Skip to content

fix(flags): separate permission class #82463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 20, 2024
Merged

fix(flags): separate permission class #82463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ad5127f
fix(flags): separate permission class
oioki Dec 20, 2024
d99d2c0
remove PUT as there is no corresponding method
oioki Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/sentry/api/bases/organization.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,14 @@ class OrganizationMetricsPermission(OrganizationPermission):
}


class OrganizationFlagWebHookSigningSecretPermission(OrganizationPermission):
scope_map = {
"GET": ["org:read", "org:write", "org:admin"],
"POST": ["org:read", "org:write", "org:admin"],
"DELETE": ["org:write", "org:admin"],
}


class ControlSiloOrganizationEndpoint(Endpoint):
"""
A base class for endpoints that use an organization scoping but lives in the control silo
Expand Down
9 changes: 6 additions & 3 deletions src/sentry/flags/endpoints/secrets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@
from sentry.api.api_owners import ApiOwner
from sentry.api.api_publish_status import ApiPublishStatus
from sentry.api.base import region_silo_endpoint
from sentry.api.bases.organization import OrganizationEndpoint, OrgAuthTokenPermission
from sentry.api.bases.organization import (
OrganizationEndpoint,
OrganizationFlagWebHookSigningSecretPermission,
)
from sentry.api.paginator import OffsetPaginator
from sentry.api.serializers import Serializer, register, serialize
from sentry.flags.models import FlagWebHookSigningSecretModel
Expand Down Expand Up @@ -46,7 +49,7 @@ class FlagWebhookSigningSecretValidator(serializers.Serializer):
@region_silo_endpoint
class OrganizationFlagsWebHookSigningSecretsEndpoint(OrganizationEndpoint):
owner = ApiOwner.REPLAY
permission_classes = (OrgAuthTokenPermission,)
permission_classes = (OrganizationFlagWebHookSigningSecretPermission,)
publish_status = {
"GET": ApiPublishStatus.PRIVATE,
"POST": ApiPublishStatus.PRIVATE,
Expand Down Expand Up @@ -95,7 +98,7 @@ def post(self, request: Request, organization: Organization) -> Response:
@region_silo_endpoint
class OrganizationFlagsWebHookSigningSecretEndpoint(OrganizationEndpoint):
owner = ApiOwner.REPLAY
permission_classes = (OrgAuthTokenPermission,)
permission_classes = (OrganizationFlagWebHookSigningSecretPermission,)
publish_status = {"DELETE": ApiPublishStatus.PRIVATE}

def delete(
Expand Down
Loading