fix(deploys): Fix permissions for deploy endpoint projects

Currently, in order to link specific projects to a deploy, e.g. via the `sentry-cli deploys new` command, users must provide a token with the `project:read` scope. This is inconsistent with the `sentry-cli releases new` command, which allows users to create a new release associated with only some projects by using the `org:read` and `project:release` scopes. This PR proposes allowing specifying projects for a deploy using a token with `project:releases` scope. Fixes #78025
getsentry · Sep 24, 2024 · e32fdd3 · e32fdd3
1 parent af39317
commit e32fdd3
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/sentry/api/endpoints/release_deploys.py b/src/sentry/api/endpoints/release_deploys.py
@@ -29,7 +29,9 @@ class DeploySerializer(serializers.Serializer):
     dateStarted = serializers.DateTimeField(required=False, allow_null=True)
     dateFinished = serializers.DateTimeField(required=False, allow_null=True)
     projects = serializers.ListField(
-        child=ProjectField(scope="project:read", id_allowed=True), required=False, allow_empty=False
+        child=ProjectField(scope="project:releases", id_allowed=True),
+        required=False,
+        allow_empty=False,
     )
 
     def validate_environment(self, value):