Revert "fix(releases): Don't show all projects when asking for my projects (#22703)" (#25293)

This reverts commit ea610aacf3107c1ebd6a8b2586838115bc2b97d9.

src/sentry/api/bases/organization.py

@@ -167,6 +167,7 @@ class OrganizationEndpoint(Endpoint):
         request,
         organization,
         force_global_perms=False,
+        include_all_accessible=False,
         project_ids=None,
     ):
         """
@@ -184,6 +185,9 @@ class OrganizationEndpoint(Endpoint):
         `request.auth.has_scope` way of checking permissions, don't use it
         for anything else, we plan to remove this once we remove uses of
         `auth.has_scope`.
+        :param include_all_accessible: Whether to factor the organization
+        allow_joinleave flag into permission checks. We should ideally
+        standardize how this is used and remove this parameter.
         :param project_ids: Projects if they were passed via request
         data instead of get params
         :return: A list of Project objects, or raises PermissionDenied.
@@ -191,10 +195,7 @@ class OrganizationEndpoint(Endpoint):
         if project_ids is None:
             project_ids = self.get_requested_project_ids(request)
         return self._get_projects_by_id(
-            project_ids,
-            request,
-            organization,
-            force_global_perms,
+            project_ids, request, organization, force_global_perms, include_all_accessible
         )
 
     def _get_projects_by_id(
@@ -203,8 +204,8 @@ class OrganizationEndpoint(Endpoint):
         request,
         organization,
         force_global_perms=False,
+        include_all_accessible=False,
     ):
-        include_all_accessible = False
         qs = Project.objects.filter(organization=organization, status=ProjectStatus.VISIBLE)
         user = getattr(request, "user", None)
 
@@ -370,6 +371,7 @@ class OrganizationReleasesBaseEndpoint(OrganizationEndpoint):
             request,
             organization,
             force_global_perms=has_valid_api_key,
+            include_all_accessible=True,
             project_ids=project_ids,
         )
 

tests/apidocs/endpoints/releases/test_organization_releases.py

@@ -21,7 +21,6 @@ class OrganizationReleasesDocsTest(APIDocsTestCase):
         self.project3 = self.create_project(teams=[team1], organization=org)
 
         self.login_as(user=user)
-        self.create_team_membership(team1, user=user)
 
         release1 = Release.objects.create(
             organization_id=org.id, version="1", date_added=datetime(2013, 8, 13, 3, 8, 24, 880386)

tests/sentry/api/bases/test_organization.py

@@ -152,6 +152,7 @@ class GetProjectIdsTest(BaseOrganizationEndpointTest):
         expected_projects,
         user=None,
         project_ids=None,
+        include_all_accessible=False,
         active_superuser=False,
     ):
         request_args = {}
@@ -161,6 +162,7 @@ class GetProjectIdsTest(BaseOrganizationEndpointTest):
         result = self.endpoint.get_projects(
             self.build_request(user=user, active_superuser=active_superuser, **request_args),
             self.org,
+            include_all_accessible=include_all_accessible,
         )
         assert {p.id for p in expected_projects} == {p.id for p in result}
 
@@ -187,7 +189,7 @@ class GetProjectIdsTest(BaseOrganizationEndpointTest):
             user=self.member,
             project_ids=[self.project_1.id, self.project_2.id],
         )
-        self.run_test([])
+        self.run_test([], include_all_accessible=False)
 
     def test_no_ids_teams(self):
         membership = self.create_team_membership(user=self.user, team=self.team_1)

tests/sentry/api/endpoints/test_organization_release_assemble.py

@@ -14,16 +14,16 @@ class OrganizationReleaseAssembleTest(APITestCase):
         self.organization = self.create_organization(owner=self.user)
         self.token = ApiToken.objects.create(user=self.user, scope_list=["project:write"])
         self.team = self.create_team(organization=self.organization)
-        self.create_team_membership(self.team, user=self.user)
         self.release = self.create_release(version="my-unique-release.1")
         self.url = reverse(
             "sentry-api-0-organization-release-assemble",
             args=[self.organization.slug, self.release.version],
         )
-        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {self.token.token}")
 
     def test_assemble_json_schema(self):
-        response = self.client.post(self.url, data={"lol": "test"})
+        response = self.client.post(
+            self.url, data={"lol": "test"}, HTTP_AUTHORIZATION=f"Bearer {self.token.token}"
+        )
         assert response.status_code == 400, response.content
 
