feat(prevent): send consent URL when no-consent

giovanni-guidini · giovanni-guidini · commit 91cab2c3a7e1 · 2025-09-01T14:51:22.000+02:00
ticket: prevent-275

There are some assumptions in these changes:
1. The URL for the settings of an org depends on the `sentry_org.slug`.
2. `github_org_name` is not necessarily the same as `sentry_org.slug`
3. Constructing such URL is non-trivial without the base URL for the Sentry instance
4. It's OK to return _any_ of the valid sentry orgs for a prevent-AI request

So based on those assumptions these changes include the URL for the org settings such that we can slap that URL in the "no consent given" message - that appears if you request `@sentry review` in a PR without giving the consent.
We want this to add a clearer Call To Action in that message, making it more useful
diff --git a/src/sentry/seer/endpoints/seer_rpc.py b/src/sentry/seer/endpoints/seer_rpc.py
@@ -279,20 +279,25 @@ def get_organization_autofix_consent(*, org_id: int) -> dict:
 # Used by the seer GH app to check for permissions before posting to an org
 def get_organization_seer_consent_by_org_name(
     *, org_name: str, provider: str = "github"
-) -> dict[str, bool]:
+) -> dict[str, bool | str | None]:
     org_integrations = integration_service.get_organization_integrations(
         providers=[provider], name=org_name
     )
 
+    # The URL where an org admin can enable Prevent-AI features
+    # Only returned if the org is not already consented
+    consent_url = None
     for org_integration in org_integrations:
         try:
             org = Organization.objects.get(id=org_integration.organization_id)
             if _can_use_prevent_ai_features(org):
                 return {"consent": True}
+            # If this is the last org we will return this URL as the consent URL
+            consent_url = org.absolute_url("/settings/organization/")
         except Organization.DoesNotExist:
             continue
 
-    return {"consent": False}
+    return {"consent": False, "consent_url": consent_url}
 
 
 def get_attribute_names(*, org_id: int, project_ids: list[int], stats_period: str) -> dict:
diff --git a/tests/sentry/seer/endpoints/test_seer_rpc.py b/tests/sentry/seer/endpoints/test_seer_rpc.py
@@ -71,7 +71,7 @@ def test_get_organization_seer_consent_by_org_name_no_integrations(self) -> None
         """Test when no organization integrations are found"""
         # Test with a non-existent organization name
         result = get_organization_seer_consent_by_org_name(org_name="non-existent-org")
-        assert result == {"consent": False}
+        assert result == {"consent": False, "consent_url": None}
 
     def test_get_organization_seer_consent_by_org_name_no_consent(self) -> None:
         """Test when organization exists but has no consent"""
@@ -89,7 +89,10 @@ def test_get_organization_seer_consent_by_org_name_no_consent(self) -> None:
 
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": self.organization.absolute_url("/settings/organization/"),
+        }
 
     def test_get_organization_seer_consent_by_org_name_with_default_pr_review_enabled(self) -> None:
         """Test when organization has seer acknowledgement"""
@@ -103,7 +106,10 @@ def test_get_organization_seer_consent_by_org_name_with_default_pr_review_enable
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
         # Should return True since PR review is enabled by default
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": self.organization.absolute_url("/settings/organization/"),
+        }
 
     def test_get_organization_seer_consent_by_org_name_multiple_orgs_one_with_consent(self) -> None:
         """Test when multiple organizations exist, one with consent"""
@@ -158,7 +164,10 @@ def test_get_organization_seer_consent_by_org_name_with_hide_ai_features_enabled
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
         # Should return False because hide_ai_features=True makes this org not contribute consent
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": self.organization.absolute_url("/settings/organization/"),
+        }
 
     def test_get_organization_seer_consent_by_org_name_with_hide_ai_features_disabled(
         self,
@@ -174,11 +183,13 @@ def test_get_organization_seer_consent_by_org_name_with_hide_ai_features_disable
         # Explicitly disable hide_ai_features
         OrganizationOption.objects.set_value(self.organization, "sentry:hide_ai_features", False)
 
-        # PR review is enabled by default, so (NOT hide_ai_features AND pr_review_enabled) = True
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
         # Should return False because hide_ai_features=False and PR review is disabled by default
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": self.organization.absolute_url("/settings/organization/"),
+        }
 
     def test_get_organization_seer_consent_by_org_name_multiple_orgs_with_hide_ai_features(
         self,
@@ -210,14 +221,17 @@ def test_get_organization_seer_consent_by_org_name_multiple_orgs_with_hide_ai_fe
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
         # Should return False because second org has (NOT hide_ai_features AND pr_review_enabled) = False
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": org_with_visible_ai.absolute_url("/settings/organization/"),
+        }
 
     def test_get_organization_seer_consent_by_org_name_multiple_orgs_all_hide_ai_features(
         self,
     ):
         """Test multiple orgs where all have hide_ai_features=True"""
-        org1 = self.create_organization(owner=self.user)
-        org2 = self.create_organization(owner=self.user)
+        org1 = self.create_organization(owner=self.user, slug="test-org")
+        org2 = self.create_organization(owner=self.user, slug="test-org")
 
         # Create integrations for both organizations with the same name
         self.create_integration(
@@ -240,7 +254,10 @@ def test_get_organization_seer_consent_by_org_name_multiple_orgs_all_hide_ai_fea
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
         # Should return False because no org can contribute consent (all have hide_ai_features=True)
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": org2.absolute_url("/settings/organization/"),
+        }
 
     def test_get_organization_seer_consent_by_org_name_hide_ai_false_pr_review_false(
         self,
@@ -262,7 +279,10 @@ def test_get_organization_seer_consent_by_org_name_hide_ai_false_pr_review_false
         result = get_organization_seer_consent_by_org_name(org_name="test-org")
 
         # Should return False because even though hide_ai_features=False, pr_review_enabled=False
-        assert result == {"consent": False}
+        assert result == {
+            "consent": False,
+            "consent_url": self.organization.absolute_url("/settings/organization/"),
+        }
 
     @responses.activate
     @override_settings(SEER_GHE_ENCRYPT_KEY=TEST_FERNET_KEY)
