fix(api): add project create and codeowners scopes by dcramer · Pull Request #113122 · getsentry/sentry

dcramer · 2026-04-15T21:25:42Z

Introduce leaf project scopes for project creation and code ownership management.

Previously, project creation and code ownership flows did not have a clean public API scope model. Project creation was either tied to broader project write access or allowed through readonly project access on some flows, and ownership / CODEOWNERS management relied on broader project scopes even when we wanted a narrower capability.

After this change, project creation is modeled as project:create and ownership / CODEOWNERS management is modeled as project:codeowners. The standard project creation endpoint and the member bootstrap flow both use project:create, and the ownership / CODEOWNERS endpoints use project:codeowners.

project:write and project:admin imply these leaf scopes through the scope hierarchy, so existing broader tokens continue to work. Member and team role behavior is preserved by granting the new scopes where the session model already allows these actions.

This PR also centralizes scope hierarchy handling during permission evaluation so endpoints can name the leaf scope they actually need instead of repeating every parent scope in scope_map.

Refs getsentry/getsentry#19897

Model project creation and ownership management as dedicated project leaf scopes. Previously, project creation and code ownership flows either relied on broader project scopes or mixed readonly access into write endpoints. Add project:create and project:codeowners, wire them through the bitfield and scope hierarchy, and move the create-project and ownership endpoints to those scopes so the public API contract is explicit. Co-Authored-By: OpenAI Codex <noreply@openai.com>

cursor

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 70087ed. Configure here.}

cursor · 2026-04-15T21:33:36Z

            "project:read",
            "project:write",
            "project:admin",
+            "project:codeowners",


Missing project:create scope breaks non-member role project creation

High Severity

The admin (retired), manager, and owner org roles all have project:write/project:admin but lack explicit project:create in their scopes. The member role is the only one with project:create. Since add_scope_hierarchy is only applied to token scopes and scopes_upper_bound, but NOT to member role scopes (via RpcBackedAccess.scopes), these roles lose the ability to create projects. For session auth, scopes_upper_bound is None so member scopes are used directly. For token auth, the intersection of unexpanded member scopes with the expanded upper bound still excludes project:create. Both TeamProjectPermission and OrgProjectPermission now require project:create for POST, so admins/managers/owners get 403s.

Additional Locations (2)

src/sentry/conf/server.py#L2026-L2047

src/sentry/conf/server.py#L2064-L2084

^{Reviewed by Cursor Bugbot for commit 70087ed. Configure here.}

cursor · 2026-04-15T21:33:36Z

+        if request.method == "POST" and request.access.has_scope("project:create"):
+            return request.access.has_team_access(team)
+
+        return super().has_object_permission(request, view, team)


Early return check uses uninitialized access object

Medium Severity

The has_object_permission override checks request.access.has_scope("project:create") before determine_access has been called. At this point request.access is the default NoAccess() set during request initialization, so has_scope always returns False and this early-return path is unreachable dead code. The determine_access call that properly initializes request.access only happens inside OrganizationPermission.has_object_permission, which is reached via the super() fallthrough.

^{Reviewed by Cursor Bugbot for commit 70087ed. Configure here.}

cursor · 2026-04-15T21:33:36Z

            "org:read",
            "member:read",
            "project:read",
+            "project:codeowners",


Team admin role also missing project:create scope

Medium Severity

The team admin role in SENTRY_TEAM_ROLES has project:write and project:admin but lacks project:create. When has_team_scope is checked as a fallback in the permission chain, team-level scopes also won't contain project:create, closing off the last path that could grant project creation access to users whose org-level check already failed.

^{Reviewed by Cursor Bugbot for commit 70087ed. Configure here.}

github-actions · 2026-04-15T21:39:29Z

Backend Test Failures

Failures on 4e938ad in this run:

