Skip to content

Add "Manage Project Access Tokens" as a customizable permission

Aboobacker MK requested to merge tachyons/custom_role_project_access_tokens into master

Today, only Maintainers can manage project access tokens. This, along with other permissions, make the maintainer role have too much privilege, when Developer may not have enough. So we are making a custom role for managing project access tokens which can be added to any base role.

Screenshots or screen recordings

Screenshot_2023-10-15_at_2.39.23_PM

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Create a new custom role that enables manage_project_access_tokens as from Group -> Settings -> Roles and Permissions

  2. Assign this role to a group guest, developer or maintainer using REST API endpoint

curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "https://gdk.test:3000/api/v4/groups/$ID/members/$GUEST_USER_ID"
  1. Check if the user can do the following actions:
  • Create project access tokens from the UI and via REST API
  • List project access tokens from the UI and via REST API
  • Delete project access tokens from the UI and via REST API

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Fixes #421778 (closed)

Edited by Aboobacker MK

Merge request reports

Loading