Skip to content

fix(dashboards): add project-level permission check for DiscoverSavedQueryDetailEndpoint #72159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
oioki merged 2 commits into from
Jun 6, 2024
Merged

fix(dashboards): add project-level permission check for DiscoverSavedQueryDetailEndpoint #72159

oioki merged 2 commits into from
Jun 6, 2024

Conversation

@oioki
Copy link
Member

@oioki oioki commented Jun 5, 2024

If an organization user does not have project-level permission to a project (for example, with Open Membership disabled), they should not be allowed to do any actions with saved queries that are based on said project.

@oioki oioki requested a review from a team June 5, 2024 19:17
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Jun 5, 2024
@codecov
Copy link

codecov bot commented Jun 5, 2024

Codecov Report

Attention: Patch coverage is 92.30769% with 1 line in your changes missing coverage. Please review.

Project coverage is 77.97%. Comparing base (360330e) to head (c926263).
Report is 4 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #72159      +/-   ##
==========================================
+ Coverage   76.93%   77.97%   +1.03%     
==========================================
  Files        6570     6570              
  Lines      292774   292787      +13     
  Branches    50538    50542       +4     
==========================================
+ Hits       225238   228292    +3054     
+ Misses      61181    58252    -2929     
+ Partials     6355     6243     -112
Files Coverage Δ
.../discover/endpoints/discover_saved_query_detail.py 88.57% <100.00%> (+0.51%) ⬆️
src/sentry/discover/endpoints/bases.py 92.30% <90.00%> (-7.70%) ⬇️

... and 275 files with indirect coverage changes

@oioki oioki merged commit 9ac3941 into master Jun 6, 2024
@oioki oioki deleted the fix/saved-query-project-permissions branch June 6, 2024 07:22
ArthurKnaus pushed a commit that referenced this pull request Jun 6, 2024
@oioki @ArthurKnaus
fix(dashboards): add project-level permission check for DiscoverSaved…
fd2d06e 
…QueryDetailEndpoint (#72159)

If an organization user does not have project-level permission to a
project (for example, with Open Membership disabled), they should not be
allowed to do any actions with saved queries that are based on said
project.
@github-actions github-actions bot locked and limited conversation to collaborators Jun 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@wmak wmak wmak approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@oioki @wmak