PostHog · zlwaterfield · Feb 3, 2025 · Jan 30, 2025 · Jan 30, 2025 · Feb 3, 2025
diff --git a/ee/api/rbac/test/test_access_control.py b/ee/api/rbac/test/test_access_control.py
@@ -17,7 +17,7 @@ class BaseAccessControlTest(APILicensedTest):
     def setUp(self):
         super().setUp()
         self.organization.available_features = [
-            AvailableFeature.PROJECT_BASED_PERMISSIONING,
+            AvailableFeature.ADVANCED_PERMISSIONS,
             AvailableFeature.ROLE_BASED_ACCESS,
         ]
         self.organization.save()

diff --git a/ee/models/license.py b/ee/models/license.py
@@ -74,7 +74,6 @@ class License(models.Model):
     ENTERPRISE_FEATURES = [
         *SCALE_FEATURES,
         AvailableFeature.ADVANCED_PERMISSIONS,
-        AvailableFeature.PROJECT_BASED_PERMISSIONING,
         AvailableFeature.SAML,
         AvailableFeature.SSO_ENFORCEMENT,
         AvailableFeature.ROLE_BASED_ACCESS,

diff --git a/frontend/src/layout/navigation-3000/sidepanel/panels/access_control/AccessControlObject.tsx b/frontend/src/layout/navigation-3000/sidepanel/panels/access_control/AccessControlObject.tsx
@@ -53,7 +53,7 @@ export function AccessControlObject(props: AccessControlLogicProps): JSX.Element
                     <AccessControlObjectDefaults />
                 </div>
 
-                <PayGateMini feature={AvailableFeature.PROJECT_BASED_PERMISSIONING}>
+                <PayGateMini feature={AvailableFeature.ADVANCED_PERMISSIONS}>
                     <AccessControlObjectUsers />
                 </PayGateMini>
 
@@ -76,7 +76,7 @@ function AccessControlObjectDefaults(): JSX.Element | null {
             placeholder="Loading..."
             value={accessControlDefault?.access_level ?? undefined}
             onChange={(newValue) => {
-                guardAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING, () => {
+                guardAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS, () => {
                     updateAccessControlDefault(newValue)
                 })
             }}
@@ -189,7 +189,7 @@ function AccessControlObjectUsers(): JSX.Element | null {
                 setModelOpen={setModelOpen}
                 placeholder="Search for team members to add…"
                 onAdd={async (newValues, level) => {
-                    if (guardAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING)) {
+                    if (guardAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS)) {
                         await updateAccessControlMembers(newValues.map((member) => ({ member, level })))
                         setModelOpen(false)
                     }
@@ -302,7 +302,7 @@ function AccessControlObjectRoles(): JSX.Element | null {
                 setModelOpen={setModelOpen}
                 placeholder="Search for roles to add…"
                 onAdd={async (newValues, level) => {
-                    if (guardAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING)) {
+                    if (guardAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS)) {
                         await updateAccessControlRoles(newValues.map((role) => ({ role, level })))
                         setModelOpen(false)
                     }

diff --git a/frontend/src/mocks/fixtures/_billing.tsx b/frontend/src/mocks/fixtures/_billing.tsx
@@ -2926,14 +2926,6 @@ export const billingJson: BillingType = {
                             limit: null,
                             note: null,
                         },
-                        {
-                            key: 'project_based_permissioning',
-                            name: 'Project permissions',
-                            description: 'Restrict access to data within the organization to only those who need it.',
-                            unit: null,
-                            limit: null,
-                            note: null,
-                        },
                         {
                             key: 'role_based_access',
                             name: 'Role-based access',
@@ -3148,15 +3140,6 @@ export const billingJson: BillingType = {
                                     limit: null,
                                     note: null,
                                 },
-                                {
-                                    key: 'project_based_permissioning',
-                                    name: 'Project permissions',
-                                    description:
-                                        'Restrict access to data within the organization to only those who need it.',
-                                    unit: null,
-                                    limit: null,
-                                    note: null,
-                                },
                                 {
                                     key: 'advanced_permissions',
                                     name: 'Advanced permissions',
@@ -3299,14 +3282,6 @@ export const billingJson: BillingType = {
                             icon_key: null,
                             type: null,
                         },
-                        {
-                            key: 'project_based_permissioning',
-                            name: 'Project permissions',
-                            description: 'Restrict access to data within the organization to only those who need it.',
-                            images: null,
-                            icon_key: null,
-                            type: null,
-                        },
                         {
                             key: 'advanced_permissions',
                             name: 'Advanced permissions',
@@ -3443,14 +3418,6 @@ export const billingJson: BillingType = {
                     icon_key: null,
                     type: null,
                 },
-                {
-                    key: 'project_based_permissioning',
-                    name: 'Project permissions',
-                    description: 'Restrict access to data within the organization to only those who need it.',
-                    images: null,
-                    icon_key: null,
-                    type: null,
-                },
                 {
                     key: 'advanced_permissions',
                     name: 'Advanced permissions',

