Hide admin_mode scope tokens created for a user that is no longer an admin

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Original Issue

From the discussion in #42692 (comment 1416299211).

When an admin created a PAT with the admin scope, but then then loses their admin privileges, we still display the admin scope for the PAT, even though it wont work any more. We should instead hide this scope for the token, or otherwise explain why the token can no longer perform admin operations.

Summary

When an admin creates a Personal Access Token (PAT) with the admin scope and subsequently loses their admin privileges, the admin scope is still displayed for the PAT. This can lead to confusion, as the token can no longer perform admin operations.

Steps to Reproduce

1. Create a new admin_user2
2. Create a Personal Access Token with the admin scope
3. Remove admin privileges from the user account using your master admin
4. Navigate back to your admin_user2 user_settings/personal_access_tokens settings and observe that the PATs still have the admin scope present in the previously created PAT, eventhough it does not work anymore.

What is the current bug behaviour?

The admin scope is still displayed for the PAT even though the token can no longer perform admin operations.

What is the expected correct behaviour?

The admin scope should be hidden from the PAT settings, or there should be an explanation indicating that the token can no longer perform admin operations due to the loss of admin privileges.