Skip to content

fix(api): handle invalid project IDs when creating environments#6874

Open
MartinLam12 wants to merge 5 commits intoFlagsmith:mainfrom
MartinLam12:fix-project-id-validation
Open

fix(api): handle invalid project IDs when creating environments#6874
MartinLam12 wants to merge 5 commits intoFlagsmith:mainfrom
MartinLam12:fix-project-id-validation

Conversation

@MartinLam12
Copy link

@MartinLam12 MartinLam12 commented Mar 8, 2026

Thanks for submitting a PR! Please check the boxes below:

  • I have read the Contributing Guide.
  • I have added information to docs/ if required so people know about the feature.
  • I have filled in the "Changes" section below.
  • I have filled in the "How did you test this code" section below.

Changes

Contributes to

Please describe.
Handle invalid project values in POST /api/v1/environments/ by catching ValueError and TypeError in EnvironmentPermissions.has_permission(). Previously, passing a non-integer value (e.g., "") caused an unhandled ValueError resulting in a 500 error. The permission check now returns False for invalid project IDs, returning a 403 instead of a 500

How did you test this code?

Please describe.

Added two unit tests in test_unit_environments_permissions.py: test_create_environment__invalid_project_id_string__returns_false — verifies a non-numeric string project ID returns False test_create_environment__none_project_id__returns_false — verifies a missing/null project ID returns False

@MartinLam12 MartinLam12 requested a review from a team as a code owner March 8, 2026 04:42
@MartinLam12 MartinLam12 requested review from khvn26 and removed request for a team March 8, 2026 04:42
@vercel
Copy link

vercel bot commented Mar 8, 2026

@MartinLam12 is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the api Issue related to the REST API label Mar 8, 2026
cursor[bot]
cursor bot reviewed Mar 8, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Free Tier Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

@matthewelwell
Copy link
Contributor

matthewelwell commented Mar 9, 2026

Hi @MartinLam12 , thanks for the contribution. Could you please update the PR title as per this failing CI check, and also resolve the comment review from Cursor?

@vercel
Copy link

vercel bot commented Mar 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments
Project Deployment Actions Updated (UTC)
docs Ignored Ignored Preview Mar 9, 2026 11:54am
flagsmith-frontend-preview Ignored Ignored Preview Mar 9, 2026 11:54am
flagsmith-frontend-staging Ignored Ignored Preview Mar 9, 2026 11:54am

Request Review

@MartinLam12 MartinLam12 changed the title Fix project id validation fix(api): handle invalid project IDs when creating environments Mar 13, 2026
@MartinLam12
Copy link
Author

MartinLam12 commented Mar 13, 2026

I updated the PR title and also resolved the comment review from Cursor.

@MartinLam12
Copy link
Author

MartinLam12 commented Mar 20, 2026

@matthewelwell Hello, can you take another look? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@khvn26 khvn26 Awaiting requested review from khvn26 khvn26 is a code owner automatically assigned from Flagsmith/flagsmith-back-end

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

api Issue related to the REST API

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MartinLam12 @matthewelwell