fix(eventsv2): Raise permission deined for teams (#31160)

The get_teams api helper currently returns 500
on permissions error on the eventsv2 endpoint,
updated to return a 403 Forbidden. every time
since it's an access based error.

Fixes: SENTRY-T1W

src/sentry/api/helpers/teams.py

@@ -1,3 +1,5 @@
+from rest_framework.exceptions import PermissionDenied
+
 from sentry.api.utils import InvalidParams
 from sentry.auth.superuser import is_active_superuser
 from sentry.models import Team, TeamStatus
@@ -32,7 +34,7 @@ def get_teams(request, organization, teams=None):
             continue
 
         if not request.access.has_team_access(team):
-            raise InvalidParams(
+            raise PermissionDenied(
                 f"Error: You do not have permission to access {team.name}",
             )
 

tests/sentry/incidents/endpoints/test_organization_alert_rule_index.py

@@ -856,7 +856,7 @@ class OrganizationCombinedRuleIndexEndpointTest(BaseAlertRuleSerializerTest, API
             response = self.client.get(
                 path=self.combined_rules_url, data=request_data, content_type="application/json"
             )
-        assert response.status_code == 400
+        assert response.status_code == 403
 
     def test_name_filter(self):
         self.setup_project_and_rules()

tests/snuba/api/endpoints/test_discover_key_transactions.py

@@ -730,8 +730,10 @@ class TeamKeyTransactionListTest(TeamKeyTransactionTestBase):
                 format="json",
             )
 
-        assert response.status_code == 400, response.content
-        assert response.data == f"Error: You do not have permission to access {other_team.name}"
+        assert response.status_code == 403, response.content
+        assert response.data == {
+            "detail": f"Error: You do not have permission to access {other_team.name}"
+        }
 
     def test_get_key_transaction_list_my_teams(self):
         with self.feature(self.features):

tests/snuba/api/endpoints/test_organization_events_v2.py

@@ -475,6 +475,31 @@ class OrganizationEventsV2EndpointTest(APITestCase, SnubaTestCase):
             assert len(response.data["data"]) == 1
             assert response.data["data"][0]["user"] == "ip:{}".format(data["user"]["ip_address"])
 
+    def test_team_param_no_access(self):
+        org = self.create_organization(
+            owner=self.user,  # use other user as owner
+            name="foo",
+            flags=0,  # disable default allow_joinleave
+        )
+        project = self.create_project(name="baz", organization=org)
+
+        user = self.create_user()
+        self.login_as(user=user, superuser=False)
+
+        team = self.create_team(organization=org, name="Team Bar")
+        project.add_team(team)
+
+        self.store_event(
+            data={"event_id": "a" * 32, "timestamp": self.min_ago, "fingerprint": ["group1"]},
+            project_id=project.id,
+        )
+
+        query = {"field": ["id", "project.id"], "project": [project.id], "team": [team.id]}
+        response = self.do_request(query)
+        assert response.status_code == 403, response.content
+
+        assert response.data["detail"] == "You do not have permission to perform this action."
+
     def test_comparison_operators_on_numeric_field(self):
         project = self.create_project()
         event = self.store_event(