         checksum = sha1(b"1").hexdigest()
@@ -60,6 +60,7 @@ class OrganizationReleaseAssembleTest(APITestCase):
         response = self.client.post(
             self.url,
             data={"checksum": total_checksum, "chunks": [blob1.checksum]},
+            HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
         )
 
         assert response.status_code == 200, response.content
@@ -90,6 +91,7 @@ class OrganizationReleaseAssembleTest(APITestCase):
         response = self.client.post(
             self.url,
             data={"checksum": total_checksum, "chunks": [blob1.checksum]},
+            HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
         )
 
         assert response.status_code == 200, response.content
@@ -110,6 +112,7 @@ class OrganizationReleaseAssembleTest(APITestCase):
         response = self.client.post(
             self.url,
             data={"checksum": total_checksum, "chunks": [blob1.checksum]},
+            HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
         )
 
         assert response.status_code == 200, response.content

tests/sentry/api/endpoints/test_organization_releases.py

@@ -82,39 +82,6 @@ class OrganizationReleaseListTest(APITestCase):
         assert response.data[1]["version"] == release4.version
         assert response.data[2]["version"] == release1.version
 
-    def test_my_project_filter(self):
-        user = self.create_user(is_staff=False, is_superuser=False)
-        org = self.organization
-        org.flags.allow_joinleave = True
-        org.save()
-
-        team1 = self.create_team(organization=org)
-        team2 = self.create_team(organization=org)
-
-        project1 = self.create_project(teams=[team1], organization=org)
-        project2 = self.create_project(teams=[team2], organization=org)
-
-        self.create_member(teams=[team1], user=user, organization=org)
-
-        self.login_as(user=user)
-
-        release1 = Release.objects.create(
-            organization_id=org.id, version="1", date_added=datetime(2013, 8, 13, 3, 8, 24, 880386)
-        )
-        release1.add_project(project1)
-
-        release2 = Release.objects.create(
-            organization_id=org.id, version="2", date_added=datetime(2013, 8, 14, 3, 8, 24, 880386)
-        )
-        release2.add_project(project2)
-
-        url = reverse("sentry-api-0-organization-releases", kwargs={"organization_slug": org.slug})
-        response = self.client.get(url, format="json")
-
-        assert response.status_code == 200, response.content
-        assert len(response.data) == 1
-        assert response.data[0]["version"] == release1.version
-
     def test_query_filter(self):
         user = self.create_user(is_staff=False, is_superuser=False)
         org = self.organization
@@ -231,56 +198,6 @@ class OrganizationReleaseListTest(APITestCase):
         assert response.data[0]["version"] == release3.version
         assert response.data[1]["version"] == release1.version
 
-    def test_token_permissions(self):
-        sentry_app = self.create_sentry_app(
-            name="release app", organization=self.organization, scopes=("project:write",)
-        )
-        proxy_user = sentry_app.proxy_user
-        self.create_sentry_app_installation(
-            slug=sentry_app.slug, organization=self.organization, user=self.user
-        )
-        org = self.create_organization()
-
-        team1 = self.create_team(organization=self.organization)
-        team2 = self.create_team(organization=self.organization)
-
-        project1 = self.create_project(teams=[team1], organization=self.organization)
-        project2 = self.create_project(teams=[team2], organization=self.organization)
-
-        release1 = Release.objects.create(
-            organization_id=self.organization.id,
-            version="1",
-            date_added=datetime(2013, 8, 13, 3, 8, 24, 880386),
-        )
-        release1.add_project(project1)
-        release2 = Release.objects.create(
-            organization_id=self.organization.id,
-            version="2",
-            date_added=datetime(2013, 8, 14, 3, 8, 24, 880386),
-        )
-        release2.add_project(project2)
-        # Different org, shouldn't show up in the results
-        Release.objects.create(
-            organization_id=org.id,
-            version="3",
-            date_added=datetime(2013, 8, 12, 3, 8, 24, 880386),
-            date_released=datetime(2013, 8, 15, 3, 8, 24, 880386),
-        )
-
-        # Login as the app
-        self.login_as(user=proxy_user)
-        url = reverse(
-            "sentry-api-0-organization-releases",
-            kwargs={"organization_slug": self.organization.slug},
-        )
-        response = self.client.get(url, format="json")
-
-        assert response.status_code == 200, response.content
-        assert len(response.data) == 2
-        assert len(response.data) == 2
-        assert response.data[0]["version"] == release2.version
-        assert response.data[1]["version"] == release1.version
-
     def test_all_projects_parameter(self):
         user = self.create_user(is_staff=False, is_superuser=False)
         org = self.create_organization()
@@ -908,60 +825,6 @@ class OrganizationReleaseCreateTest(APITestCase):
         response = self.client.post(url, data={"version": "1.2.1", "projects": [project1.slug]})
 