tests/sentry/api/endpoints/test_project_repo_path_parsing.py::ProjectStacktraceLinkGithubTest::test_member_can_access — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/api/endpoints/test_project_repo_path_parsing.py:308: in test_member_can_access
    assert resp.status_code == 200, resp.content
E   AssertionError: b'{"detail":"You do not have permission to perform this action."}'
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/auth/test_access.py::FromRequestTest__InCellMode::test_superuser_readonly_scopes — log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/auth/test_access.py:601: in test_superuser_readonly_scopes
    assert result.scopes == set(member.get_scopes()).union(SUPERUSER_READONLY_SCOPES)
E   AssertionError: assert frozenset({'a...:admin', ...}) == {'alerts:read...r:admin', ...}
E     
E     Extra items in the left set:
E     'project:create'
E     
E     Full diff:
E     - {
E     + frozenset({
E           'alerts:read',
E           'alerts:write',
E           'event:admin',
E           'event:read',
E           'event:write',
E           'member:admin',
E           'member:invite',
E           'member:read',
E           'member:write',
E           'org:admin',
E           'org:integrations',
E           'org:read',
E           'org:superuser',
E           'org:write',
E           'project:admin',
E           'project:codeowners',
E     +     'project:create',
E           'project:read',
E           'project:releases',
E           'project:write',
E           'team:admin',
E           'team:read',
E           'team:write',
E     - }
E     + })

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_builtin_symbol_sources_unreal — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:450: in test_builtin_symbol_sources_unreal
    response = self.get_success_response(
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_console_platform_not_enabled — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:615: in test_console_platform_not_enabled
    response = self.get_error_response(
src/sentry/testutils/cases.py:663: in get_error_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 401
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_big_number_widget_with_equation

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1199: in test_add_big_number_widget_with_equation
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_simple — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:65: in test_simple
    response = self.get_success_response(
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_invalid_interval

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1631: in test_add_widget_invalid_interval
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_with_invalid_limit_below_minimum

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1508: in test_add_widget_with_invalid_limit_below_minimum
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_change_dashboard_title

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:968: in test_change_dashboard_title
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_dashboard_with_all_projects

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2609: in test_update_dashboard_with_all_projects
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTransactionLikeTest::test_ondemand_with_flags

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4137: in test_ondemand_with_flags
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/integrations/api/endpoints/test_organization_code_mapping_details.py::OrganizationCodeMappingDetailsTest::test_basic_edit_from_member_permissions

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/integrations/api/endpoints/test_organization_code_mapping_details.py:103: in test_basic_edit_from_member_permissions
    assert resp.status_code == 200
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/snuba/api/endpoints/test_discover_key_transactions.py::TeamKeyTransactionTest::test_delete_key_transaction_no_access_team

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/snuba/api/endpoints/test_discover_key_transactions.py:615: in test_delete_key_transaction_no_access_team
    assert response.status_code == 400, response.content
E   AssertionError: b'{"detail":"You do not have permission to perform this action."}'
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsDeleteTest::test_allow_delete_all_projects_dashboard_when_no_open_membership

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:747: in test_allow_delete_all_projects_dashboard_when_no_open_membership
    assert response.status_code == 204
E   assert 403 == 204
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_issue_widget_valid_query

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2425: in test_add_issue_widget_valid_query
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_text_widget_without_feature_flag

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3950: in test_add_text_widget_without_feature_flag
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_e2e_test_with_translation

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1663: in test_add_widget_e2e_test_with_translation
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_with_field_aliases

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1132: in test_add_widget_with_field_aliases
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_with_selected_aggregate

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1166: in test_add_widget_with_selected_aggregate
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_save_widget_with_custom_measurement_in_equation_line_chart

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3172: in test_save_widget_with_custom_measurement_in_equation_line_chart
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTest::test_ondemand_with_unapplicable_query

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4099: in test_ondemand_with_unapplicable_query
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/api/endpoints/issues/test_organization_derive_code_mappings.py::OrganizationDeriveCodeMappingsTest::test_non_project_member_permissions

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/api/endpoints/issues/test_organization_derive_code_mappings.py:245: in test_non_project_member_permissions
    assert response.status_code == status.HTTP_201_CREATED
E   assert 403 == 201
E    +  where 403 = <Response status_code=403, "application/json">.status_code
E    +  and   201 = status.HTTP_201_CREATED

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_builtin_symbol_sources_unity — log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:421: in test_builtin_symbol_sources_unity
    response = self.get_success_response(
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_console_platform_xbox_not_enabled — log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:643: in test_console_platform_xbox_not_enabled
    response = self.get_error_response(
src/sentry/testutils/cases.py:663: in get_error_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 401
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_dashboard_permissions_with_invalid_value

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2752: in test_update_dashboard_permissions_with_invalid_value
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_add_query

