be default, and as such users do this without really thinking about it. We have an issue #8201 open that should address this problem.

    In terms of "Starring" a project, you can always follow the project which works in much the same way. When you follow a repository it will appear in your dashboard.

    In terms of this issue, I don't class this as a security bug, so I will close this. However I'll look into changing the default on the fork form.

    Cheers, Brian

  4. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.