diff --git a/frontend/src/scenes/settings/environment/AddMembersModal.tsx b/frontend/src/scenes/settings/environment/AddMembersModal.tsx
@@ -28,10 +28,9 @@ export function AddMembersModalWithButton({ disabledReason }: { disabledReason:
                 type="primary"
                 data-attr="add-project-members-button"
                 onClick={() =>
-                    guardAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING, () => openAddMembersModal(), {
+                    guardAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS, () => openAddMembersModal(), {
                         isGrandfathered:
-                            !hasAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING) &&
-                            currentTeam?.access_control,
+                            !hasAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS) && currentTeam?.access_control,
                     })
                 }
                 icon={<IconPlus />}

diff --git a/frontend/src/scenes/settings/environment/TeamAccessControl.tsx b/frontend/src/scenes/settings/environment/TeamAccessControl.tsx
@@ -275,7 +275,7 @@ export function TeamAccessControl(): JSX.Element {
                 onChange={(checked) => {
                     // Let them uncheck it if it's already checked, but don't let them check it if they don't have the feature
                     checked
-                        ? guardAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING, () =>
+                        ? guardAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS, () =>
                               updateCurrentTeam({ access_control: checked })
                           )
                         : updateCurrentTeam({ access_control: checked })

diff --git a/frontend/src/scenes/settings/environment/teamMembersLogic.tsx b/frontend/src/scenes/settings/environment/teamMembersLogic.tsx
@@ -86,10 +86,7 @@ export const teamMembersLogic = kea<teamMembersLogicType>([
             ],
             // Explicit project members joined with organization admins and owner (who get project access by default)
             (currentTeam, hasAvailableFeature, explicitMembers, organizationMembers): FusedTeamMemberType[] => {
-                if (
-                    !currentTeam?.access_control ||
-                    !hasAvailableFeature(AvailableFeature.PROJECT_BASED_PERMISSIONING)
-                ) {
+                if (!currentTeam?.access_control || !hasAvailableFeature(AvailableFeature.ADVANCED_PERMISSIONS)) {
                     return (organizationMembers ?? []).map(
                         (member) =>
                             ({

diff --git a/frontend/src/types.ts b/frontend/src/types.ts
@@ -106,7 +106,6 @@ export enum AvailableFeature {
     ORGANIZATIONS_PROJECTS = 'organizations_projects',
     ROLE_BASED_ACCESS = 'role_based_access',
     SOCIAL_SSO = 'social_sso',
-    PROJECT_BASED_PERMISSIONING = 'project_based_permissioning',
     SAML = 'saml',
     SSO_ENFORCEMENT = 'sso_enforcement',
     WHITE_LABELLING = 'white_labelling',

diff --git a/posthog/api/test/dashboards/test_dashboard.py b/posthog/api/test/dashboards/test_dashboard.py
@@ -64,10 +64,9 @@ def setUp(self) -> None:
                 "name": AvailableFeature.TAGGING,
             },
             {
-                "key": AvailableFeature.PROJECT_BASED_PERMISSIONING,
-                "name": AvailableFeature.PROJECT_BASED_PERMISSIONING,
+                "key": AvailableFeature.ADVANCED_PERMISSIONS,
+                "name": AvailableFeature.ADVANCED_PERMISSIONS,
             },
-            {"key": AvailableFeature.ADVANCED_PERMISSIONS, "name": AvailableFeature.ADVANCED_PERMISSIONS},
         ]
 
