Skip to content

feat: enforce feature ownership project setting#7067

Open
gagantrivedi wants to merge 10 commits intomainfrom
feat/enforce-feature-ownership
Open

feat: enforce feature ownership project setting#7067
gagantrivedi wants to merge 10 commits intomainfrom
feat/enforce-feature-ownership

Conversation

@gagantrivedi
Copy link
Copy Markdown
Member

@gagantrivedi gagantrivedi commented Mar 30, 2026

Thanks for submitting a PR! Please check the boxes below:

  • I have read the Contributing Guide.
  • I have added information to docs/ if required so people know about the feature.
  • I have filled in the "Changes" section below.
  • I have filled in the "How did you test this code" section below.

Changes

Closes #4432

Add a project-level enforce_feature_owners setting. When enabled:

  • Feature creation requires at least one user or group owner
  • The owners/group_owners fields on the create serialiser now accept IDs on write and return nested objects on read (asymmetric PrimaryKeyRelatedField — no API contract break)
  • The remove-owners/remove-group-owners endpoints prevent removing the last owner
  • Frontend adds a project setting toggle, owner selection during feature creation, create-button validation, and owner chips in the feature modal header

How did you test this code?

  • 18 new backend tests covering:
    • Enforcement on/off for create
    • Valid/invalid owner IDs, wrong org groups, users without project access
    • Master API key without owners
    • Owners read-only on update
    • Remove endpoints blocking last owner removal (user and group)
    • Project setting PATCH and list
  • Frontend: manual testing via local dev server
  • All existing tests pass (247 features, 48 projects)

@vercel
Copy link
Copy Markdown

vercel bot commented Mar 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
flagsmith-frontend-preview Ready Ready Preview, Comment Apr 1, 2026 2:02pm
flagsmith-frontend-staging Ready Ready Preview, Comment Apr 1, 2026 2:02pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Ignored Ignored Preview Apr 1, 2026 2:02pm

Request Review

@github-actions github-actions bot added front-end Issue related to the React Front End Dashboard api Issue related to the REST API feature New feature or request labels Mar 30, 2026
@gagantrivedi gagantrivedi force-pushed the feat/enforce-feature-ownership branch from aca43a4 to 1749d8d Compare March 30, 2026 09:51
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.34%. Comparing base (3f71f16) to head (9a3dffb).
⚠️ Report is 27 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff            @@
##             main    #7067    +/-   ##
========================================
  Coverage   98.33%   98.34%            
========================================
  Files        1337     1336     -1     
  Lines       50010    50132   +122     
========================================
+ Hits        49178    49302   +124     
+ Misses        832      830     -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gagantrivedi gagantrivedi force-pushed the feat/enforce-feature-ownership branch from 4c3aa8f to a8b419f Compare March 30, 2026 11:04
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@gagantrivedi
feat: add project setting to enforce feature ownership (#4432)
ca55b0d 
Add an `enforce_feature_owners` boolean on the Project model. When
enabled, feature creation requires at least one user or group owner.
The owners/group_owners fields on CreateFeatureSerializer are now
asymmetric PrimaryKeyRelatedFields (accept IDs on write, return
nested objects on read). The remove-owners and remove-group-owners
endpoints also prevent removing the last owner when enforcement is on.

Frontend adds the project setting toggle, a FeatureOwnerSelect
component for the creation modal, create-button validation, and
owner chips in the feature modal header.
@gagantrivedi gagantrivedi force-pushed the feat/enforce-feature-ownership branch from f9b43dc to ca55b0d Compare March 30, 2026 11:15
gagantrivedi and others added 2 commits March 30, 2026 17:04
@gagantrivedi
fixup: use admin_client_new fixture and extract _validate_enforce_fea…
4e0d1e5 
…ture_owners

- Switch all new tests from deprecated admin_client_original to
  admin_client_new so they run as both user and master API key
- Extract enforcement check into private method
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
f9a448f 
for more information, see https://pre-commit.ci
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@gagantrivedi
fixup: fix test names to match 3-part naming convention
188ae6c 
Merge extra __ segments into the condition part to satisfy the
FT003 lint rule: test_{subject}__{condition}__{expected}.
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 30, 2026
@gagantrivedi
fixup: remove redundant master API key test
9acd5b3 
Already covered by admin_client_new parametrisation on
test_create_feature__enforce_owners_enabled_no_owners__returns_400.
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 31, 2026
@gagantrivedi
fixup: remove redundant remove_owners test
5d60dba 
Already covered by existing test_remove_owners__specified_owner__removes_only_specified.
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 31, 2026
@gagantrivedi gagantrivedi marked this pull request as ready for review March 31, 2026 03:46
@gagantrivedi gagantrivedi requested a review from a team as a code owner March 31, 2026 03:46
claude[bot]
claude bot reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Code review skipped — your organization's overage spend limit has been reached.

