Skip to content

feat: enforce feature ownership project setting#7067

Merged
gagantrivedi merged 10 commits intomainfrom
feat/enforce-feature-ownership
Apr 3, 2026
Merged

feat: enforce feature ownership project setting#7067
gagantrivedi merged 10 commits intomainfrom
feat/enforce-feature-ownership

Conversation

@gagantrivedi
Copy link
Copy Markdown
Member

@gagantrivedi gagantrivedi commented Mar 30, 2026

Thanks for submitting a PR! Please check the boxes below:

  • I have read the Contributing Guide.
  • I have added information to docs/ if required so people know about the feature.
  • I have filled in the "Changes" section below.
  • I have filled in the "How did you test this code" section below.

Changes

Closes #4432

Add a project-level enforce_feature_owners setting. When enabled:

  • Feature creation requires at least one user or group owner
  • The owners/group_owners fields on the create serialiser now accept IDs on write and return nested objects on read (asymmetric PrimaryKeyRelatedField — no API contract break)
  • The remove-owners/remove-group-owners endpoints prevent removing the last owner
  • Frontend adds a project setting toggle, owner selection during feature creation, create-button validation, and owner chips in the feature modal header

How did you test this code?

  • 18 new backend tests covering:
    • Enforcement on/off for create
    • Valid/invalid owner IDs, wrong org groups, users without project access
    • Master API key without owners
    • Owners read-only on update
    • Remove endpoints blocking last owner removal (user and group)
    • Project setting PATCH and list
  • Frontend: manual testing via local dev server
  • All existing tests pass (247 features, 48 projects)

@vercel
Copy link
Copy Markdown

vercel bot commented Mar 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
flagsmith-frontend-preview Ready Ready Preview, Comment Apr 1, 2026 2:02pm
flagsmith-frontend-staging Ready Ready Preview, Comment Apr 1, 2026 2:02pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Ignored Ignored Preview Apr 1, 2026 2:02pm

Request Review

@github-actions github-actions bot added front-end Issue related to the React Front End Dashboard api Issue related to the REST API feature New feature or request labels Mar 30, 2026
@gagantrivedi gagantrivedi force-pushed the feat/enforce-feature-ownership branch from aca43a4 to 1749d8d Compare March 30, 2026 09:51
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.34%. Comparing base (3f71f16) to head (9a3dffb).
⚠️ Report is 40 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff            @@
##             main    #7067    +/-   ##
========================================
  Coverage   98.33%   98.34%            
========================================
  Files        1337     1336     -1     
  Lines       50010    50132   +122     
========================================
+ Hits        49178    49302   +124     
+ Misses        832      830     -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gagantrivedi gagantrivedi force-pushed the feat/enforce-feature-ownership branch from 4c3aa8f to a8b419f Compare March 30, 2026 11:04
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@gagantrivedi
feat: add project setting to enforce feature ownership (#4432)
ca55b0d 
Add an `enforce_feature_owners` boolean on the Project model. When
enabled, feature creation requires at least one user or group owner.
The owners/group_owners fields on CreateFeatureSerializer are now
asymmetric PrimaryKeyRelatedFields (accept IDs on write, return
nested objects on read). The remove-owners and remove-group-owners
endpoints also prevent removing the last owner when enforcement is on.

Frontend adds the project setting toggle, a FeatureOwnerSelect
component for the creation modal, create-button validation, and
owner chips in the feature modal header.
@gagantrivedi gagantrivedi force-pushed the feat/enforce-feature-ownership branch from f9b43dc to ca55b0d Compare March 30, 2026 11:15
gagantrivedi and others added 2 commits March 30, 2026 17:04
@gagantrivedi
fixup: use admin_client_new fixture and extract _validate_enforce_fea…
4e0d1e5 
…ture_owners

- Switch all new tests from deprecated admin_client_original to
  admin_client_new so they run as both user and master API key
- Extract enforcement check into private method
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
f9a448f 
for more information, see https://pre-commit.ci
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@gagantrivedi
fixup: fix test names to match 3-part naming convention
188ae6c 
Merge extra __ segments into the condition part to satisfy the
FT003 lint rule: test_{subject}__{condition}__{expected}.
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@gagantrivedi
fixup: remove redundant master API key test
9acd5b3 
Already covered by admin_client_new parametrisation on
test_create_feature__enforce_owners_enabled_no_owners__returns_400.
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 31, 2026
@gagantrivedi
fixup: remove redundant remove_owners test
5d60dba 
Already covered by existing test_remove_owners__specified_owner__removes_only_specified.
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 31, 2026
@gagantrivedi gagantrivedi marked this pull request as ready for review March 31, 2026 03:46
@gagantrivedi gagantrivedi requested a review from a team as a code owner March 31, 2026 03:46
Zaimwa9
Zaimwa9 requested changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Zaimwa9 Zaimwa9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall good and well working. Couple of comments:

  • One refactor sorry but that's part of becoming a frontend 😅
  • Couple of questions regarding new UI elements (to be hidden or not depending on the config)
  • One backend NIT

Otherwise good job

@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
@gagantrivedi
fixup: address PR review comments 2-5
e6633d3 
- Migrate FlagOwners.js and FlagOwnerGroups.js to functional TSX
  components with RTK Query, supporting dual mode (edit via API,
  create via parent callbacks)
- Delete FeatureOwnerSelect.tsx (replaced by refactored components)
- Remove tooltips from modal header owner chips
- Gate owner chips and create-form picker on enforce_feature_owners
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
khvn26
khvn26 previously approved these changes Apr 1, 2026
View reviewed changes
@kyle-ssg kyle-ssg mentioned this pull request Apr 1, 2026
Merged
4 tasks
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
Zaimwa9
Zaimwa9 approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Zaimwa9 Zaimwa9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested new changes 🟢

@Zaimwa9 Zaimwa9 requested a review from khvn26 April 2, 2026 08:05
khvn26
khvn26 approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@khvn26 khvn26 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good bar 2 nits

@gagantrivedi gagantrivedi merged commit e8ce5ab into main Apr 3, 2026
37 checks passed
@gagantrivedi gagantrivedi deleted the feat/enforce-feature-ownership branch April 3, 2026 00:58
@flagsmithdev flagsmithdev mentioned this pull request Apr 2, 2026
Merged
gagantrivedi pushed a commit that referenced this pull request Apr 3, 2026
@claude
fix: include specific IDs in owner validation error messages
c68c12a 
Address review feedback from PR #7067:
- Include user IDs in error message when users don't have project access
- Include group IDs in error message when groups belong to wrong organisation

This helps users understand exactly which owners/groups are invalid.
@gagantrivedi gagantrivedi mentioned this pull request Apr 3, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@khvn26 khvn26 khvn26 approved these changes

@Zaimwa9 Zaimwa9 Zaimwa9 approved these changes

Assignees

@Zaimwa9 Zaimwa9

Labels

api Issue related to the REST API feature New feature or request front-end Issue related to the React Front End Dashboard

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Project setting: Enforce feature ownership

3 participants

@gagantrivedi @khvn26 @Zaimwa9