fix(metrics): Don't allow filtering by org id (#70537)

- Prevent queries that use org_id on the metrics dataset in the filter
- We didn't expose any additional data, because project_id is still a
required param

src/sentry/search/events/builder/metrics.py

@@ -678,6 +678,8 @@ class MetricsQueryBuilder(QueryBuilder):
                     1,
                 )
 
+        if name in ["organization_id", "org_id"]:
+            raise IncompatibleMetricsQuery(f"{name} isn't compatible with metrics queries")
         lhs = self.resolve_column(name)
         # If this is an aliasedexpression, we don't need the alias here, just the expression
         if isinstance(lhs, AliasedExpression):

tests/snuba/api/endpoints/test_organization_events_mep.py

@@ -3241,6 +3241,25 @@ class OrganizationEventsMetricsEnhancedPerformanceEndpointTest(MetricsEnhancedPe
         assert data[0]["faketag"] == "foo"
         assert not meta["isMetricsData"]
 
+    def test_filtering_by_org_id_is_not_compatible(self):
+        """Implicitly test the fact that percentiles are their own 'dataset'"""
+        self.store_transaction_metric(
+            1,
+            tags={"transaction": "foo_transaction"},
+            timestamp=self.min_ago,
+        )
+
+        response = self.do_request(
+            {
+                "field": ["title", "p50()", "count()"],
+                "query": "event.type:transaction organization_id:2",
+                "dataset": "metrics",
+                "project": self.project.id,
+                "per_page": 50,
+            }
+        )
+        assert response.status_code == 400, response.content
+
 
 class OrganizationEventsMetricsEnhancedPerformanceEndpointTestWithOnDemandMetrics(
     MetricsEnhancedPerformanceTestCase