Bug on Team Profile Project Privacy Broken

Issue #14115 wontfix
Esteban Fuentealba Fernández
created an issue

When you enter to the profile of a team, if all the projects are marked as private, the first time it doesn't show you anything, but if you change the tab again to projects it will show you all the team projects even if they are marked as private.

Tested using incognito mode:

step1 enter to the url projects

enter another tab

go back to the projects tab

Comments (7)

  1. Abhin Chhabra staff

    Hi @Esteban Fuentealba Fernández,

    I'm having trouble reproducing this issue. Could you please help me out with more detail? For example, what lead you to run this test in incognito on your side? Did you get a report from a person outside your team that they could see your projects?

    Could you run a browser inspector in network mode and gather some data about the network calls? For example, in chrome you can copy the network calls as cUrl and that includes a lot of information that would be helpful for us. Since you're doing all this in an incognito window, the network calls shouldn't include things like your logged in session ID and hence should be safe to share here.

  2. Esteban Fuentealba Fernández reporter

    @Abhin Chhabra thanks for reply, i tested today using a different windows and now it doesn't work again.

    I don't know if it can be related to a browser-cache or server-cache response.

    But i will tell you what i did was, modify all the projects to private, then open a new Incognito windows and do the thing i mentioned in the issue., in the screen doesn't show you anything but i checkout that the requests were made to the server when you change the tabs.

    I did test and i know what happens, it's pretty much that the second time the page use the request use the previous answer when you switch tab.

    You can reproduce the error with the following steps:

    View projects of a group with no public projects: (This team doesn't have any projects yet.) Set 1 project to public: if you enter to the url of the profile it show you 1

    now switch tab, go back This team doesn't have any projects yet.

    i recorded you a video, with my 2 screens in one i have a session logged in as an administrator of the group in the other screen as not logged user

  3. Abhin Chhabra staff

    I can confirm that this is not browser based caching related. The caching headers for that projects request are very caching-prohibitive.

    I'm fairly confident that this is server side caching. I've also noticed that I cannot reproduce this problem reliably. In addition, when I manage to reproduce it, the error is short lived. Further refreshes lead to the correct value.

    This leads me to strongly suspect that this is related to the GET request going to a read-replica of the database. And there is often a very small replication lag (which sometimes goes as high as a few seconds). So it is part of Bitbucket's DB design that causes this to happen and it's not something we can easily change or are too concerned by. Changing permissions on objects will take a few seconds to become consistent across the DB cluster and that's kinda the trade-off we have to live with in order to scale Bitbucket to serve millions of users.

    I really do appreciate you taking the time to give us feedback. Unfortunately, in this case, there's little we can do. I'm going to mark this ticket as "won't fix", but please don't let that deter you from giving us further feedback.

  4. Esteban Fuentealba Fernández reporter

    @Abhin Chhabra Thanks for taking time to replicate and give a technical answer, i agree on that is not critical error and have really low impact, but it's still a little bug. Also i really appreciate the fact that you read the bug report and spend time diggin on it, it's good to help and i will report anything that i see is wrong or defective ;), i'm a programmer to so always happy to help...

    Regards

  5. Log in to comment