fix(api): handle invalid project IDs when creating environments

[MartinLam12]

Thanks for submitting a PR! Please check the boxes below:

• I have read the Contributing Guide.
• I have added information to docs/ if required so people know about the feature.
• I have filled in the "Changes" section below.
• I have filled in the "How did you test this code" section below.

Changes

Contributes to

Please describe.
Handle invalid project values in POST /api/v1/environments/ by catching ValueError and TypeError in EnvironmentPermissions.has_permission(). Previously, passing a non-integer value (e.g., "") caused an unhandled ValueError resulting in a 500 error. The permission check now returns False for invalid project IDs, returning a 403 instead of a 500

How did you test this code?

Please describe.

Added two unit tests in test_unit_environments_permissions.py: test_create_environment__invalid_project_id_string__returns_false — verifies a non-numeric string project ID returns False test_create_environment__none_project_id__returns_false — verifies a missing/null project ID returns False

[vercel]

@MartinLam12 is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Free Tier Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[matthewelwell]

Hi @MartinLam12 , thanks for the contribution. Could you please update the PR title as per this failing CI check, and also resolve the comment review from Cursor?

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs	Ignored	Preview	Mar 9, 2026 11:54am
flagsmith-frontend-preview	Ignored	Preview	Mar 9, 2026 11:54am
flagsmith-frontend-staging	Ignored	Preview	Mar 9, 2026 11:54am

[MartinLam12]

I updated the PR title and also resolved the comment review from Cursor.

[MartinLam12]

@matthewelwell Hello, can you take another look? Thanks

[matthewelwell]

Added one small additional comment, but looks good otherwise.

[matthewelwell]

Suggested change

# created additional tests to cover edge cases around project ID validation in environment creation

I appreciate the description here, but this comment should not live in the code. It is commentary around the PR, not the code necessarily. This type of commentary should be included in the PR description and/or a comment from a self-review, we don't want it to live permanently in the code.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.24%. Comparing base (ffa171d) to head (f8bb034).
⚠️ Report is 38 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6874      +/-   ##
==========================================
- Coverage   98.31%   98.24%   -0.08%     
==========================================
  Files        1335     1335              
  Lines       49730    49617     -113     
==========================================
- Hits        48892    48746     -146     
- Misses        838      871      +33     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.