Access token form - render selected projects on page load
📖 What does this MR do?
Related to #22754 (closed) Follow-up to !54617 (merged)
In !54617 (merged) I added a projects selector to the personal access tokens form. This will allow users to scope a personal access token to one or more projects. This MR adds functionality to fetch the selected projects when the page is loaded.
Use case
User fills out "Name" and selects a few projects but doesn't select any "Scopes". When they try to submit the form it is going to reload the page but since they didn't select any scopes they are going to get a "Scopes can't be blank" error message. When there is a validation error Rails automatically populates the inputs, but in this case the projects input is a hidden input of project IDs. To the user it looks like there are no longer any projects selected. This MR adds a GraphQL request when the page is loaded so the previously selected projects can be displayed to the user.
Important
This field is not yet hooked up to the backend since that work is still in progress in #15666 (closed). Because of this, what is described above will still not work. See "Local testing" section below for how to test.
💻 Local testing
- Enable the
personal_access_tokens_scoped_to_projectsfeature flag.bin/rails consoleFeature.enable(:personal_access_tokens_scoped_to_projects)
- Navigate to
/-/profile/personal_access_tokens - Use the projects selector to select a couple of projects
- In the dev tools find the hidden input with
id="temporary-id". This is because it is not yet hooked up to the backend.
- Copy the
valueattribute from that hidden input - Change app/views/shared/access_tokens/_form.html.haml#L34 to
%input{ type: 'hidden', name: 'temporary-name', id: 'temporary-id', value: 'ids you just copied' } - Reload the page
📷 Screenshots
| Before | After |
|---|---|
 |
 |
🚦 Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because this is behind a feature flag.
-
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec- Will ask for a security review when the backend is done
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team