ref(issue-ownership): switch issue assignment off OwnerActorField#113707
Merged
ref(issue-ownership): switch issue assignment off OwnerActorField#113707
Conversation
github-actions
Bot
added
the
Scope: Backend
cvxluo
force-pushed
the
cvxluo/switch-issue-assignment-off-owneractorfield
branch
from
0b1ab42 to
c473217
Compare
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
Contributor
Backend Test FailuresFailures on
|
Open
6 tasks
cvxluo
force-pushed
the
cvxluo/switch-issue-assignment-off-owneractorfield
branch
from
c473217 to
c8c40a7
Compare
cvxluo
commented
Apr 22, 2026
| | ----------------- | -------------------- | --------------------------------- | | ||
| | `ActorField` | No | Read-only display, filtering | | ||
| | `OwnerActorField` | Yes | Owner assignment, assignee fields | | ||
| Default to `OwnerActorField` for any write-op field accepting a team or user reference (assignment, ownership, delegation). Originally PR #106074. |
Contributor
Author
There was a problem hiding this comment.
these are docs-only edits to clarify this new exception
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c8c40a7. Configure here.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Issue assignment has a project-access layer that other OwnerActorField consumers lack: GroupValidator.validate_assignedTo already verifies the assignee has access to the project. That project-access check is the real permission gate for issues. Switch GroupValidator.assignedTo to ActorField so assignment no longer requires the assigner to be a member of the target team, and add an open-membership bypass so all assignment is allowed when allow_joinleave is set. OwnerActorField is unchanged — the 10 other consumers (alert rules, monitors, workflows, detectors, etc.) keep their existing team membership check. Co-authored-by: Claude <noreply@anthropic.com>
cvxluo
force-pushed
the
cvxluo/switch-issue-assignment-off-owneractorfield
branch
from
c8c40a7 to
c8f75f6
Compare
geoffg-sentry
approved these changes
Apr 22, 2026
Contributor
geoffg-sentry
left a comment
geoffg-sentry
left a comment
There was a problem hiding this comment.
Looking solid Charlie, thanks!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Be more permissive when assigning issue owners. Two forms of this:
We want to stop using OwnerActorField since issue assignment doesn't convey any permissions increase or access to the issue, it's primarily a label for searching. Since issue ownership has its own validation in
validate_assignedTo, this won't have any increase in permissions. Note that alerts, etc. still use OwnerActorField.We also want to allow basically all issue assignment with open membership on. There were some previous edge cases, like where you couldn't assign a team to a issue if the team didn't have access to the project, even with open membership on. These will now be allowed.
Small docs update that clarifies this: getsentry/sentry-docs#17441
More context: https://www.notion.so/sentry/permissive-ownership-assignments-3348b10e4b5d806e91b4cbf12af6a26c?source=copy_link