Merge pull request #14180 from strapi/api-token-v2/settings-access-api-token

RBAC on API tokens settings access
2025-12-26 06:35:47 +00:00 · 2022-08-29 11:30:26 +02:00 · 2022-08-29 11:30:26 +02:00 · 4f7db2ef72
commit 4f7db2ef72
parent 3f3ec98101 cce909d1ae
3 changed files with 31 additions and 1 deletions
--- a/packages/core/admin/admin/src/permissions/defaultPermissions.js
+++ b/packages/core/admin/admin/src/permissions/defaultPermissions.js
@ -76,7 +76,7 @@ const permissions = {
      update: [{ action: 'admin::webhooks.update', subject: null }],
    },
    'api-tokens': {
-      main: [],
+      main: [{ action: 'admin::api-tokens.access', subject: null }],
      create: [{ action: 'admin::api-tokens.create', subject: null }],
      delete: [{ action: 'admin::api-tokens.delete', subject: null }],
      read: [{ action: 'admin::api-tokens.read', subject: null }],
--- a/packages/core/admin/server/config/admin-actions.js
+++ b/packages/core/admin/server/config/admin-actions.js
@ -118,12 +118,21 @@ module.exports = {
      category: 'users and roles',
      subCategory: 'roles',
    },
+    {
+      uid: 'api-tokens.access',
+      displayName: 'Access the API tokens settings page',
+      pluginName: 'admin',
+      section: 'settings',
+      category: 'api tokens',
+      subCategory: 'api Tokens',
+    },
    {
      uid: 'api-tokens.create',
      displayName: 'Create (generate)',
      pluginName: 'admin',
      section: 'settings',
      category: 'api tokens',
+      subCategory: 'general',
    },
    {
      uid: 'api-tokens.read',
@ -131,6 +140,7 @@ module.exports = {
      pluginName: 'admin',
      section: 'settings',
      category: 'api tokens',
+      subCategory: 'general',
    },
    {
      uid: 'api-tokens.update',
@ -138,6 +148,7 @@ module.exports = {
      pluginName: 'admin',
      section: 'settings',
      category: 'api tokens',
+      subCategory: 'general',
    },
    {
      uid: 'api-tokens.delete',
@ -145,6 +156,7 @@ module.exports = {
      pluginName: 'admin',
      section: 'settings',
      category: 'api tokens',
+      subCategory: 'general',
    },
    {
      uid: 'project-settings.update',
--- a/packages/core/admin/server/tests/admin-permission.test.e2e.js
+++ b/packages/core/admin/server/tests/admin-permission.test.e2e.js
@ -293,6 +293,12 @@ describe('Role CRUD End to End', () => {
              },
            ],
            "settings": Array [
+              Object {
+                "action": "admin::api-tokens.access",
+                "category": "api tokens",
+                "displayName": "Access the API tokens settings page",
+                "subCategory": "api Tokens",
+              },
              Object {
                "action": "admin::api-tokens.create",
                "category": "api tokens",
@ -784,6 +790,12 @@ describe('Role CRUD End to End', () => {
                },
              ],
              "settings": Array [
+                Object {
+                  "action": "admin::api-tokens.access",
+                  "category": "api tokens",
+                  "displayName": "Access the API tokens settings page",
+                  "subCategory": "api Tokens",
+                },
                Object {
                  "action": "admin::api-tokens.create",
                  "category": "api tokens",
@ -1210,6 +1222,12 @@ describe('Role CRUD End to End', () => {
                },
              ],
              "settings": Array [
+                Object {
+                  "action": "admin::api-tokens.access",
+                  "category": "api tokens",
+                  "displayName": "Access the API tokens settings page",
+                  "subCategory": "api Tokens",
+                },
                Object {
                  "action": "admin::api-tokens.create",
                  "category": "api tokens",