postpone rpc_user param until next change

geoffg-sentry · geoffg-sentry · commit 961dd07818aa · 2026-04-15T12:32:02.000-04:00
diff --git a/src/sentry/sentry_apps/api/endpoints/installation_external_issue_details.py b/src/sentry/sentry_apps/api/endpoints/installation_external_issue_details.py
@@ -8,7 +8,6 @@
 )
 from sentry.sentry_apps.services.cell import sentry_app_cell_service
 from sentry.sentry_apps.utils.errors import SentryAppError
-from sentry.users.services.user.serial import serialize_generic_user
 
 
 @control_silo_endpoint
@@ -26,15 +25,14 @@ def delete(self, request: Request, installation, external_issue_id) -> Response:
                 status_code=400,
             )
 
-        rpc_user = serialize_generic_user(request.user)
-        if rpc_user is None:
+        if not request.user.is_authenticated:
             return Response({"detail": "Authentication credentials were not provided."}, status=401)
 
+        # Do not pass `user` until cells accept the new RPC arg everywhere (deploy phase 2).
         result = sentry_app_cell_service.delete_external_issue(
             organization_id=installation.organization_id,
             installation=installation,
             external_issue_id=external_issue_id,
-            user=rpc_user,
         )
 
         if result.error:
diff --git a/src/sentry/sentry_apps/api/endpoints/installation_external_issues.py b/src/sentry/sentry_apps/api/endpoints/installation_external_issues.py
@@ -14,7 +14,6 @@
     PlatformExternalIssueSerializer as ResponsePlatformExternalIssueSerializer,
 )
 from sentry.sentry_apps.services.cell import sentry_app_cell_service
-from sentry.users.services.user.serial import serialize_generic_user
 
 
 class PlatformExternalIssueSerializer(serializers.Serializer):
@@ -42,18 +41,17 @@ def post(self, request: Request, installation) -> Response:
         except Exception:
             return Response({"detail": "issueId is required, and must be an integer"}, status=400)
 
-        rpc_user = serialize_generic_user(request.user)
-        if rpc_user is None:
+        if not request.user.is_authenticated:
             return Response({"detail": "Authentication credentials were not provided."}, status=401)
 
+        # Do not pass `user` until cells accept the new RPC arg everywhere (deploy phase 2).
         result = sentry_app_cell_service.create_external_issue(
             organization_id=installation.organization_id,
             installation=installation,
             group_id=group_id,
             web_url=data["webUrl"],
             project=data["project"],
             identifier=data["identifier"],
-            user=rpc_user,
         )
 
         if result.error:
diff --git a/src/sentry/sentry_apps/api/endpoints/installation_external_requests.py b/src/sentry/sentry_apps/api/endpoints/installation_external_requests.py
@@ -10,7 +10,6 @@
 from sentry.sentry_apps.api.bases.sentryapps import SentryAppInstallationBaseEndpoint
 from sentry.sentry_apps.services.app.model import RpcSentryAppInstallation
 from sentry.sentry_apps.services.cell import sentry_app_cell_service
-from sentry.users.services.user.serial import serialize_generic_user
 
 logger = logging.getLogger("sentry.sentry-apps")
 
@@ -27,8 +26,7 @@ def get(self, request: Request, installation: RpcSentryAppInstallation) -> Respo
         if not uri:
             return Response({"detail": "uri query parameter is required"}, status=400)
 
-        rpc_user = serialize_generic_user(request.user)
-        if rpc_user is None:
+        if not request.user.is_authenticated:
             return Response({"detail": "Authentication credentials were not provided."}, status=401)
 
         project_id: int | None = None
@@ -39,11 +37,11 @@ def get(self, request: Request, installation: RpcSentryAppInstallation) -> Respo
             except (TypeError, ValueError):
                 return Response({"detail": "projectId must be an integer"}, status=400)
 
