Skip to content

Access token form - render selected projects on page load

📖 What does this MR do?

Related to #22754 (closed) Follow-up to !54617 (merged)

In !54617 (merged) I added a projects selector to the personal access tokens form. This will allow users to scope a personal access token to one or more projects. This MR adds functionality to fetch the selected projects when the page is loaded.

Use case

User fills out "Name" and selects a few projects but doesn't select any "Scopes". When they try to submit the form it is going to reload the page but since they didn't select any scopes they are going to get a "Scopes can't be blank" error message. When there is a validation error Rails automatically populates the inputs, but in this case the projects input is a hidden input of project IDs. To the user it looks like there are no longer any projects selected. This MR adds a GraphQL request when the page is loaded so the previously selected projects can be displayed to the user.

Important

This field is not yet hooked up to the backend since that work is still in progress in #15666 (closed). Because of this, what is described above will still not work. See "Local testing" section below for how to test.

💻 Local testing

  1. Enable the personal_access_tokens_scoped_to_projects feature flag.
    • bin/rails console
    • Feature.enable(:personal_access_tokens_scoped_to_projects)
  2. Navigate to /-/profile/personal_access_tokens
  3. Use the projects selector to select a couple of projects
  4. In the dev tools find the hidden input with id="temporary-id". This is because it is not yet hooked up to the backend. Screen_Shot_2021-03-04_at_3.11.16_PM
  5. Copy the value attribute from that hidden input
  6. Change app/views/shared/access_tokens/_form.html.haml#L34 to %input{ type: 'hidden', name: 'temporary-name', id: 'temporary-id', value: 'ids you just copied' }
  7. Reload the page

📷 Screenshots

Before After
Screen_Shot_2021-03-04_at_3.15.47_PM Screen_Shot_2021-03-04_at_3.15.21_PM

🚦 Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
    • Will ask for a security review when the backend is done
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Peter Hegman

Merge request reports

Loading