Details
-
Bug
-
Resolution: Handled by Support
-
Medium
Description
Today some of my non admin developers had clicked on an already removed integration and re-enabled the integration again.
The integration was with Codacy (codacy.com)
- A point in time Codacy updated the status of a build of a PR.
- An Admin user removed the Codacy integration.
- A non Admin user can click on the status and jump to Codacy to see the results.
- Codacy requests OAuth integration to add the project back into Codacy. (see attachment)
- This then causes analysis of projects that had been removed by Admin user of bitbucket and updates the build status again.
-
-
- Non Admin users should not be able to add integrations**
-
-
-
- When an integration is removed, build status should be removed as well**
-
-
-
- 3rd Party integrations should not request excessive permissions**
-