         self.organization.save()

diff --git a/posthog/api/test/test_signup.py b/posthog/api/test/test_signup.py
@@ -1144,7 +1144,7 @@ def test_api_invite_sign_up_where_there_are_no_default_non_private_projects(self
         )
 
         self.organization.available_product_features = [
-            {"key": AvailableFeature.PROJECT_BASED_PERMISSIONING, "name": AvailableFeature.PROJECT_BASED_PERMISSIONING}
+            {"key": AvailableFeature.ADVANCED_PERMISSIONS, "name": AvailableFeature.ADVANCED_PERMISSIONS}
         ]
         self.organization.save()
         self.team.access_control = True
@@ -1187,7 +1187,7 @@ def test_api_invite_sign_up_where_default_project_is_private(self):
     def test_api_invite_signup_invite_has_private_project_access(self):
         self.client.logout()
         self.organization.available_product_features = [
-            {"key": AvailableFeature.PROJECT_BASED_PERMISSIONING, "name": AvailableFeature.PROJECT_BASED_PERMISSIONING}
+            {"key": AvailableFeature.ADVANCED_PERMISSIONS, "name": AvailableFeature.ADVANCED_PERMISSIONS}
         ]
         self.organization.save()
         private_project = Team.objects.create(
@@ -1220,7 +1220,7 @@ def test_api_invite_signup_invite_has_private_project_access(self):
     def test_api_invite_signup_private_project_access_team_no_longer_exists(self):
         self.client.logout()
         self.organization.available_product_features = [
-            {"key": AvailableFeature.PROJECT_BASED_PERMISSIONING, "name": AvailableFeature.PROJECT_BASED_PERMISSIONING}
+            {"key": AvailableFeature.ADVANCED_PERMISSIONS, "name": AvailableFeature.ADVANCED_PERMISSIONS}
         ]
         self.organization.save()
         private_project = Team.objects.create(

diff --git a/posthog/constants.py b/posthog/constants.py
@@ -12,7 +12,6 @@
 class AvailableFeature(StrEnum):
     ZAPIER = "zapier"
     ORGANIZATIONS_PROJECTS = "organizations_projects"
-    PROJECT_BASED_PERMISSIONING = "project_based_permissioning"
     SOCIAL_SSO = "social_sso"
     SAML = "saml"
     SSO_ENFORCEMENT = "sso_enforcement"

diff --git a/posthog/models/user.py b/posthog/models/user.py
@@ -204,7 +204,7 @@ def teams(self):
         )
         if org_available_product_features and len(org_available_product_features) > 0:
             org_available_product_feature_keys = [feature["key"] for feature in org_available_product_features]
-            if AvailableFeature.PROJECT_BASED_PERMISSIONING in org_available_product_feature_keys:
+            if AvailableFeature.ADVANCED_PERMISSIONS in org_available_product_feature_keys:
                 try:
                     from ee.models import ExplicitTeamMembership
                 except ImportError:
@@ -257,7 +257,7 @@ def join(
                 feature["key"] for feature in organization.available_product_features or []
             ]
             if (
-                AvailableFeature.PROJECT_BASED_PERMISSIONING not in available_product_feature_keys
+                AvailableFeature.ADVANCED_PERMISSIONS not in available_product_feature_keys
                 or level >= OrganizationMembership.Level.ADMIN
             ):
                 # If project access control is NOT applicable, simply prefer open projects just in case

diff --git a/posthog/rbac/test/test_user_access_control.py b/posthog/rbac/test/test_user_access_control.py
@@ -39,8 +39,8 @@ def setUp(self):
         super().setUp()
         self.organization.available_product_features = [
             {
-                "key": AvailableFeature.PROJECT_BASED_PERMISSIONING,
-                "name": AvailableFeature.PROJECT_BASED_PERMISSIONING,
+                "key": AvailableFeature.ADVANCED_PERMISSIONS,
+                "name": AvailableFeature.ADVANCED_PERMISSIONS,
             },
             {
                 "key": AvailableFeature.ROLE_BASED_ACCESS,
@@ -524,7 +524,6 @@ def test_ac_object_default_response(self):
 # class TestUserPermissionsEfficiency(BaseTest, WithPermissionsBase):
 #     def test_dashboard_efficiency(self):
 #         self.organization.available_product_features = [
-#             {"key": AvailableFeature.PROJECT_BASED_PERMISSIONING, "name": AvailableFeature.PROJECT_BASED_PERMISSIONING},
 #             {"key": AvailableFeature.ADVANCED_PERMISSIONS, "name": AvailableFeature.ADVANCED_PERMISSIONS},
 #         ]
 #         self.organization.save()
@@ -565,7 +564,7 @@ def test_ac_object_default_response(self):
 #             membership.save()  # type: ignore
 
