Merge branch 'master' into feat/apm-v2

* master:
  ref(admin): Convert user edit page to react (#14074)
  ref: Remove unused Group.get_oldest_event and legacy events behavior (#14038)
  ref(api): Update DELETE users/ to support hard deleting (#14068)
  test(OrganizationDiscoverSavedQueryDetailTest): Stabilize put test (#14077)
  meta(readme): Sentry logo should link to sentry.io (#14076)
  ref: Remove duplicate column (#14073)
  App platform/update permissions token auth (#14046)
  feat: Support issue IDs as canonical parameters
  ref: Change to new traceparent header for Python SDK (#14070)
  feat: Use option to force-disable transaction events (#14056)
  feat(apm): Register option to force-disable transaction events (#14055)
  Feat/mark sentry app installed put route (#14060)
  ref: Remove unused Group.event_set property  (#14036)
  fix: Filter out groups that are pending deletion/merge from `by_qualified_short_id` (SEN-849)
  fix(ui): Fix resolve/ignore actions for accounts without multi… (#14058)
  Fix: Remove extra $.param introduced in GH-14051 (#14061)
  feat: Use Snuba for Group.from_event_id (#14034)
  fix(ui) Display implicit default sort and default to descending (#14042)
  fix(github) Fix 404s not being handled in repository search (#14030)
  fix: Pass an empty array to $.param instead of an empty string when options.query is falsey (#14051)

# Conflicts:
#	src/sentry/utils/sdk.py

Author: HazAT

README.rst

@@ -2,7 +2,9 @@
 
    <p align="center">
      <p align="center">
-       <img src="https://sentry-brand.storage.googleapis.com/sentry-logo-black.png" alt="Sentry" height="72"
+       <a href="https://sentry.io/?utm_source=github&utm_medium=logo" target="_blank">
+         <img src="https://sentry-brand.storage.googleapis.com/sentry-logo-black.png" alt="Sentry" height="72">
+       </a>
      </p>
      <p align="center">
        Users and logs provide clues. Sentry provides answers.

src/sentry/analytics/events/sentry_app_installation_updated.py

@@ -0,0 +1,16 @@
+from __future__ import absolute_import
+
+from sentry import analytics
+
+
+class SentryAppInstallationUpdatedEvent(analytics.Event):
+    type = 'sentry_app_installation.updated'
+
+    attributes = (
+        analytics.Attribute('sentry_app_installation_id'),
+        analytics.Attribute('sentry_app_id'),
+        analytics.Attribute('organization_id'),
+    )
+
+
+analytics.register(SentryAppInstallationUpdatedEvent)

src/sentry/api/bases/sentryapps.py

@@ -45,7 +45,16 @@ def wrapped(self, *args, **kwargs):
 
 class SentryAppsPermission(SentryPermission):
     scope_map = {
-        'GET': (),  # Public endpoint.
+        # GET is ideally a public endpoint but for now we are allowing for
+        # anyone who has member permissions or above.
+        'GET': ('event:read',
+                'event:write',
+                'event:admin',
+                'project:releases',
+                'project:read',
+                'org:read',
+                'member:read',
+                'team:read',),
         'POST': ('org:read', 'org:integrations', 'org:write', 'org:admin'),
     }
 
@@ -118,12 +127,25 @@ class SentryAppPermission(SentryPermission):
     }
 
     published_scope_map = {
-        'GET': (),  # Public endpoint.
+        # GET is ideally a public endpoint but for now we are allowing for
+        # anyone who has member permissions or above.
+        'GET': ('event:read',
+                'event:write',
+                'event:admin',
+                'project:releases',
+                'project:read',
+                'org:read',
+                'member:read',
+                'team:read',),
         'PUT': ('org:write', 'org:admin'),
         'POST': ('org:write', 'org:admin'),
         'DELETE': ('org:admin'),
     }
 
+    @property
+    def scope_map(self):
+        return self.published_scope_map
+
     def has_object_permission(self, request, view, sentry_app):
         if not hasattr(request, 'user') or not request.user:
             return False
@@ -227,6 +249,12 @@ class SentryAppInstallationPermission(SentryPermission):
         'POST': ('org:integrations', 'event:write', 'event:admin'),
     }
 
