Skip to content

feat(scopes): Add Distribution permission UI for integration tokens #102298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: no/add-project-distribution-permission
Choose a base branch
from
Draft

feat(scopes): Add Distribution permission UI for integration tokens #102298

wants to merge 1 commit into from
+32 −1

Conversation

@runningcode
Copy link
Contributor

This PR adds frontend support for the project:distribution permission scope, building on top of #102295.

Changes

  • Add Distribution resource to SENTRY_APP_PERMISSIONS with read-only access
  • Add project:distribution to API_ACCESS_SCOPES and ALLOWED_SCOPES
  • Update Permissions TypeScript type to include optional Distribution field
  • Add scope conversion logic for project:distribution in consolidatedScopes.tsx
  • Add hiddenPermissions prop to PermissionSelection component to filter out specific permissions
  • Use hiddenPermissions in personal token creation UI to hide Distribution permission

Behavior

Integration Tokens (Sentry Apps):

  • Can select Distribution permission with read-only access
  • Grants the project:distribution scope

Personal Tokens:

  • Distribution permission is hidden from the UI
  • Cannot access distribution-related endpoints

This ensures that only integration tokens can use the distribution permission, while personal tokens cannot.

Depends On

@runningcode
feat(scopes): Add Distribution permission UI for integration tokens
ff34867 
Add frontend support for the project:distribution permission scope:
- Add Distribution resource to SENTRY_APP_PERMISSIONS with read-only access
- Update scope lists and TypeScript types
- Add scope conversion logic for project:distribution
- Hide Distribution permission from personal token creation UI
  by adding hiddenPermissions prop to PermissionSelection component

This allows integration tokens to be created with Distribution
permission while preventing personal tokens from accessing it.
@github-actions github-actions bot added the Scope: Frontend Automatically applied to PRs that change frontend components label Oct 29, 2025
@runningcode runningcode mentioned this pull request Oct 29, 2025
Open
runningcode
runningcode commented Oct 29, 2025
View reviewed changes
static/app/views/settings/account/apiNewToken.tsx
setPermissions(p);
setPreview(getPreview());
}}
hiddenPermissions={['Distribution']}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure if this is a good idea or if there is a better way of doing this.
We want to filter the distribution permission from the personal tokens.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative would be to change this component to take PermissionObj[] as another argument (maybe 'displayedPermissionsor something). People who want to show all the boxes passSENTRY_APP_PERMISSIONS(which could also be the default argument) and people who want to show only some can pass:SENTRY_APP_PERMISSIONS.filter(o => o.resource !== "Distribution")` or whatever they like.

I think doing it positively (e.g. show acd) rather than negatively (e.g. show everything except b) is a bit more of a clear API.

chromy
chromy reviewed Oct 29, 2025
View reviewed changes
static/app/constants/index.tsx
},
{
resource: 'Distribution',
help: 'Distribution metadata for releases',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Maybe:

"Pre-release app distribution for trusted testers."

or something along those lines.

static/app/types/integrations.tsx
Team: PermissionValue;
Alerts?: PermissionValue;
Distribution?: PermissionValue;
};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How come only Alerts and Distribution are optional (with the ?).

static/app/views/settings/account/apiNewToken.tsx
setPermissions(p);
setPreview(getPreview());
}}
hiddenPermissions={['Distribution']}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative would be to change this component to take PermissionObj[] as another argument (maybe 'displayedPermissionsor something). People who want to show all the boxes passSENTRY_APP_PERMISSIONS(which could also be the default argument) and people who want to show only some can pass:SENTRY_APP_PERMISSIONS.filter(o => o.resource !== "Distribution")` or whatever they like.

I think doing it positively (e.g. show acd) rather than negatively (e.g. show everything except b) is a bit more of a clear API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chromy chromy chromy left review comments

Assignees

No one assigned

Labels

Scope: Frontend Automatically applied to PRs that change frontend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@runningcode @chromy