Add Disable Personal Access Tokens setting to Admin Settings UI
What does this MR do and why?
Related to:
- Admins unable to enable personal access tokens ... (#399233 - closed)
- Allow administrators to enable or disable Perso... (#436991 - closed)
Currently personal access tokens can only be disabled instance-wide via the API. The first issue described what is perceived as a bug. Once an admin uses a PAT to disable PATs, they can no longer authenticate via the API to re-enable this setting. This leaves admins with few options, except the Rails or database console. For some customers, this is not possible. I believe using an OAuth token to authenticate to the API would work, but it requires the additional steps of creating an application, retrieving a token, and then calling the API.
The second issue is a feature proposal that adds this setting to the Admin area settings UI. This seems like the easiest route to providing a more convenient method for admins to re-enable PATs.
The setting appears under Admin area > Settings > General and only appears for instances with an appropriate Premium/Ultimate license.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.