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1750: in test_update_widget_add_query
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_organization_projects_experiment.py::OrganizationProjectsExperimentCreateTest::test_without_default_rules

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_organization_projects_experiment.py:165: in test_without_default_rules
    response = self.get_success_response(
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_cannot_edit_prebuilt_insights_dashboard_widgets

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3873: in test_cannot_edit_prebuilt_insights_dashboard_widgets
    assert response.status_code == 409
E   assert 403 == 409
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_migrated_spans_widget_reset_changed_reason

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2157: in test_update_migrated_spans_widget_reset_changed_reason
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_prebuilt_dashboard

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2313: in test_update_prebuilt_dashboard
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_with_field_links

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3464: in test_update_widget_with_field_links
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_organization_projects_experiment.py::OrganizationProjectsExperimentCreateTest::test_missing_project_name

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_organization_projects_experiment.py:45: in test_missing_project_name
    response = self.get_error_response(self.organization.slug, status_code=400)
src/sentry/testutils/cases.py:663: in get_error_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 401
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_console_platform_enabled — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:628: in test_console_platform_enabled
    response = self.get_success_response(
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_widget_details.py::OrganizationDashboardWidgetDetailsTestCase::test_project_search_condition

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_widget_details.py:386: in test_project_search_condition
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsDeleteTest::test_allow_delete_my_projects_dashboard_when_no_open_membership

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:769: in test_allow_delete_my_projects_dashboard_when_no_open_membership
    assert response.status_code == 204
E   assert 403 == 204
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_discover_widget_using_total_count

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2572: in test_add_discover_widget_using_total_count
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_display_type

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1532: in test_add_widget_display_type
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_dashboard_transaction_widget_deprecation_with_flag

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3293: in test_dashboard_transaction_widget_deprecation_with_flag
    assert response.status_code == 400
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_use_other_query

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1847: in test_update_widget_use_other_query
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/sentry_apps/test_sentry_app_updater.py::TestUpdater::test_update_scopes_internal_integration — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/sentry_apps/test_sentry_app_updater.py:60: in test_update_scopes_internal_integration
    assert sentry_app.get_scopes() == ["project:read", "project:write"]
E   AssertionError: assert ['project:cod...roject:write'] == ['project:rea...roject:write']
E     
E     At index 0 diff: 'project:codeowners' != 'project:read'
E     Left contains 2 more items, first extra item: 'project:read'
E     
E     Full diff:
E       [
E     +     'project:codeowners',
E     +     'project:create',
E           'project:read',
E           'project:write',
E       ]

tests/snuba/api/endpoints/test_discover_key_transactions.py::TeamKeyTransactionTest::test_post_key_transaction_multiple_users

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/snuba/api/endpoints/test_discover_key_transactions.py:497: in test_post_key_transaction_multiple_users
    assert response.status_code == 204, response.content
E   AssertionError: b'{"detail":"You do not have permission to perform this action."}'
E   assert 403 == 204
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/api/endpoints/issues/test_organization_derive_code_mappings.py::OrganizationDeriveCodeMappingsTest::test_post_existing_code_mapping

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/api/endpoints/issues/test_organization_derive_code_mappings.py:322: in test_post_existing_code_mapping
    assert response.status_code == 201, response.content
E   AssertionError: b'{"detail":"You do not have permission to perform this action."}'
E   assert 403 == 201
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/api/endpoints/test_organization_api_key_details.py::OrganizationApiKeyDetailsPut::test_update_api_key_details

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/api/endpoints/test_organization_api_key_details.py:49: in test_update_api_key_details
    assert api_key.get_scopes() == ["org:read", "project:read", "project:write", "team:read"]
E   AssertionError: assert ['org:read', ..., 'team:read'] == ['org:read', ..., 'team:read']
E     
E     At index 1 diff: 'project:codeowners' != 'project:read'
E     Left contains 2 more items, first extra item: 'project:write'
E     
E     Full diff:
E       [
E           'org:read',
E     +     'project:codeowners',
E     +     'project:create',
E           'project:read',
E           'project:write',
E           'team:read',
E       ]

tests/sentry/core/endpoints/test_organization_projects_experiment.py::OrganizationProjectsExperimentCreateTest::test_team_slug_is_slugified