         assert response.status_code == 201, response.content
-        assert Release.objects.filter(version="1.2.1").exists()
-
-    def test_token_permissions(self):
-        sentry_app = self.create_sentry_app(
-            name="release app", organization=self.organization, scopes=("project:write",)
-        )
-        proxy_user = sentry_app.proxy_user
-        self.create_sentry_app_installation(
-            slug=sentry_app.slug, organization=self.organization, user=self.user
-        )
-        org = self.create_organization()
-
-        team1 = self.create_team(organization=self.organization)
-        team2 = self.create_team(organization=self.organization)
-
-        project1 = self.create_project(teams=[team1], organization=self.organization)
-        project2 = self.create_project(teams=[team2], organization=self.organization)
-
-        release1 = Release.objects.create(
-            organization_id=self.organization.id,
-            version="1",
-            date_added=datetime(2013, 8, 13, 3, 8, 24, 880386),
-        )
-        release1.add_project(project1)
-        release2 = Release.objects.create(
-            organization_id=self.organization.id,
-            version="2",
-            date_added=datetime(2013, 8, 14, 3, 8, 24, 880386),
-        )
-        release2.add_project(project2)
-        # Different org, shouldn't show up in the results
-        Release.objects.create(
-            organization_id=org.id,
-            version="3",
-            date_added=datetime(2013, 8, 12, 3, 8, 24, 880386),
-            date_released=datetime(2013, 8, 15, 3, 8, 24, 880386),
-        )
-
-        # Login as the app
-        self.login_as(user=proxy_user)
-        url = reverse(
-            "sentry-api-0-organization-releases",
-            kwargs={"organization_slug": self.organization.slug},
-        )
-        response = self.client.post(url, data={"version": "1.2.1", "projects": [project1.slug]})
-
-        assert response.status_code == 201, response.content
-        assert Release.objects.filter(version="1.2.1").exists()
-
-        # Should have access to both projects
-        response = self.client.post(url, data={"version": "2.2.1", "projects": [project2.slug]})
-
-        assert response.status_code == 201, response.content
-        assert Release.objects.filter(version="2.2.1").exists()
 
     def test_api_key(self):
         org = self.create_organization()
@@ -1013,18 +876,12 @@ class OrganizationReleaseCreateTest(APITestCase):
         org.flags.allow_joinleave = False
         org.save()
 
-        org2 = self.create_organization()
-        project2 = self.create_project(organization=org2)
-
         repo = Repository.objects.create(
             organization_id=org.id, name="getsentry/sentry", provider="dummy"
         )
         repo2 = Repository.objects.create(
             organization_id=org.id, name="getsentry/sentry-plugins", provider="dummy"
         )
-        Repository.objects.create(
-            organization_id=org2.id, name="notsentry/project", provider="dummy"
-        )
 
         api_token = ApiToken.objects.create(user=user, scope_list=["project:releases"])
 
@@ -1065,22 +922,6 @@ class OrganizationReleaseCreateTest(APITestCase):
 
         assert response.status_code == 201
 
-        # Token doesn't have access to projects not in their organization
-        response = self.client.post(
-            url,
-            data={
-                "version": "1.3.1",
-                "refs": [
-                    {"commit": "a" * 40, "repository": repo.name, "previousCommit": "c" * 40},
-                    {"commit": "b" * 40, "repository": repo2.name},
-                ],
-                "projects": [project2.slug],
-            },
-            HTTP_AUTHORIZATION=f"Bearer {api_token.token}",
-        )
-
-        assert response.status_code == 400
-
     def test_bad_repo_name(self):
         user = self.create_user(is_staff=False, is_superuser=False)
         org = self.create_organization()
@@ -1226,7 +1067,6 @@ class OrganizationReleaseListEnvironmentsTest(APITestCase):
         self.login_as(user=self.user)
         org = self.create_organization(owner=self.user)
         team = self.create_team(organization=org)
-        self.create_team_membership(team, user=self.user)
         project1 = self.create_project(organization=org, teams=[team], name="foo")
         project2 = self.create_project(organization=org, teams=[team], name="bar")