+        # Do not pass `user` until cells accept the new RPC arg everywhere (deploy phase 2).
         result = sentry_app_cell_service.get_select_options(
             organization_id=installation.organization_id,
             installation=installation,
             uri=request.GET.get("uri"),
-            user=rpc_user,
             project_id=project_id,
             query=request.GET.get("query"),
             dependent_data=request.GET.get("dependentData"),
diff --git a/tests/sentry/sentry_apps/api/endpoints/test_sentry_app_installation_external_issue_details.py b/tests/sentry/sentry_apps/api/endpoints/test_sentry_app_installation_external_issue_details.py
@@ -1,4 +1,3 @@
-from sentry.models.organization import Organization
 from sentry.sentry_apps.models.platformexternalissue import PlatformExternalIssue
 from sentry.testutils.cases import APITestCase
 from sentry.testutils.silo import assume_test_silo_mode_of, control_silo_test
@@ -72,43 +71,3 @@ def test_handles_invalid_external_issue_id_format(self) -> None:
         # Ensure the external issue still exists after failed attempts
         with assume_test_silo_mode_of(PlatformExternalIssue):
             assert PlatformExternalIssue.objects.filter(id=self.external_issue.id).exists()
-
-    def test_rejects_delete_without_project_access(self) -> None:
-        with assume_test_silo_mode_of(Organization):
-            self.org.flags.allow_joinleave = False
-            self.org.save()
-
-        user_team = self.create_team(organization=self.org, name="sed-user-team")
-        other_team = self.create_team(organization=self.org, name="sed-other-team")
-        self.create_project(organization=self.org, teams=[user_team], name="sed-user-proj")
-        other_project = self.create_project(
-            organization=self.org, teams=[other_team], name="sed-other-proj"
-        )
-        other_group = self.create_group(project=other_project)
-
-        limited_user = self.create_user()
-        self.create_member(
-            organization=self.org,
-            user=limited_user,
-            role="member",
-            teams=[user_team],
-            teamRole="admin",
-        )
-
-        with assume_test_silo_mode_of(PlatformExternalIssue):
-            other_external_issue = PlatformExternalIssue.objects.create(
-                group_id=other_group.id,
-                project_id=other_project.id,
-                service_type=self.sentry_app.slug,
-                display_name="Other#1",
-                web_url="https://example.com/o/1",
-            )
-
-        self.login_as(user=limited_user)
-        self.get_error_response(
-            self.install.uuid,
-            other_external_issue.id,
-            status_code=403,
-        )
-        with assume_test_silo_mode_of(PlatformExternalIssue):
-            assert PlatformExternalIssue.objects.filter(id=other_external_issue.id).exists()
diff --git a/tests/sentry/sentry_apps/api/endpoints/test_sentry_app_installation_external_issues.py b/tests/sentry/sentry_apps/api/endpoints/test_sentry_app_installation_external_issues.py
@@ -2,7 +2,6 @@
 
 from django.urls import reverse
 
-from sentry.models.organization import Organization
 from sentry.sentry_apps.models.platformexternalissue import PlatformExternalIssue
 from sentry.testutils.cases import APITestCase
 from sentry.testutils.silo import assume_test_silo_mode_of, control_silo_test
@@ -77,40 +76,6 @@ def test_invalid_group_id(self) -> None:
 
         assert response.status_code == 404
 
-    def test_rejects_issue_from_inaccessible_project(self) -> None:
-        self._set_up_sentry_app("Testin", ["event:write"])
-        with assume_test_silo_mode_of(Organization):
-            self.org.flags.allow_joinleave = False
-            self.org.save()
-
-        user_team = self.create_team(organization=self.org, name="sei-user-team")
-        other_team = self.create_team(organization=self.org, name="sei-other-team")
-        self.create_project(organization=self.org, teams=[user_team], name="sei-user-proj")
-        other_project = self.create_project(
-            organization=self.org, teams=[other_team], name="sei-other-proj"
-        )
-        other_group = self.create_group(project=other_project)
-
-        limited_user = self.create_user()
-        self.create_member(
-            organization=self.org,
-            user=limited_user,
-            role="member",
-            teams=[user_team],
-            teamRole="admin",
-        )
-
-        data = self._post_data()
-        data["issueId"] = other_group.id
-
-        self.login_as(user=limited_user)
-        response = self.client.post(self.url, data=data)
-
-        assert response.status_code == 403
-        assert response.data["detail"] == (
-            "You do not have permission to create an external issue for this issue."
-        )
-
     def test_invalid_scopes(self) -> None:
         self._set_up_sentry_app("Testin", ["project:read"])
         data = self._post_data()
diff --git a/tests/sentry/sentry_apps/api/endpoints/test_sentry_app_installation_external_requests.py b/tests/sentry/sentry_apps/api/endpoints/test_sentry_app_installation_external_requests.py
@@ -4,9 +4,8 @@
 from django.utils.http import urlencode
 from responses.matchers import query_string_matcher
 
-from sentry.models.organization import Organization
 from sentry.testutils.cases import APITestCase
-from sentry.testutils.silo import assume_test_silo_mode_of, control_silo_test
+from sentry.testutils.silo import control_silo_test
 
 
 @control_silo_test
@@ -95,34 +94,6 @@ def test_external_request_fails(self) -> None:
         response = self.client.get(url, format="json")
         assert response.status_code == 500
 
-    def test_rejects_project_id_without_access(self) -> None:
-        with assume_test_silo_mode_of(Organization):
-            self.org.flags.allow_joinleave = False
-            self.org.save()
-
-        user_team = self.create_team(organization=self.org, name="ser-user-team")
-        other_team = self.create_team(organization=self.org, name="ser-other-team")
-        self.create_project(organization=self.org, teams=[user_team], name="ser-user-proj")
-        other_project = self.create_project(
-            organization=self.org, teams=[other_team], name="ser-other-proj"
-        )
-
-        limited_user = self.create_user()
-        self.create_member(
-            organization=self.org,
-            user=limited_user,
-            role="member",
-            teams=[user_team],
-            teamRole="admin",
-        )
-
-        self.login_as(user=limited_user)
-        url = self.url + f"?projectId={other_project.id}&uri=/get-projects&query=proj"
-        response = self.client.get(url, format="json")
-
-        assert response.status_code == 403
-        assert response.data["detail"] == "You do not have permission to access this project."
-
     def test_invalid_project_id_returns_400(self) -> None:
         self.login_as(user=self.user)
         url = self.url + "?projectId=not-an-int&uri=/get-projects&query=proj"