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_organization_projects_experiment.py:137: in test_team_slug_is_slugified
    response = self.get_success_response(self.organization.slug, name=self.p1, status_code=201)
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_create_with_project_write_token — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:255: in test_create_with_project_write_token
    assert response.status_code == 201, response.content
E   AssertionError: b'{"detail":"You do not have permission to perform this action."}'
E   assert 403 == 201
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_similarity_project_option_invalid — log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:353: in test_similarity_project_option_invalid
    response = self.get_success_response(
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_ignores_certain_keys_in_layout

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2287: in test_ignores_certain_keys_in_layout
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboards.py::OrganizationDashboardsTest::test_post_member_can_create

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboards.py:981: in test_post_member_can_create
    assert response.status_code == 201
E   assert 403 == 201
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_save_widget_with_custom_measurement_in_equation_tables

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3119: in test_save_widget_with_custom_measurement_in_equation_tables
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_dashboard_with_my_projects_after_setting_all_projects

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2625: in test_update_dashboard_with_my_projects_after_setting_all_projects
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_with_thresholds_and_preferred_polarity

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1981: in test_update_widget_with_thresholds_and_preferred_polarity
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_invalid_platform — log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:104: in test_invalid_platform
    response = self.get_error_response(
src/sentry/testutils/cases.py:663: in get_error_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 401
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_widget_details.py::OrganizationDashboardWidgetDetailsTestCase::test_valid_widget_permissions

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_widget_details.py:67: in test_valid_widget_permissions
    self.test_valid_widget()
tests/sentry/dashboards/endpoints/test_organization_dashboard_widget_details.py:63: in test_valid_widget
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsDeleteTest::test_delete_permission

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:707: in test_delete_permission
    self.test_delete()
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:695: in test_delete
    assert response.status_code == 204
E   assert 403 == 204
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_can_edit_prebuilt_insights_dashboard_global_filters

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3908: in test_can_edit_prebuilt_insights_dashboard_global_filters
    assert response.status_code == 200
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_dashboard_exisiting_transaction_widget_deprecation_with_flag

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3346: in test_dashboard_exisiting_transaction_widget_deprecation_with_flag
    assert response.status_code == 200
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_text_widget_errors_provided_queries

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4012: in test_text_widget_errors_provided_queries
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_with_axis_range

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2050: in test_update_widget_with_axis_range
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTest::test_feature_check_takes_precedence_over_cardinality

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4493: in test_feature_check_takes_precedence_over_cardinality
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTest::test_ondemand_hits_spec_limit

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4176: in test_ondemand_hits_spec_limit
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTest::test_ondemand_updates_new_widget

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4357: in test_ondemand_updates_new_widget
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/integrations/api/endpoints/test_organization_repositories.py::OrganizationRepositoriesCreateTest::test_member_ok

— log

[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/integrations/api/endpoints/test_organization_repositories.py:371: in test_member_ok
    assert response.status_code == 201, (response.status_code, response.content)
E   AssertionError: (403, b'{"detail":"You do not have permission to perform this action."}')
E   assert 403 == 201
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/core/endpoints/test_team_projects.py::TeamProjectsCreateTest::test_invalid_numeric_slug — log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_team_projects.py:82: in test_invalid_numeric_slug
    response = self.get_error_response(
src/sentry/testutils/cases.py:663: in get_error_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 401
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_categorical_bar_widget_with_valid_limit

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1445: in test_add_categorical_bar_widget_with_valid_limit
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1098: in test_add_widget
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_cannot_edit_prebuilt_insights_dashboard_title

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3887: in test_cannot_edit_prebuilt_insights_dashboard_title
    assert response.status_code == 409
E   assert 403 == 409
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_dashboard_does_not_exist

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:954: in test_dashboard_does_not_exist
    assert response.status_code == 404
E   assert 403 == 404
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_dashboard_with_filters

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2586: in test_update_dashboard_with_filters
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_unknown_prebuilt

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2357: in test_update_unknown_prebuilt
    assert response.status_code == 404
E   assert 403 == 404
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTest::test_ondemand_updates_existing_widget

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4267: in test_ondemand_updates_existing_widget
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTransactionLikeTest::test_cardinality_skips_non_discover_widget_types

