ref(issue-ownership): remove reassignment-from-own-team exception#112877
Open
ref(issue-ownership): remove reassignment-from-own-team exception#112877
Conversation
In closed-membership orgs, users could previously assign a team they were not a member of, as long as they were a member of the currently assigned team. This exception (introduced in PR #106984) added significant complexity: current_owner context plumbing, a skip_team_validation escape hatch, and a 77-line validate_bulk_reassignment function duplicating the auth logic. Remove the exception entirely. The rule is now: you can assign a team if you are a member of that team, have team:admin scope, or the org has open membership. This eliminates the single-vs-bulk distinction in validation, so OwnerActorField validates identically everywhere. Co-authored-by: Claude <noreply@anthropic.com>
github-actions
bot
added
the
Scope: Backend
cvxluo
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In closed-membership orgs, users could previously assign a team they were not a member of, as long as they were a member of the currently assigned team. This exception (introduced in PR #106984) added significant complexity —we should remove the exception entirely. The rule is now: you can assign a team if you are a member of that team, have team:admin scope, or the org has open membership.
Practically, this consolidates all validation into OwnerActorField. This applies to all instances where you can assign a team as an owner, most notably issue ownership, but also alert ownership, etc. This makes assignment more restrictive, in preparation for making things more permissive for open membership cases: https://www.notion.so/sentry/permissive-ownership-assignments-3348b10e4b5d806e91b4cbf12af6a26c?source=copy_link
We realistically didn't need this exception — it's trivial for an org member to reassign something to a team they control, then to the target team.