From 977f79c79266e2bb798f4a1f7feb259d7154bdd5 Mon Sep 17 00:00:00 2001
From: Martin Lam <martinlam16061@gmail.com>
Date: Sat, 7 Mar 2026 14:54:44 -0800
Subject: [PATCH 1/4] Handle invalid project ID values

---
 api/environments/permissions/permissions.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/environments/permissions/permissions.py b/api/environments/permissions/permissions.py
index 374adfbc5113..6005a062306f 100644
--- a/api/environments/permissions/permissions.py
+++ b/api/environments/permissions/permissions.py
@@ -40,7 +40,8 @@ def has_permission(self, request, view):  # type: ignore[no-untyped-def]
                 project_lookup = Q(id=project_id)
                 project = Project.objects.get(project_lookup)
                 return request.user.has_project_permission(CREATE_ENVIRONMENT, project)
-            except Project.DoesNotExist:
+            # We catch ValueError and TypeError here to resolve previous issues with invalid project IDs
+            except (Project.DoesNotExist, ValueError, TypeError):
                 return False
 
         # return true as all users can list and obj permissions will be handled later

From 1bee1ad3660726335384e88b8ea148f9c4d80ba7 Mon Sep 17 00:00:00 2001
From: Martin Lam <martinlam16061@gmail.com>
Date: Sat, 7 Mar 2026 20:33:30 -0800
Subject: [PATCH 2/4] created test cases for invaild project input

---
 .../test_unit_environments_permissions.py     | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/api/tests/unit/environments/permissions/test_unit_environments_permissions.py b/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
index 6da157661ceb..81a31dc87348 100644
--- a/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
+++ b/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
@@ -145,6 +145,39 @@ def test_project_user_without_create_environment_permission_cannot_create_enviro
     # Then
     assert result is False
 
+# created additional tests to cover edge cases around project ID validation in environment creation
+# 3/7/26
+def test_create_environment__invalid_project_id_string__returns_false(
+    admin_user: FFAdminUser,
+) -> None:
+    # Given
+    mock_view.action = "create"
+    mock_view.detail = False
+    mock_request.user = admin_user
+    mock_request.data = {"project": "not-a-valid-id", "name": "Test environment"}
+
+    # When
+    result = environment_permissions.has_permission(mock_request, mock_view)  # type: ignore[no-untyped-call]
+
+    # Then
+    assert result is False
+
+
+def test_create_environment__none_project_id__returns_false(
+    admin_user: FFAdminUser,
+) -> None:
+    # Given
+    mock_view.action = "create"
+    mock_view.detail = False
+    mock_request.user = admin_user
+    mock_request.data = {"name": "Test environment"}
+
+    # When
+    result = environment_permissions.has_permission(mock_request, mock_view)  # type: ignore[no-untyped-call]
+
+    # Then
+    assert result is False
+
 
 def test_all_users_can_list_environments_for_project(
     staff_user: FFAdminUser,

From 99c1e38713372b18e10b1b14ada4059ebffcf4da Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Sun, 8 Mar 2026 04:42:50 +0000
Subject: [PATCH 3/4] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 .../permissions/test_unit_environments_permissions.py            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/tests/unit/environments/permissions/test_unit_environments_permissions.py b/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
index 81a31dc87348..d6c6eccab206 100644
--- a/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
+++ b/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
@@ -145,6 +145,7 @@ def test_project_user_without_create_environment_permission_cannot_create_enviro
     # Then
     assert result is False
 
+
 # created additional tests to cover edge cases around project ID validation in environment creation
 # 3/7/26
 def test_create_environment__invalid_project_id_string__returns_false(

From 532fdbb88a5c954af97f4b52260e11dcdeca5fe3 Mon Sep 17 00:00:00 2001
From: Martin Lam <martinlam16061@gmail.com>
Date: Fri, 13 Mar 2026 01:25:34 -0700
Subject: [PATCH 4/4] fix(api): handle invalid project IDs when creating
 environments

---
 .../permissions/test_unit_environments_permissions.py            | 1 -
 1 file changed, 1 deletion(-)

diff --git a/api/tests/unit/environments/permissions/test_unit_environments_permissions.py b/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
index d6c6eccab206..b8f242f895c0 100644
--- a/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
+++ b/api/tests/unit/environments/permissions/test_unit_environments_permissions.py
@@ -147,7 +147,6 @@ def test_project_user_without_create_environment_permission_cannot_create_enviro
 
 
 # created additional tests to cover edge cases around project ID validation in environment creation
-# 3/7/26
 def test_create_environment__invalid_project_id_string__returns_false(
     admin_user: FFAdminUser,
 ) -> None: