getsentry
diff --git a/‎.github/file-filters.yml
Lines changed: 1 addition & 1 deletion b/‎.github/file-filters.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎migrations_lockfile.txt
Lines changed: 2 additions & 2 deletions b/‎migrations_lockfile.txt
Lines changed: 2 additions & 2 deletions
diff --git a/‎pyproject.toml
Lines changed: 0 additions & 1 deletion b/‎pyproject.toml
Lines changed: 0 additions & 1 deletion
diff --git a/‎requirements-dev-frozen.txt
Lines changed: 1 addition & 0 deletions b/‎requirements-dev-frozen.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎requirements-dev.txt
Lines changed: 1 addition & 0 deletions b/‎requirements-dev.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/sentry/api/urls.py
Lines changed: 18 additions & 18 deletions b/‎src/sentry/api/urls.py
Lines changed: 18 additions & 18 deletions
diff --git a/‎src/sentry/codecov/endpoints/TestResults/test_results.py
Lines changed: 6 additions & 3 deletions b/‎src/sentry/codecov/endpoints/TestResults/test_results.py
Lines changed: 6 additions & 3 deletions
diff --git a/‎src/sentry/codecov/endpoints/TestResultsAggregates/test_results_aggregates.py
Lines changed: 6 additions & 3 deletions b/‎src/sentry/codecov/endpoints/TestResultsAggregates/test_results_aggregates.py
Lines changed: 6 additions & 3 deletions
diff --git a/‎src/sentry/data_secrecy/data_access_grant_service/__init__.py b/‎src/sentry/data_secrecy/data_access_grant_service/__init__.py
diff --git a/‎src/sentry/data_secrecy/data_access_grant_service/impl.py
Lines changed: 35 additions & 0 deletions b/‎src/sentry/data_secrecy/data_access_grant_service/impl.py
Lines changed: 35 additions & 0 deletions
@@ -31,7 +31,7 @@ typecheckable_rules_changed: &typecheckable_rules_changed
 # Trigger to apply the 'Scope: Frontend' label to PRs
 frontend_all: &frontend_all
   - added|modified: '**/*.{ts,tsx,js,jsx,mjs}'
-  - added|modified: 'static/**/*.{less,json,yml,md}'
+  - added|modified: 'static/**/*.{less,json,yml,md,mdx}'
   - added|modified: '{.volta,vercel,tsconfig,biome,package}.json'
 
 # Also used in `getsentry-dispatch.yml` to dispatch backend tests on getsentry
 
@@ -5,9 +5,9 @@ ahead of you.
 To resolve this, rebase against latest master and regenerate your migration. This file
 will then be regenerated, and you should be able to merge without conflicts.
 
-discover: 0001_move_discover_models
+discover: 0002_link_migrated_explore_query_in_discover
 
-explore: 0005_explore_django_json_field
+explore: 0006_add_changed_reason_field_explore
 
 feedback: 0001_squashed_0004_index_together
 
 
@@ -88,7 +88,6 @@ module = [
     "confluent_kafka.*",
     "cssselect.*",
     "django_zero_downtime_migrations.backends.postgres.schema.*",
-    "docker.*",
     "fido2.*",
     "google.auth.*",
     "google.cloud.*",
 
@@ -217,6 +217,7 @@ trio==0.25.0
 trio-websocket==0.11.1
 types-beautifulsoup4==4.11.6
 types-cachetools==5.3.0.5
+types-docker==7.1.0.20250705
 types-jsonschema==4.16.1
 types-oauthlib==3.2.0.8
 types-parsimonious==0.10.0.8
 
@@ -46,6 +46,7 @@ msgpack-types>=0.2.0
 mypy>=1.15
 types-beautifulsoup4
 types-cachetools
+types-docker
 types-jsonschema
 types-oauthlib
 types-parsimonious
 
@@ -1054,6 +1054,20 @@ def create_group_urls(name_prefix: str) -> list[URLPattern | URLResolver]:
     ),
 ]
 
+PREVENT_URLS = [
+    re_path(
+        r"^owner/(?P<owner>[^/]+)/repository/(?P<repository>[^/]+)/test-results/$",
+        TestResultsEndpoint.as_view(),
+        name="sentry-api-0-test-results",
+    ),
+    re_path(
+        r"^owner/(?P<owner>[^/]+)/repository/(?P<repository>[^/]+)/test-results-aggregates/$",
+        TestResultsAggregatesEndpoint.as_view(),
+        name="sentry-api-0-test-results-aggregates",
+    ),
+]
+
+
 USER_URLS = [
     re_path(
         r"^$",
@@ -2395,6 +2409,10 @@ def create_group_urls(name_prefix: str) -> list[URLPattern | URLResolver]:
         OrganizationInsightsTreeEndpoint.as_view(),
         name="sentry-api-0-organization-insights-tree",
     ),
+    re_path(
+        r"^(?P<organization_id_or_slug>[^/]+)/prevent/",
+        include(PREVENT_URLS),
+    ),
     *workflow_urls.organization_urlpatterns,
 ]
 
@@ -3296,19 +3314,6 @@ def create_group_urls(name_prefix: str) -> list[URLPattern | URLResolver]:
     *preprod_urls.preprod_internal_urlpatterns,
 ]
 