+    def has_permission(self, request, *args, **kwargs):
+        # To let the app mark the installation as installed, we don't care about permissions
+        if request.user.is_sentry_app and request.method == 'PUT':
+            return True
+        return super(SentryAppInstallationPermission, self).has_permission(request, *args, **kwargs)
+
     def has_object_permission(self, request, view, installation):
         if not hasattr(request, 'user') or not request.user:
             return False
@@ -236,6 +264,10 @@ def has_object_permission(self, request, view, installation):
         if is_active_superuser(request):
             return True
 
+        # if user is an app, make sure it's for that same app
+        if request.user.is_sentry_app:
+            return request.user == installation.sentry_app.proxy_user
+
         if installation.organization not in request.user.get_orgs():
             raise Http404
 

src/sentry/api/endpoints/sentry_app_installation_details.py

@@ -4,7 +4,8 @@
 
 from sentry.api.bases import SentryAppInstallationBaseEndpoint
 from sentry.api.serializers import serialize
-from sentry.mediators.sentry_app_installations import Destroyer
+from sentry.mediators.sentry_app_installations import Destroyer, Updater
+from sentry.api.serializers.rest_framework import SentryAppInstallationSerializer
 
 
 class SentryAppInstallationDetailsEndpoint(SentryAppInstallationBaseEndpoint):
@@ -19,3 +20,22 @@ def delete(self, request, installation):
             request=request,
         )
         return Response(status=204)
+
+    def put(self, request, installation):
+        serializer = SentryAppInstallationSerializer(
+            installation,
+            data=request.data,
+            partial=True,
+        )
+
+        if serializer.is_valid():
+            result = serializer.validated_data
+
+            updated_installation = Updater.run(
+                user=request.user,
+                sentry_app_installation=installation,
+                status=result.get('status'),
+            )
+
+            return Response(serialize(updated_installation, request.user))
+        return Response(serializer.errors, status=400)

src/sentry/api/endpoints/user_details.py

@@ -86,19 +86,22 @@ def validate(self, attrs):
         return super(UserSerializer, self).validate(attrs)
 
 
-class AdminUserSerializer(BaseUserSerializer):
+class SuperuserUserSerializer(BaseUserSerializer):
     isActive = serializers.BooleanField(source='is_active')
+    isStaff = serializers.BooleanField(source='is_staff')
+    isSuperuser = serializers.BooleanField(source='is_superuser')
 
     class Meta:
         model = User
         # no idea wtf is up with django rest framework, but we need is_active
         # and isActive
-        fields = ('name', 'username', 'isActive')
+        fields = ('name', 'username', 'isActive', 'isStaff', 'isSuperuser')
         # write_only_fields = ('password',)
 
 
-class OrganizationsSerializer(serializers.Serializer):
+class DeleteUserSerializer(serializers.Serializer):
     organizations = ListField(child=serializers.CharField(required=False), required=True)
+    hardDelete = serializers.BooleanField(required=False)
 
 
 class UserDetailsEndpoint(UserEndpoint):
@@ -130,12 +133,13 @@ def put(self, request, user):
         """
 
         if is_active_superuser(request):
-            serializer_cls = AdminUserSerializer
+            serializer_cls = SuperuserUserSerializer
         else:
             serializer_cls = UserSerializer
         serializer = serializer_cls(user, data=request.data, partial=True)
 
-        serializer_options = UserOptionsSerializer(data=request.data.get('options', {}), partial=True)
+        serializer_options = UserOptionsSerializer(
+            data=request.data.get('options', {}), partial=True)
 
         # This serializer should NOT include privileged fields e.g. password
         if not serializer.is_valid() or not serializer_options.is_valid():
@@ -170,11 +174,12 @@ def delete(self, request, user):
 
         Also removes organizations if they are an owner
         :pparam string user_id: user id
+        :param boolean hard_delete: Completely remove the user from the database (requires super user)
         :param list organizations: List of organization ids to remove
         :auth required:
         """
 
