Add frontend changes for MVC for advanced scoped tokens
What does this MR do and why?
This MR is the third and last of a series to prepare to introduce a work in progress feature to add advanced scopes to personal access tokens.
It was recommended that I split this up in a previous draft MR here: !150045 (closed)
This MR adds the frontend changes required to enable using advanced_scopes feature
Related issue: Fine grained access controls of tokens (#368904)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Note: You may need to merge the backend changes from !154138 depending on the state of that MR to be able to actually use the feature.
-
In rails console enable the experiment for a selected user (this will do the user with id, typically root):
user = User.find(1) Feature.enable(:advanced_token_scopes, user) -
Visit the personal access token while logged in as that user: http://127.0.0.1:3000/-/user_settings/personal_access_tokens
-
Click the
Add new tokenbutton. -
Enter an example regexp for the token in the
Advanced scopestextbox, such as:^GET$|^POST$ ^/api/v4/projects/9/issues$ ^GET$ ^/api/v4/projects/9/issues/\d*$ -
You can validate that the token only has access to what it is supposed to with the regexp with example for the previous regex:
curl -H "Authorization: Bearer YOUR_PAT" \ -X GET "https://http://127.0.0.1:3000/api/v4/projects/9/issues"