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:4536: in test_cardinality_skips_non_discover_widget_types
    assert response.status_code == 200, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 200
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/sentry_apps/test_sentry_app_updater.py::TestUpdater::test_updates_unpublished_app_scopes — log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/sentry_apps/test_sentry_app_updater.py:95: in test_updates_unpublished_app_scopes
    assert self.sentry_app.get_scopes() == ["project:read", "project:write"]
E   AssertionError: assert ['project:cod...roject:write'] == ['project:rea...roject:write']
E     
E     At index 0 diff: 'project:codeowners' != 'project:read'
E     Left contains 2 more items, first extra item: 'project:read'
E     
E     Full diff:
E       [
E     +     'project:codeowners',
E     +     'project:create',
E           'project:read',
E           'project:write',
E       ]

tests/sentry/api/endpoints/issues/test_organization_derive_code_mappings.py::OrganizationDeriveCodeMappingsTest::test_idor_project_from_different_org

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/api/endpoints/issues/test_organization_derive_code_mappings.py:224: in test_idor_project_from_different_org
    assert response.status_code == status.HTTP_404_NOT_FOUND
E   assert 403 == 404
E    +  where 403 = <Response status_code=403, "application/json">.status_code
E    +  and   404 = status.HTTP_404_NOT_FOUND

tests/sentry/core/endpoints/test_organization_projects_experiment.py::OrganizationProjectsExperimentCreateTest::test_consecutive_reqs_with_duplicate_project_names

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/core/endpoints/test_organization_projects_experiment.py:200: in test_consecutive_reqs_with_duplicate_project_names
    resp1 = self.get_success_response(self.organization.slug, name=self.p1, status_code=201)
src/sentry/testutils/cases.py:629: in get_success_response
    assert_status_code(response, status_code)
src/sentry/testutils/asserts.py:46: in assert_status_code
    assert minimum <= response.status_code < maximum, response
E   AssertionError: <Response status_code=403, "application/json">
E   assert 403 < 202
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_discover_widget_invalid_issue_query

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:2476: in test_add_discover_widget_invalid_issue_query
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_description_exceeds_max_length

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1310: in test_add_widget_description_exceeds_max_length
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_add_widget_missing_title

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1284: in test_add_widget_missing_title
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_does_not_update_if_linked_dashboard_does_not_appear_in_fields

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:3731: in test_does_not_update_if_linked_dashboard_does_not_appear_in_fields
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_invalid_aggregate_parameter

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1928: in test_update_widget_invalid_aggregate_parameter
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsPutTest::test_update_widget_invalid_fields

— log

[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py:1952: in test_update_widget_invalid_fields
    assert response.status_code == 400, response.data
E   AssertionError: {'detail': ErrorDetail(string='You do not have permission to perform this action.', code='permission_denied')}
E   assert 403 == 400
E    +  where 403 = <Response status_code=403, "application/json">.status_code

tests/sentry/dashboards/endpoints/test_organization_dashboard_details.py::OrganizationDashboardDetailsOnDemandTransactionLikeTest::test_add_widget_with_split_widget_type_writes_to_split_decision

—

... (truncated due to GitHub comment size limit)

github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 15, 2026

vercel bot deployed to Preview April 15, 2026 21:27 View deployment

cursor bot reviewed Apr 15, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(api): add project create and codeowners scopes#113122

fix(api): add project create and codeowners scopes#113122
dcramer wants to merge 1 commit intodcramer/fix/api-write-scope-mutationsfrom
dcramer/fix/api-project-leaf-scopes

dcramer commented Apr 15, 2026

Uh oh!

cursor bot left a comment

Uh oh!

cursor bot Apr 15, 2026

Uh oh!

cursor bot Apr 15, 2026

Uh oh!

cursor bot Apr 15, 2026

Uh oh!

github-actions bot commented Apr 15, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dcramer commented Apr 15, 2026

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Uh oh!

cursor bot Apr 15, 2026

Choose a reason for hiding this comment

Missing project:create scope breaks non-member role project creation

Uh oh!

cursor bot Apr 15, 2026

Choose a reason for hiding this comment

Early return check uses uninitialized access object

Uh oh!

cursor bot Apr 15, 2026

Choose a reason for hiding this comment

Team admin role also missing project:create scope

Uh oh!

github-actions bot commented Apr 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Backend Test Failures

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Missing `project:create` scope breaks non-member role project creation

Team admin role also missing `project:create` scope

github-actions bot commented Apr 15, 2026 •

edited

Loading