From e32fdd3bd346df3be13f48c8d3a820a461b42ea7 Mon Sep 17 00:00:00 2001 From: Daniel Szoke Date: Tue, 24 Sep 2024 17:51:12 +0200 Subject: [PATCH] fix(deploys): Fix permissions for deploy endpoint projects Currently, in order to link specific projects to a deploy, e.g. via the `sentry-cli deploys new` command, users must provide a token with the `project:read` scope. This is inconsistent with the `sentry-cli releases new` command, which allows users to create a new release associated with only some projects by using the `org:read` and `project:release` scopes. This PR proposes allowing specifying projects for a deploy using a token with `project:releases` scope. Fixes #78025 --- src/sentry/api/endpoints/release_deploys.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/sentry/api/endpoints/release_deploys.py b/src/sentry/api/endpoints/release_deploys.py index 2546561af5676b..dab2eeb1ec708a 100644 --- a/src/sentry/api/endpoints/release_deploys.py +++ b/src/sentry/api/endpoints/release_deploys.py @@ -29,7 +29,9 @@ class DeploySerializer(serializers.Serializer): dateStarted = serializers.DateTimeField(required=False, allow_null=True) dateFinished = serializers.DateTimeField(required=False, allow_null=True) projects = serializers.ListField( - child=ProjectField(scope="project:read", id_allowed=True), required=False, allow_empty=False + child=ProjectField(scope="project:releases", id_allowed=True), + required=False, + allow_empty=False, ) def validate_environment(self, value):