feat(project-creation): Add bitfield flag for org-wide setting (#62277)

We created a new flow that allows anyone in a organization to create and
configure projects. This PR adds a flag that allows org-owners or
org-managers to allow/deny org-members to use that new flow.

migrations_lockfile.txt

@@ -9,5 +9,5 @@ feedback: 0003_feedback_add_env
 hybridcloud: 0009_make_user_id_optional_for_slug_reservation_replica
 nodestore: 0002_nodestore_no_dictfield
 replays: 0003_add_size_to_recording_segment
-sentry: 0625_change_rule_label_type_to_char256
+sentry: 0626_add_member_project_creation_bitfield
 social_auth: 0002_default_auto_field

src/sentry/migrations/0626_add_member_project_creation_bitfield.py

@@ -0,0 +1,45 @@
+# Generated by Django 3.2.23 on 2023-12-22 18:42
+
+from django.db import migrations
+
+import bitfield.models
+from sentry.new_migrations.migrations import CheckedMigration
+
+
+class Migration(CheckedMigration):
+    # This flag is used to mark that a migration shouldn't be automatically run in production. For
+    # the most part, this should only be used for operations where it's safe to run the migration
+    # after your code has deployed. So this should not be used for most operations that alter the
+    # schema of a table.
+    # Here are some things that make sense to mark as dangerous:
+    # - Large data migrations. Typically we want these to be run manually by ops so that they can
+    #   be monitored and not block the deploy for a long period of time while they run.
+    # - Adding indexes to large tables. Since this can take a long time, we'd generally prefer to
+    #   have ops run this and not block the deploy. Note that while adding an index is a schema
+    #   change, it's completely safe to run the operation after the code has deployed.
+    is_dangerous = False
+
+    dependencies = [
+        ("sentry", "0625_change_rule_label_type_to_char256"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="organization",
+            name="flags",
+            field=bitfield.models.BitField(
+                [
+                    "allow_joinleave",
+                    "enhanced_privacy",
+                    "disable_shared_issues",
+                    "early_adopter",
+                    "require_2fa",
+                    "disable_new_visibility_features",
+                    "require_email_verification",
+                    "codecov_access",
+                    "disable_member_project_creation",
+                ],
+                default=1,
+            ),
+        ),
+    ]

src/sentry/models/organization.py

@@ -212,6 +212,9 @@ class Organization(
         # Enable codecov integration.
         codecov_access: bool
 
+        # Disable org-members from creating new projects
+        disable_member_project_creation: bool
+
         bitfield_default = 1
 
     objects: ClassVar[OrganizationManager] = OrganizationManager(cache_fields=("pk", "slug"))

tests/sentry/models/test_organization.py

@@ -95,13 +95,16 @@ class OrganizationTest(TestCase, HybridCloudTestMixin):
     def test_flags_have_changed(self):
         org = self.create_organization()
         update_tracked_data(org)
+        org.flags.allow_joinleave = True  # Only flag that defaults to True
         org.flags.early_adopter = True
         org.flags.codecov_access = True
         org.flags.require_2fa = True
+        org.flags.disable_member_project_creation = True
+        assert flag_has_changed(org, "allow_joinleave") is False
         assert flag_has_changed(org, "early_adopter")
         assert flag_has_changed(org, "codecov_access")
-        assert flag_has_changed(org, "allow_joinleave") is False
-        assert flag_has_changed(org, "require_2fa") is True
+        assert flag_has_changed(org, "require_2fa")
+        assert flag_has_changed(org, "disable_member_project_creation")
 
     def test_has_changed(self):
         org = self.create_organization()