fix(api) Enable superusers to have access to permalinks (#14214)

They can already see the group details, eliding only the permalink is
not hiding anything.

Fixes SEN-881

src/sentry/api/serializers/models/group.py

@@ -10,9 +10,11 @@ from django.db.models import Min, Q
 from django.utils import timezone
 
 from sentry import tagstore, tsdb
+from sentry.app import env
 from sentry.api.serializers import Serializer, register, serialize
 from sentry.api.serializers.models.actor import ActorSerializer
 from sentry.api.fields.actor import Actor
+from sentry.auth.superuser import is_active_superuser
 from sentry.constants import LOG_LEVELS, StatsPeriod
 from sentry.models import (
     Commit, Environment, Group, GroupAssignee, GroupBookmark, GroupEnvironment, GroupLink, GroupMeta,
@@ -340,7 +342,10 @@ class GroupSerializerBase(Serializer):
 
         # If user is not logged in and member of the organization,
         # do not return the permalink which contains private information i.e. org name.
-        if user.is_authenticated() and user.get_orgs().filter(id=obj.organization.id).exists():
+        request = env.request
+        is_superuser = (request and is_active_superuser(request) and request.user == user)
+        if is_superuser or (user.is_authenticated() and
+                            user.get_orgs().filter(id=obj.organization.id).exists()):
             permalink = obj.get_absolute_url()
         else:
             permalink = None

tests/sentry/api/endpoints/test_group_details.py

@@ -142,6 +142,18 @@ class GroupDetailsTest(APITestCase):
         assert response.data['annotations'] == \
             [u'<a href="https://example.com/issues/2">Issue#2</a>']
 
+    def test_permalink_superuser(self):
+        superuser = self.create_user(is_superuser=True)
+        self.login_as(user=superuser, superuser=True)
+
+        group = self.create_group(title='Oh no')
+        url = u'/api/0/issues/{}/'.format(group.id)
+        response = self.client.get(url, format='json')
+
+        result = response.data['permalink']
+        assert 'http://' in result
+        assert '{}/issues/{}'.format(group.organization.slug, group.id) in result
+
 
 class GroupUpdateTest(APITestCase):
     def test_resolve(self):

tests/snuba/api/serializers/test_group.py

@@ -26,6 +26,18 @@ class GroupSerializerSnubaTest(APITestCase, SnubaTestCase):
         self.day_ago = timezone.now() - timedelta(days=1)
         self.week_ago = timezone.now() - timedelta(days=7)
 
+    def test_permalink(self):
+        group = self.create_group(title='Oh no')
+        result = serialize(group, self.user, serializer=GroupSerializerSnuba())
+        assert 'http://' in result['permalink']
+        assert '{}/issues/{}'.format(group.organization.slug, group.id) in result['permalink']
+
+    def test_permalink_outside_org(self):
+        outside_user = self.create_user()
+        group = self.create_group(title='Oh no')
+        result = serialize(group, outside_user, serializer=GroupSerializerSnuba())
+        assert result['permalink'] is None
+
     def test_is_ignored_with_expired_snooze(self):
         now = timezone.now()