Skip to content

fix(projects): validate organisation query param is numeric#7486

Open
SAY-5 wants to merge 1 commit into
Flagsmith:mainfrom
SAY-5:fix/projects-non-numeric-org-7426
Open

fix(projects): validate organisation query param is numeric#7486
SAY-5 wants to merge 1 commit into
Flagsmith:mainfrom
SAY-5:fix/projects-non-numeric-org-7426

Conversation

@SAY-5
Copy link
Copy Markdown

@SAY-5 SAY-5 commented May 12, 2026

Thanks for submitting a PR! Please check the boxes below:

  • I have read the Contributing Guide.
  • I have added information to `docs/` if required so people know about the feature.
  • I have filled in the "Changes" section below.
  • I have filled in the "How did you test this code" section below.

Changes

Closes #7426

`ProjectViewSet.get_queryset` passed the raw `?organisation=` query string straight into `queryset.filter(organisation__id=...)`. A non-numeric value bubbled up as an unhandled `ValueError` from `IntegerField.get_prep_value`, producing a 500 in Sentry (FLAGSMITH-API-5NT).

Validate the parameter is an integer and raise DRF `ValidationError` (400) otherwise. Mirrors the same pattern used elsewhere in the codebase.

How did you test this code?

Added `test_list_projects__non_numeric_organisation__returns_400` to `test_unit_projects_views.py` covering the exact Sentry repro string.

@SAY-5
fix(projects): validate organisation query param is numeric
e7ece71 
Closes Flagsmith#7426

Signed-off-by: SAY-5 <say.apm35@gmail.com>
@SAY-5 SAY-5 requested a review from a team as a code owner May 12, 2026 04:35
@SAY-5 SAY-5 requested review from emyller and removed request for a team May 12, 2026 04:35
claude[bot]
claude Bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 12, 2026

@SAY-5 is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added the api Issue related to the REST API label May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@emyller emyller Awaiting requested review from emyller emyller is a code owner automatically assigned from Flagsmith/flagsmith-back-end

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

api Issue related to the REST API

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

API crash on /api/v1/projects/ with non-numeric organisation query parameter

1 participant

@SAY-5