 #             organization.available_product_features = [
-#                 {"key": AvailableFeature.PROJECT_BASED_PERMISSIONING, "name": AvailableFeature.PROJECT_BASED_PERMISSIONING},
+#                 {"key": AvailableFeature.ADVANCED_PERMISSIONS, "name": AvailableFeature.ADVANCED_PERMISSIONS},
 #             ]
 #             organization.save()
 

diff --git a/posthog/rbac/user_access_control.py b/posthog/rbac/user_access_control.py
@@ -142,16 +142,10 @@ def rbac_supported(self) -> bool:
 
     @property
     def access_controls_supported(self) -> bool:
-        # NOTE: This is a proxy feature. We may want to consider making it explicit later
-        # ADVANCED_PERMISSIONS was only for dashboard collaborators, PROJECT_BASED_PERMISSIONING for project permissions
-        # both now apply to this generic access control
-
         if not self._organization:
             return False
 
-        return self._organization.is_feature_available(
-            AvailableFeature.PROJECT_BASED_PERMISSIONING
-        ) or self._organization.is_feature_available(AvailableFeature.ADVANCED_PERMISSIONS)
+        return self._organization.is_feature_available(AvailableFeature.ADVANCED_PERMISSIONS)
 
     def _filter_options(self, filters: dict[str, Any]) -> Q:
         """

diff --git a/posthog/test/test_user_permissions.py b/posthog/test/test_user_permissions.py
@@ -24,8 +24,8 @@ def setUp(self):
         super().setUp()
         self.organization.available_product_features = [
             {
-                "name": AvailableFeature.PROJECT_BASED_PERMISSIONING,
-                "key": AvailableFeature.PROJECT_BASED_PERMISSIONING,
+                "name": AvailableFeature.ADVANCED_PERMISSIONS,
+                "key": AvailableFeature.ADVANCED_PERMISSIONS,
             }
         ]
         self.organization.save()
@@ -313,7 +313,6 @@ def test_effective_privilege_level_with_no_dashboards(self):
 class TestUserPermissionsEfficiency(BaseTest, WithPermissionsBase):
     def test_dashboard_efficiency(self):
         self.organization.available_product_features = [
-            {"name": AvailableFeature.PROJECT_BASED_PERMISSIONING, "key": AvailableFeature.PROJECT_BASED_PERMISSIONING},
             {"name": AvailableFeature.ADVANCED_PERMISSIONS, "key": AvailableFeature.ADVANCED_PERMISSIONS},
         ]
         self.organization.save()
@@ -355,8 +354,8 @@ def test_team_lookup_efficiency(self):
 
             organization.available_product_features = [
                 {
-                    "key": AvailableFeature.PROJECT_BASED_PERMISSIONING,
-                    "name": AvailableFeature.PROJECT_BASED_PERMISSIONING,
+                    "key": AvailableFeature.ADVANCED_PERMISSIONS,
+                    "name": AvailableFeature.ADVANCED_PERMISSIONS,
                 }
             ]
             organization.save()

diff --git a/posthog/user_permissions.py b/posthog/user_permissions.py
@@ -169,10 +169,7 @@ def effective_membership_level_for_parent_membership(
         if organization is None or organization_membership is None:
             return None
 
-        if (
-            not organization.is_feature_available(AvailableFeature.PROJECT_BASED_PERMISSIONING)
-            or not self.team.access_control
-        ):
+        if not organization.is_feature_available(AvailableFeature.ADVANCED_PERMISSIONS) or not self.team.access_control:
             return organization_membership.level
 
         explicit_membership_level = self.p.explicit_team_memberships.get(self.team.id)