Code review is billed via overage credits. To resume reviews, an organization admin can raise the monthly limit at claude.ai/admin-settings/claude-code.

Once credits are available, reopen this pull request to trigger a review.

@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 31, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026
edited
Loading

Docker builds report

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-e2e:pr-7067 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-api-test:pr-7067 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-api:pr-7067 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-private-cloud:pr-7067 Finished ✅ Results
ghcr.io/flagsmith/flagsmith:pr-7067 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-frontend:pr-7067 Finished ✅ Results

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026
edited
Loading

Playwright Test Results (oss - depot-ubuntu-latest-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  8.3 seconds
commit  5d60dba
info  🔄 Run: #15587 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  27.7 seconds
commit  5d60dba
info  🔄 Run: #15587 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  50.5 seconds
commit  5d60dba
info  🔄 Run: #15587 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  57.7 seconds
commit  5d60dba
info  🔄 Run: #15587 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  39.1 seconds
commit  e67da98
info  🔄 Run: #15598 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  46.1 seconds
commit  e67da98
info  🔄 Run: #15598 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

passed  16 passed

Details

stats  16 tests across 13 suites
duration  54.1 seconds
commit  e67da98
info  🔄 Run: #15598 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  50.8 seconds
commit  e67da98
info  🔄 Run: #15598 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  24.4 seconds
commit  e6633d3
info  🔄 Run: #15599 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  10.8 seconds
commit  e6633d3
info  🔄 Run: #15599 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

passed  16 passed

Details

stats  16 tests across 13 suites
duration  59.9 seconds
commit  e6633d3
info  🔄 Run: #15599 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  44.2 seconds
commit  e6633d3
info  🔄 Run: #15599 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  9.3 seconds
commit  f6ce2cd
info  🔄 Run: #15601 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  48.4 seconds
commit  f6ce2cd
info  🔄 Run: #15601 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

passed  16 passed

Details

stats  16 tests across 13 suites
duration  26.1 seconds
commit  f6ce2cd
info  🔄 Run: #15601 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  44 seconds
commit  f6ce2cd
info  🔄 Run: #15601 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  47.8 seconds
commit  9a3dffb
info  🔄 Run: #15613 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

passed  10 passed

Details

stats  10 tests across 7 suites
duration  41.9 seconds
commit  9a3dffb
info  🔄 Run: #15613 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  51.2 seconds
commit  9a3dffb
info  🔄 Run: #15613 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

passed  1 passed

Details

stats  1 test across 1 suite
duration  1 minute, 12 seconds
commit  9a3dffb
info  🔄 Run: #15613 (attempt 1)

@gagantrivedi gagantrivedi removed the request for review from kyle-ssg March 31, 2026 10:33
Zaimwa9
Zaimwa9 requested changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Zaimwa9 Zaimwa9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall good and well working. Couple of comments:

  • One refactor sorry but that's part of becoming a frontend 😅
  • Couple of questions regarding new UI elements (to be hidden or not depending on the config)
  • One backend NIT

Otherwise good job

@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
@gagantrivedi
fixup: address PR review comments 2-5
e6633d3 
- Migrate FlagOwners.js and FlagOwnerGroups.js to functional TSX
  components with RTK Query, supporting dual mode (edit via API,
  create via parent callbacks)
- Delete FeatureOwnerSelect.tsx (replaced by refactored components)
- Remove tooltips from modal header owner chips
- Gate owner chips and create-form picker on enforce_feature_owners
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
khvn26
khvn26 previously approved these changes Apr 1, 2026
View reviewed changes
@kyle-ssg kyle-ssg mentioned this pull request Apr 1, 2026
Merged
4 tasks
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Apr 1, 2026
Zaimwa9
Zaimwa9 approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Zaimwa9 Zaimwa9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested new changes 🟢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@Zaimwa9 Zaimwa9 Zaimwa9 approved these changes

@khvn26 khvn26 khvn26 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@Zaimwa9 Zaimwa9

Labels

api Issue related to the REST API feature New feature or request front-end Issue related to the React Front End Dashboard

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Project setting: Enforce feature ownership

3 participants

@gagantrivedi @khvn26 @Zaimwa9