-PREVENT_URLS = [
-    re_path(
-        r"^owner/(?P<owner>[^/]+)/repository/(?P<repository>[^/]+)/test-results/$",
-        TestResultsEndpoint.as_view(),
-        name="sentry-api-0-test-results",
-    ),
-    re_path(
-        r"^owner/(?P<owner>[^/]+)/repository/(?P<repository>[^/]+)/test-results-aggregates/$",
-        TestResultsAggregatesEndpoint.as_view(),
-        name="sentry-api-0-test-results-aggregates",
-    ),
-]
-
 urlpatterns = [
     # Relay
     re_path(
@@ -3374,11 +3379,6 @@ def create_group_urls(name_prefix: str) -> list[URLPattern | URLResolver]:
         r"^broadcasts/",
         include(BROADCAST_URLS),
     ),
-    # Prevent
-    re_path(
-        r"^prevent/",
-        include(PREVENT_URLS),
-    ),
     #
     #
     #
 
@@ -7,7 +7,7 @@
 from sentry.api.api_publish_status import ApiPublishStatus
 from sentry.api.base import region_silo_endpoint
 from sentry.apidocs.constants import RESPONSE_BAD_REQUEST, RESPONSE_FORBIDDEN, RESPONSE_NOT_FOUND
-from sentry.apidocs.parameters import PreventParams
+from sentry.apidocs.parameters import GlobalParams, PreventParams
 from sentry.codecov.base import CodecovEndpoint
 from sentry.codecov.client import CodecovApiClient
 from sentry.codecov.endpoints.TestResults.query import query
@@ -29,8 +29,9 @@ def has_pagination(self, response):
         return True
 
     @extend_schema(
-        operation_id="Retrieve paginated list of test results for repository and owner",
+        operation_id="Retrieve paginated list of test results for repository, owner, and organization",
         parameters=[
+            GlobalParams.ORG_ID_OR_SLUG,
             PreventParams.OWNER,
             PreventParams.REPOSITORY,
             PreventParams.TEST_RESULTS_SORT_BY,
@@ -49,7 +50,9 @@ def has_pagination(self, response):
             404: RESPONSE_NOT_FOUND,
         },
     )
-    def get(self, request: Request, owner: str, repository: str, **kwargs) -> Response:
+    def get(
+        self, request: Request, organization_id_or_slug: str, owner: str, repository: str, **kwargs
+    ) -> Response:
         """Retrieves the list of test results for a given repository and owner. Also accepts a number of query parameters to filter the results."""
 
         sort_by = request.query_params.get(
 
@@ -6,7 +6,7 @@
 from sentry.api.api_publish_status import ApiPublishStatus
 from sentry.api.base import region_silo_endpoint
 from sentry.apidocs.constants import RESPONSE_BAD_REQUEST, RESPONSE_FORBIDDEN, RESPONSE_NOT_FOUND
-from sentry.apidocs.parameters import PreventParams
+from sentry.apidocs.parameters import GlobalParams, PreventParams
 from sentry.codecov.base import CodecovEndpoint
 from sentry.codecov.client import CodecovApiClient
 from sentry.codecov.endpoints.TestResultsAggregates.query import query
@@ -27,8 +27,9 @@ class TestResultsAggregatesEndpoint(CodecovEndpoint):
     }
 
     @extend_schema(
-        operation_id="Retrieve aggregated test result metrics for repository and owner",
+        operation_id="Retrieve aggregated test result metrics for repository, owner, and organization",
         parameters=[
+            GlobalParams.ORG_ID_OR_SLUG,
             PreventParams.OWNER,
             PreventParams.REPOSITORY,
             PreventParams.INTERVAL,
@@ -41,7 +42,9 @@ class TestResultsAggregatesEndpoint(CodecovEndpoint):
             404: RESPONSE_NOT_FOUND,
         },
     )
-    def get(self, request: Request, owner: str, repository: str, **kwargs) -> Response:
+    def get(
+        self, request: Request, organization_id_or_slug: str, owner: str, repository: str, **kwargs
+    ) -> Response:
         """
         Retrieves aggregated test result metrics for a given repository and owner.
         Also accepts a query parameter to specify the time period for the metrics.
 
@@ -0,0 +1,35 @@
+from django.db import models
+from django.utils import timezone
+
+from sentry.data_secrecy.data_access_grant_service.model import RpcEffectiveGrantStatus
+from sentry.data_secrecy.data_access_grant_service.serial import serialize_effective_grant_status
+from sentry.data_secrecy.data_access_grant_service.service import DataAccessGrantService
+from sentry.data_secrecy.models.data_access_grant import DataAccessGrant
+
+
+class DatabaseBackedDataAccessGrantService(DataAccessGrantService):
+    def get_effective_grant_status(self, *, organization_id: int) -> RpcEffectiveGrantStatus | None:
+        """
+        Get the effective grant status for an organization.
+        """
+        now = timezone.now()
+        active_grants = DataAccessGrant.objects.filter(
+            organization_id=organization_id,
+            grant_start__lte=now,
+            grant_end__gt=now,
+            revocation_date__isnull=True,  # Not revoked
+        )
+
+        if not active_grants.exists():
+            return None
+
+        # Calculate aggregate grant status - only need the time window for access control
+        min_start = active_grants.aggregate(min_start=models.Min("grant_start"))["min_start"]
+        max_end = active_grants.aggregate(max_end=models.Max("grant_end"))["max_end"]
+
+        grant_status = {
+            "access_start": min_start.isoformat(),
+            "access_end": max_end.isoformat(),
+        }
+
+        return serialize_effective_grant_status(grant_status, organization_id)