Skip to content

WIP: Prototype restricting PersonalAccessTokens by project

James Edwards-Jones requested to merge jej/api-token-scoped-to-projects into master

In this MR I'll prototype restricting Personal Access Tokens by project.

I'll split commits out into smaller MRs as I go, possibly first merging database changes followed by model/controller behind a feature flag.

Acceptance criteria?

  • Changelog entry added, if necessary
  • Documentation created/updated
  • API support added
  • Tests added for this feature/bug
  • Conform by the code review guidelines
    • Has been reviewed by a UX Designer
    • Has been reviewed by a Frontend maintainer
    • Has been reviewed by a Backend maintainer
    • Has been reviewed by a Database specialist
  • EE specific content should be in the top level /ee folder
  • Conform by the merge request performance guides
  • Conform by the style guides
  • If you have multiple commits, please combine them into a few logically organized commits by squashing them
  • Internationalization required/considered
  • If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan
  • End-to-end tests pass (package-and-qa manual pipeline job)

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ce/issues/20993

Edited by James Edwards-Jones

Merge request reports