fix(api): handle invalid project IDs when creating environments

[MartinLam12]

Thanks for submitting a PR! Please check the boxes below:

• I have read the Contributing Guide.
• I have added information to docs/ if required so people know about the feature.
• I have filled in the "Changes" section below.
• I have filled in the "How did you test this code" section below.

Changes

Contributes to

Please describe.
Handle invalid project values in POST /api/v1/environments/ by catching ValueError and TypeError in EnvironmentPermissions.has_permission(). Previously, passing a non-integer value (e.g., "") caused an unhandled ValueError resulting in a 500 error. The permission check now returns False for invalid project IDs, returning a 403 instead of a 500

How did you test this code?

Please describe.

Added two unit tests in test_unit_environments_permissions.py: test_create_environment__invalid_project_id_string__returns_false — verifies a non-numeric string project ID returns False test_create_environment__none_project_id__returns_false — verifies a missing/null project ID returns False

[vercel]

@MartinLam12 is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

[matthewelwell]

Hi @MartinLam12 , thanks for the contribution. Could you please update the PR title as per this failing CI check, and also resolve the comment review from Cursor?

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs	Ignored	Preview	Mar 9, 2026 11:54am
flagsmith-frontend-preview	Ignored	Preview	Mar 9, 2026 11:54am
flagsmith-frontend-staging	Ignored	Preview	Mar 9, 2026 11:54am

[MartinLam12]

I updated the PR title and also resolved the comment review from Cursor.

[MartinLam12]

@matthewelwell Hello, can you take another look? Thanks

[matthewelwell]

Added one small additional comment, but looks good otherwise.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.24%. Comparing base (ffa171d) to head (f8bb034).
⚠️ Report is 38 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6874      +/-   ##
==========================================
- Coverage   98.31%   98.24%   -0.08%     
==========================================
  Files        1335     1335              
  Lines       49730    49617     -113     
==========================================
- Hits        48892    48746     -146     
- Misses        838      871      +33     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

PR commentary left permanently in production code

Low Severity

The comment # We catch ValueError and TypeError here to resolve previous issues with invalid project IDs reads as PR rationale rather than code documentation. It describes the historical motivation for the change rather than explaining the code's behavior. The except clause itself is self-documenting. The project maintainer already flagged this in review but it remains in the diff.