Context

sentry-cli authenticates with org auth tokens that have the org:ci scope. The existing OrganizationIntegrationsLoosePermission does not include org:ci for POST, so the CLI would be denied when creating code mappings.

What

Create a new OrganizationCodeMappingsBulkPermission class in src/sentry/api/bases/organization.py (after line ~165) that extends OrganizationPermission and adds org:ci to the POST scope map.

This follows the precedent of OrganizationReleasePermission (line 140) which already includes org:ci for POST.

class OrganizationCodeMappingsBulkPermission(OrganizationPermission):
    scope_map = {
        "GET": ["org:read", "org:write", "org:admin", "org:integrations", "org:ci"],
        "POST": ["org:read", "org:write", "org:admin", "org:integrations", "org:ci"],
        "PUT": ["org:read", "org:write", "org:admin", "org:integrations"],
        "DELETE": ["org:admin", "org:integrations"],
    }

Files

• src/sentry/api/bases/organization.py