Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ref(shared-views): Refactor delete endpoint permissions and model deletions #88845

Merged
merged 1 commit into from
Apr 7, 2025
Merged

ref(shared-views): Refactor delete endpoint permissions and model deletions #88845

merged 1 commit into from
Apr 7, 2025

Conversation

MichaelSun48
Copy link
Member

This PR makes the following refactors to the DELETE /group-search-view/:viewId endpoint:

  1. Now, in addition to the creator of the view, org admins can also delete the view
  2. Upon deletion, any users that had that view starred before will see that view deleted.
  3. Any "last viewed" entries for that view are also deleted.

@MichaelSun48 MichaelSun48 requested a review from a team as a code owner April 4, 2025 20:30
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 4, 2025
MichaelSun48
MichaelSun48 commented Apr 4, 2025
View reviewed changes
src/sentry/issues/endpoints/organization_group_search_view_details.py
Comment on lines 113 to +114
try:
view = GroupSearchView.objects.get(
id=view_id, organization=organization, user_id=request.user.id
)
view = GroupSearchView.objects.get(id=view_id)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's possible that the view being deleted does not belong to the user. We should not filter by user id here

MichaelSun48
MichaelSun48 commented Apr 4, 2025
View reviewed changes
src/sentry/issues/endpoints/organization_group_search_view_details.py
Comment on lines +119 to +123
has_delete_access = (
view.user_id == request.user.id
or request.access.has_scope("org:admin")
or request.access.has_scope("team:admin")
)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To any reviewers: could you confirm if these are the correct permission scopes to check for org admins?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think so.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

useful docs: https://docs.sentry.io/organization/membership/

For Business and Enterprise plans, the Org Admin role has been replaced by Team Admins and can no longer be assigned to new users. Existing users with Org Admin roles will retain their admin privileges.

and where we define role -> scope mapping for org level roles:

https://github.com/getsentry/getsentry/blob/83e2bc1ba5e2bb371e09e34851edfb47fdabe5f2/getsentry/conf/settings/defaults.py#L594

And for team level roles:

sentry/src/sentry/conf/server.py

Line 2182 in 1a08c08

SENTRY_TEAM_ROLES: tuple[RoleDict, ...] = (

@codecov Codecov
Copy link

codecov bot commented Apr 4, 2025

Codecov Report

Attention: Patch coverage is 96.42857% with 2 lines in your changes missing coverage. Please review.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...ndpoints/organization_group_search_view_details.py 80.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #88845   +/-   ##
=======================================
  Coverage   87.72%   87.73%           
=======================================
  Files       10066    10067    +1     
  Lines      569533   569597   +64     
  Branches    22359    22359           
=======================================
+ Hits       499628   499726   +98     
+ Misses      69506    69472   -34     
  Partials      399      399

@MichaelSun48 MichaelSun48 merged commit b2d2193 into master Apr 7, 2025
50 checks passed
@MichaelSun48 MichaelSun48 deleted the msun/sharedViews/refDeleteEndpoint branch April 7, 2025 16:23
andrewshie-sentry pushed a commit that referenced this pull request Apr 8, 2025
@MichaelSun48 @andrewshie-sentry
ref(shared-views): Refactor delete endpoint permissions and model del…
6506e24 
…etions (#88845)

This PR makes the following refactors to the `DELETE`
`/group-search-view/:viewId` endpoint:

1. Now, in addition to the creator of the view, org admins can also
delete the view
2. Upon deletion, any users that had that view starred before will see
that view deleted.
3. Any "last viewed" entries for that view are also deleted.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoshFerge JoshFerge JoshFerge left review comments

@armenzg armenzg armenzg approved these changes

Assignees
No one assigned
Labels
Scope: Backend Automatically applied to PRs that change backend components
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MichaelSun48 @armenzg @JoshFerge