Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(app-platform): Allow GET requests for published apps #14109

Merged
merged 2 commits into from
Jul 22, 2019
Merged

fix(app-platform): Allow GET requests for published apps #14109

merged 2 commits into from
Jul 22, 2019

Conversation

MeredithAnya
Copy link
Member

Installing a published integration in an org that is not the owner of the integration is failing because we no longer have 'GET': () denoting a public endpoint - which we are using to get the integration feature set: sentry-apps/<sentry_app_slug>/features/

Instead of returning True in ensure_scoped_permission (this piece) we now return False because request.access.scopes is empty.

This PR adds a quick fix, but we should probably rethink (again) what a 'public' endpoint is and where we are using them.

@MeredithAnya MeredithAnya requested review from mnoble and a team July 22, 2019 22:30
evanpurkhiser
evanpurkhiser reviewed Jul 22, 2019
View reviewed changes
src/sentry/api/bases/sentryapps.py Outdated
@@ -160,6 +160,11 @@ def has_object_permission(self, request, view, sentry_app):
if sentry_app.owner not in request.user.get_orgs():
raise Http404

# we can't use ensure_scoped_permission now that the public
# endpoint isn't denoted by '()'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make it into a TODO?

wedamija
wedamija approved these changes Jul 22, 2019
View reviewed changes
Copy link
Member

@wedamija wedamija left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WFM. Ideally we should probably add some sort of public scope so that this can just fit into our model.

Maybe add a quick test?

@MeredithAnya MeredithAnya merged commit a62a31d into master Jul 22, 2019
@MeredithAnya MeredithAnya deleted the app-platform/fix-JAVASCRIPT-1AXJ branch July 22, 2019 23:50
HazAT added a commit that referenced this pull request Jul 23, 2019
@HazAT
Merge branch 'master' into feat/apm-v2
8d62f17 
* master: (25 commits)
  ref(onboarding): Fix install promprt URL (#14106)
  fix(app-platform): Allow GET requests for published apps (#14109)
  feat: Update Group.get_latest_event to use Snuba event (#14039)
  ref(onboarding): Rename wizardNew -> onboarding (#14104)
  feat(apm): Update props to address proptype warnings for new transaction attributes (SEN-800) (#14040)
  ref(ui): Move and codesplit `ProjectPlugins` (#13952)
  feat(typescript): Add TypeScript compatibility (#13786)
  ref(templates): Remove unused content block default (#14090)
  ref(less): Remove unused admin.less (#14097)
  ref(onobarding): Remove old onboarding experience (#14066)
  fix(ui) Fix missing conditions in tag bars (#14063)
  ref(suspect-commits): Add hook (#14057)
  ref(frontend): Segment frontend web urls (#14096)
  feat(suspect-commits): Add analytics events (#14080)
  feat(servicehooks): Update servicehook URLs (#14093)
  license: Remove license headers (#14095)
  ref(templates): Remove unused account_nav (#14091)
  fix: Disable transaction events in store (#14088)
  fix(InstallWizard): Fix exception when InstallWizard completed (#14092)
  ref(admin): Fix thrashing on stat charts (#14094)
  ...
jan-auer added a commit that referenced this pull request Jul 24, 2019
@jan-auer
Merge branch 'master' into ref/relay-config-endpoint
f2e08ef 
* master: (115 commits)
  feat: Update to JS SDK 5.6.0-beta.1 + 0.10.2 sentry-python (#14116)
  fix(apm): Whitelist dev.getsentry.net for local development (#14117)
  test(datasets): Make Sentry use generic test functions in Snuba (#14111)
  ref(suspect-commits): Add text changes to empty state (#14121)
  build: Switch to psycopg2-binary
  feat(api): Add option to fetch Organization details without Pr… (#13925)
  ref: Remove EventDetails endpoint (#14107)
  test(ui): Mock the onboarding learn more video (#14108)
  tests(acceptance): Add tests for resolving issues in Issues Li… (#14069)
  feat(ui): Add basic templates for Incident Rules in settings (#14112)
  feat(eventsv2) Add basic transaction list (#14103)
  ref(environments) Optimize environment queries (#14102)
  fix(events-v2) Add additional user attributes to the user column (#14101)
  fix: Don't start pageload transaction (#14115)
  feat: APM Sentry Frontend (#14027)
  ref(onboarding): Fix install promprt URL (#14106)
  fix(app-platform): Allow GET requests for published apps (#14109)
  feat: Update Group.get_latest_event to use Snuba event (#14039)
  ref(onboarding): Rename wizardNew -> onboarding (#14104)
  feat(apm): Update props to address proptype warnings for new transaction attributes (SEN-800) (#14040)
  ...
@github-actions github-actions bot locked and limited conversation to collaborators Dec 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wedamija wedamija wedamija approved these changes

@evanpurkhiser evanpurkhiser evanpurkhiser approved these changes

@mnoble mnoble Awaiting requested review from mnoble

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MeredithAnya @evanpurkhiser @wedamija