Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(trace_related): Use global_views whitelist for events endpoint #75174

Closed
wants to merge 9 commits into from
Closed
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions src/sentry/api/bases/organization_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,6 @@ def get_snuba_dataclass(
has_global_views,
len(params.projects) <= 1,
fetching_replay_data,
# If a developer can view issues of a project they do not belong to
# via open membership, we will also allow the endpoint to return events for it
organization.flags.allow_joinleave,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was added to my original PR.

This has been moved down below:
image

]
):
raise ParseError(detail="You cannot view events from multiple projects.")
Expand Down
19 changes: 16 additions & 3 deletions src/sentry/api/endpoints/organization_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@
DiscoverSavedQueryTypes.TRANSACTION_LIKE: get_dataset("transactions"),
DiscoverSavedQueryTypes.ERROR_EVENTS: get_dataset("errors"),
}
# TODO: Adjust this once we make a decision in the DACI for global views restriction
# Do not add more referres to this list as it is a temporary solution
GLOBAL_VIEW_WHITELIST = ("api.issues.issue_events",)
armenzg marked this conversation as resolved.
Show resolved Hide resolved


class DiscoverDatasetSplitException(Exception):
Expand Down Expand Up @@ -315,8 +318,20 @@ def get(self, request: Request, organization) -> Response:
if not self.has_feature(organization, request):
return Response(status=404)

referrer = request.GET.get("referrer")

try:
snuba_params, params = self.get_snuba_dataclass(request, organization)
# If the organization allows joining and leaving projects, it means that their
# developers can visit issues from any projects. In the case of trace related issues,
# we need the endpoint to let us see events from all projects when this flag is enabled.
snuba_params, params = self.get_snuba_dataclass(
request,
organization,
check_global_views=(
referrer in GLOBAL_VIEW_WHITELIST
and not bool(organization.flags.allow_joinleave)
armenzg marked this conversation as resolved.
Show resolved Hide resolved
),
)
except NoProjects:
return Response(
{
Expand All @@ -331,8 +346,6 @@ def get(self, request: Request, organization) -> Response:
except InvalidParams as err:
raise ParseError(err)

referrer = request.GET.get("referrer")

batch_features = self.get_features(organization, request)

use_metrics = (
Expand Down
9 changes: 7 additions & 2 deletions tests/sentry/api/test_organization_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,19 @@ def test_multiple_projects_open_membership(self):
},
project_id=project2.id,
)
response = self.do_request({"field": ["project"], "project": -1})
response = self.do_request(
{"field": ["project"], "project": -1, "referrer": "api.issues.issue_events"}
)
assert response.status_code == 200, response.content
assert len(response.data["data"]) == 2

# The test will now not work since the membership is closed
self.organization.flags.allow_joinleave = False
self.organization.save()
assert bool(self.organization.flags.allow_joinleave) is False
response = self.do_request({"field": ["project"], "project": -1})
response = self.do_request(
{"field": ["project"], "project": -1, "referrer": "api.issues.issue_events"}
)

assert response.status_code == 400, response.content
assert response.data == {
Expand Down
11 changes: 11 additions & 0 deletions tests/snuba/api/endpoints/test_organization_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,17 @@ def test_performance_view_feature(self):
assert response.status_code == 200
assert len(response.data["data"]) == 1

def test_multi_project_feature_gate_rejection(self):
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds the original test back.

team = self.create_team(organization=self.organization, members=[self.user])

project = self.create_project(organization=self.organization, teams=[team])
project2 = self.create_project(organization=self.organization, teams=[team])

query = {"field": ["id", "project.id"], "project": [project.id, project2.id]}
response = self.do_request(query)
assert response.status_code == 400
assert "events from multiple projects" in response.data["detail"]

def test_multi_project_feature_gate_replays(self):
team = self.create_team(organization=self.organization, members=[self.user])

Expand Down
Loading