Skip to content

feat(replay): guard replay endpoints with granular user permissions #104452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
shellmayr wants to merge 37 commits into from
Closed

feat(replay): guard replay endpoints with granular user permissions #104452

shellmayr wants to merge 37 commits into from

Conversation

@shellmayr
Copy link
Member

@shellmayr shellmayr commented Dec 5, 2025
edited
Loading

  • Implement the guarding of endpoints by granular permissions for replays, building on the data model established in feat(replay): add model to allow per-user access control for replays #104446,
  • Introduce base endpoint classes OrganizationReplayEndpoint and ProjectReplayEndpoint to centralize feature and permission checks for replay access, ensuring consistent enforcement across all replay endpoints.
  • Updated all replay endpoints to use the new base classes and enforce granular permissions, returning appropriate HTTP status codes for unauthorized access.
  • More information on the plan & product impact can be found here Research granular permissions for viewing Replays

Closes TET-1564

@linear
Copy link

linear bot commented Dec 5, 2025
edited
Loading

TET-1564 Granular replay permissions - gate endpoints by permissions

TET-1566 Granular replay permissions - add ability to edit permissions via API endpoint

@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Dec 5, 2025
@shellmayr shellmayr changed the base branch from master to shellmayr/feat/add-model-for-granular-replay-access December 5, 2025 14:11
@shellmayr shellmayr changed the title feat(replay): add model to allow per-user access control for replays feat(replay): guard replay endpoints with granular user permissions Dec 5, 2025
@codecov
Copy link

codecov bot commented Dec 5, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 96.47577% with 8 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
src/sentry/core/endpoints/organization_details.py 96.29% 2 Missing ⚠️
...plays/endpoints/organization_replay_events_meta.py 66.66% 1 Missing ⚠️
...sentry/replays/endpoints/project_replay_details.py 90.00% 1 Missing ⚠️
...points/project_replay_recording_segment_details.py 75.00% 1 Missing ⚠️
...ndpoints/project_replay_recording_segment_index.py 75.00% 1 Missing ⚠️
.../replays/endpoints/project_replay_video_details.py 90.00% 1 Missing ⚠️
...ntry/replays/endpoints/project_replay_viewed_by.py 85.71% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##           master   #104452    +/-   ##
=========================================
  Coverage   80.52%    80.53%            
=========================================
  Files        9335      9339     +4     
  Lines      401109    401273   +164     
  Branches    25744     25744            
=========================================
+ Hits       323010    323167   +157     
- Misses      77657     77664     +7     
  Partials      442       442

@shellmayr shellmayr force-pushed the shellmayr/feat/guard-api-endpoints-by-granular-replay-access branch from f5a1fb6 to af243b7 Compare December 5, 2025 14:22
@shellmayr shellmayr force-pushed the shellmayr/feat/guard-api-endpoints-by-granular-replay-access branch from 53748c7 to ce468ae Compare December 5, 2025 14:38
@shellmayr shellmayr force-pushed the shellmayr/feat/guard-api-endpoints-by-granular-replay-access branch from f8575a5 to 4b786f2 Compare December 5, 2025 15:29
@shellmayr shellmayr requested a review from a team December 5, 2025 15:29
@shellmayr shellmayr force-pushed the shellmayr/feat/add-model-for-granular-replay-access branch from 6938277 to fdc6279 Compare December 9, 2025 13:01
@shellmayr shellmayr force-pushed the shellmayr/feat/guard-api-endpoints-by-granular-replay-access branch from 4b786f2 to b47d6d4 Compare December 9, 2025 13:02
@shellmayr shellmayr force-pushed the shellmayr/feat/add-model-for-granular-replay-access branch from 3c54328 to d913c80 Compare December 10, 2025 11:28
@shellmayr shellmayr force-pushed the shellmayr/feat/guard-api-endpoints-by-granular-replay-access branch from fcb6ffc to 757f936 Compare December 10, 2025 13:19
Base automatically changed from shellmayr/feat/add-model-for-granular-replay-access to master December 15, 2025 12:43
@shellmayr shellmayr mentioned this pull request Dec 15, 2025
Merged
@shellmayr
Copy link
Member Author

shellmayr commented Dec 15, 2025

Closing this because the branch-on-branch structure got screwed up by the merge, and now it's too much of a hassle to rebase, so I opened a new PR instead: #104955

@shellmayr shellmayr closed this Dec 15, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Dec 31, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shellmayr