-        serializer = OrganizationsSerializer(data=request.data)
+        serializer = DeleteUserSerializer(data=request.data)
 
         if not serializer.is_valid():
             return Response(status=status.HTTP_400_BAD_REQUEST)
@@ -194,20 +199,13 @@ def delete(self, request, user):
             })
 
         avail_org_slugs = set([o['organization'].slug for o in org_results])
-        orgs_to_remove = set(serializer.validated_data.get('organizations')).intersection(avail_org_slugs)
+        orgs_to_remove = set(serializer.validated_data.get(
+            'organizations')).intersection(avail_org_slugs)
 
         for result in org_results:
             if result['single_owner']:
                 orgs_to_remove.add(result['organization'].slug)
 
-        delete_logger.info(
-            'user.deactivate',
-            extra={
-                'actor_id': request.user.id,
-                'ip_address': request.META['REMOTE_ADDR'],
-            }
-        )
-
         for org_slug in orgs_to_remove:
             client.delete(
                 path=u'/organizations/{}/'.format(org_slug),
@@ -221,15 +219,33 @@ def delete(self, request, user):
         if remaining_org_ids:
             OrganizationMember.objects.filter(
                 organization__in=remaining_org_ids,
-                user=request.user,
+                user=user,
             ).delete()
 
-        User.objects.filter(
-            id=request.user.id,
-        ).update(
-            is_active=False,
-        )
+        logging_data = {
+            'actor_id': request.user.id,
+            'ip_address': request.META['REMOTE_ADDR'],
+        }
+
+        hard_delete = serializer.validated_data.get('hardDelete', False)
+
+        # Only active superusers can hard delete accounts
+        if hard_delete and not is_active_superuser(request):
+            return Response(
+                {'detail': 'Only superusers may hard delete a user account'},
+                status=status.HTTP_403_FORBIDDEN)
+
+        is_current_user = request.user.id == user.id
+
+        if hard_delete:
+            user.delete()
+            delete_logger.info('user.removed', extra=logging_data)
+        else:
+            User.objects.filter(id=user.id).update(is_active=False)
+            delete_logger.info('user.deactivate', extra=logging_data)
 
-        logout(request)
+        # if the user deleted their own account log them out
+        if is_current_user:
+            logout(request)
 
         return Response(status=status.HTTP_204_NO_CONTENT)

src/sentry/api/serializers/models/sentry_app_installation.py

@@ -3,6 +3,7 @@
 
 from sentry.api.serializers import Serializer, register
 from sentry.models import SentryAppInstallation
+from sentry.constants import SentryAppInstallationStatus
 
 
 @register(SentryAppInstallation)
@@ -17,6 +18,7 @@ def serialize(self, install, attrs, user):
                 'slug': install.organization.slug,
             },
             'uuid': install.uuid,
+            'status': SentryAppInstallationStatus.as_str(install.status),
         }
 
         if install.api_grant:

src/sentry/api/serializers/models/user.py

@@ -78,6 +78,7 @@ def serialize(self, obj, attrs, user):
             'has2fa': attrs['has2fa'],
             'lastActive': obj.last_active,
             'isSuperuser': obj.is_superuser,
+            'isStaff': obj.is_staff,
         }
 
         if obj == user:

src/sentry/api/serializers/rest_framework/sentry_app_installation.py

@@ -0,0 +1,19 @@
+from __future__ import absolute_import
+
+
+from rest_framework import serializers
+from rest_framework.serializers import Serializer, ValidationError
+from sentry.constants import SentryAppInstallationStatus
+
+
+class SentryAppInstallationSerializer(Serializer):
+    status = serializers.CharField()
+
+    def validate_status(self, new_status):
+        # can only set status to installed
+        if new_status != SentryAppInstallationStatus.INSTALLED_STR:
+            raise ValidationError(
+                u"Invalid value '{}' for status. Valid values: '{}'".format(
+                    new_status, SentryAppInstallationStatus.INSTALLED_STR))
+
+        return new_status