chore(issues): Prevent assigning issues to deactivated users by amy-chen23 · Pull Request #115668 · getsentry/sentry

amy-chen23 · 2026-05-15T21:07:30Z

Prevents assigning issues to deactivated users for both auto-assignments and manual ones.

JoshFerge · 2026-05-15T21:11:21Z

makes sense! just a question for my edification:

OrganizationMember records remain after deactivation, with user_is_active replicated from User.is_active, so assignment validation should account for that.

how does a user get deactivated?

amy-chen23 · 2026-05-15T21:50:44Z

makes sense! just a question for my edification:

OrganizationMember records remain after deactivation, with user_is_active replicated from User.is_active, so assignment validation should account for that.

how does a user get deactivated?

only superusers can hard delete accounts. soft deletes (deactivation) is the default where user_is_active is set to false, but the account itself is still in the db

cvxluo

looks good, some minor questions

cvxluo · 2026-05-18T16:43:11Z

+    user = Factories.create_user()
+    org = Factories.create_organization(owner=user)
+
+    OrganizationMember.objects.filter(organization=org, user_id=user.id).update(


nit: why not do user.is_active = False, user.save() instead of filtering and updating?

cvxluo · 2026-05-18T16:44:48Z

@@ -950,6 +951,37 @@ def test_post_delete_sets_ownership_version(self) -> None:
        assert version is not None
        assert isinstance(version, float)

+    def test_handle_auto_assignment_skips_deactivated_user(self) -> None:
+        self.ownership = ProjectOwnership.objects.create(


nit, why assign these to self here? do other tests do that here?

cvxluo · 2026-05-18T16:48:33Z

+                if OrganizationMember.objects.filter(
+                    organization_id=group.project.organization_id,
+                    user_id=owner.id,
+                    user_is_active=False,
+                ).exists():
+                    logger.info("handle_auto_assignment.skip_deactivated_user", extra=logging_extra)
+                    return


why do we filter by inactive owners rather than checking owner.is_active?

cvxluo · 2026-05-18T16:49:26Z

+        from sentry.users.services.user import RpcUser
+
+        if isinstance(assigned_to, (UserModel, RpcUser)):
+            if OrganizationMember.objects.filter(


similar comment to https://github.com/getsentry/sentry/pull/115668/changes#r3260585645

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 426eef7. Configure here.}

sentry · 2026-05-18T20:05:59Z

+        if isinstance(assigned_to, (UserModel, RpcUser)) and assigned_to.is_active is False:
+            return {"new_assignment": False, "updated_assignment": False}


Bug: GroupAssignee.objects.assign() now silently fails for deactivated users, but the integration sync path in sync.py doesn't check the return value, leading to inconsistent assignment states.
_{Severity: MEDIUM}

Suggested Fix

The caller, _handle_assign in sync.py, should check the return value of GroupAssignee.objects.assign(). If the assignment was not successful (e.g., new_assignment is False), the group should not be appended to the groups_assigned list. This will ensure that a partial sync failure is correctly reported when attempting to assign a deactivated user.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: src/sentry/models/groupassignee.py#L141-L142 Potential issue: The integration sync path in `_handle_assign` calls `GroupAssignee.objects.assign()` but does not check its return value. With the new change, if `assign()` is called with a deactivated user, it silently returns without performing the assignment. However, the caller in `sync.py` unconditionally adds the group to `groups_assigned`, incorrectly reporting a successful assignment. This prevents a `lifecycle.record_halt` from being triggered, which should signal a partial sync failure. Consequently, the external tool (e.g., Jira, GitHub) and Sentry will have inconsistent assignee states, with the external tool showing an assignment that doesn't exist in Sentry.

preexisting issue, will create a follow-up ticket for this

https://linear.app/getsentry/issue/ISWF-2665/integration-sync-assignment-logic-does-not-check-for-assignment

amy-chen23 added 4 commits May 15, 2026 12:08

Reject deactivated users in shared actor validation

f66c56f

Reject deactivated users in manual issue assignment

03be4ac

skip deactivated users in issue auto-assignment

c943ff2

Guard GroupAssignee.assign() against deactivated users

77c216e

amy-chen23 requested review from a team and shashjar May 15, 2026 21:07

github-actions Bot added the Scope: Backend Automatically applied to PRs that change backend components label May 15, 2026

JoshFerge reviewed May 15, 2026

View reviewed changes

Comment thread src/sentry/api/helpers/group_index/validators/group.py Outdated

shashjar reviewed May 15, 2026

View reviewed changes

Comment thread src/sentry/models/groupassignee.py Outdated

amy-chen23 added 2 commits May 15, 2026 15:30

moved in-line imports to top of file

9217dc7

removed logger info when groupassignee skips deactivated user

71f5c68

amy-chen23 marked this pull request as ready for review May 15, 2026 22:51

amy-chen23 requested review from a team as code owners May 15, 2026 22:51

amy-chen23 requested a review from a team May 15, 2026 22:51

cursor Bot reviewed May 15, 2026

View reviewed changes

Comment thread src/sentry/api/helpers/group_index/validators/group.py Outdated

removing redundant deactivation check

a287cfb

sentry Bot reviewed May 18, 2026

View reviewed changes

Comment thread src/sentry/types/actor.py

shashjar approved these changes May 18, 2026

View reviewed changes

cvxluo approved these changes May 18, 2026

View reviewed changes

removed blank line, stopped filtering and changed user params directly

426eef7

cursor Bot reviewed May 18, 2026

View reviewed changes

Comment thread src/sentry/models/projectownership.py

sentry Bot reviewed May 18, 2026

View reviewed changes

Comment thread src/sentry/models/projectownership.py Outdated

addressed cursor bot wrong type for user check

3685236

sentry Bot reviewed May 18, 2026

View reviewed changes

amy-chen23 merged commit dea950c into master May 18, 2026
81 checks passed

amy-chen23 deleted the amyc/issues-deactivated-users branch May 18, 2026 21:34

sentry-release-bot Bot mentioned this pull request May 27, 2026

publish: getsentry/sentry@26.5.1 getsentry/publish#8288

Closed

3 tasks

		if isinstance(assigned_to, (UserModel, RpcUser)) and assigned_to.is_active is False:
		return {"new_assignment": False, "updated_assignment": False}

Uh oh!

Conversation

amy-chen23 commented May 15, 2026

Uh oh!

Uh oh!

JoshFerge commented May 15, 2026

Uh oh!

Uh oh!

amy-chen23 commented May 15, 2026

Uh oh!

Uh oh!

Uh oh!

cvxluo left a comment

Choose a reason for hiding this comment

Uh oh!

cvxluo May 18, 2026

Choose a reason for hiding this comment

Uh oh!

cvxluo May 18, 2026

Choose a reason for hiding this comment

Uh oh!

cvxluo May 18, 2026

Choose a reason for hiding this comment

Uh oh!

cvxluo May 18, 2026

Choose a reason for hiding this comment

Uh oh!

cursor Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

sentry Bot May 18, 2026

Choose a reason for hiding this comment

Uh oh!

amy-chen23 May 18, 2026

Choose a reason for hiding this comment

Uh oh!

shashjar May 18, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants