Add a `scopes` column to the `personal_access_tokens` table

app/models/personal_access_token.rb

@@ -2,6 +2,8 @@ class PersonalAccessToken < ActiveRecord::Base
   include TokenAuthenticatable
   add_authentication_token_field :token
 
+  serialize :scopes, Array
+
   belongs_to :user
 
   scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }

db/migrate/20160823083941_add_column_scopes_to_personal_access_tokens.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddColumnScopesToPersonalAccessTokens < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  # When a migration requires downtime you **must** uncomment the following
+  # constant and define a short and easy to understand explanation as to why the
+  # migration requires downtime.
+  # DOWNTIME_REASON = ''
+
+  # When using the methods "add_concurrent_index" or "add_column_with_default"
+  # you must disable the use of transactions as these methods can not run in an
+  # existing transaction. When using "add_concurrent_index" make sure that this
+  # method is the _only_ method called in the migration, any other changes
+  # should go in a separate migration. This ensures that upon failure _only_ the
+  # index creation fails and can be retried or reverted easily.
+  #
+  # To disable transactions uncomment the following line and remove these
+  # comments:
+  disable_ddl_transaction!
+
+  def up
+    # The default needs to be `[]`, but all existing access tokens need to have `scopes` set to `['api']`.
+    # It's easier to achieve this by adding the column with the `['api']` default, and then changing the default to
+    # `[]`.
+    add_column_with_default :personal_access_tokens, :scopes, :string, default: ['api'].to_yaml
+  end
+
+  def down
+    remove_column :personal_access_tokens, :scopes
+  end
+end

db/migrate/20160824121037_change_personal_access_tokens_default_back_to_empty_array.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class ChangePersonalAccessTokensDefaultBackToEmptyArray < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  # When a migration requires downtime you **must** uncomment the following
+  # constant and define a short and easy to understand explanation as to why the
+  # migration requires downtime.
+  # DOWNTIME_REASON = ''
+
+  # When using the methods "add_concurrent_index" or "add_column_with_default"
+  # you must disable the use of transactions as these methods can not run in an
+  # existing transaction. When using "add_concurrent_index" make sure that this
+  # method is the _only_ method called in the migration, any other changes
+  # should go in a separate migration. This ensures that upon failure _only_ the
+  # index creation fails and can be retried or reverted easily.
+  #
+  # To disable transactions uncomment the following line and remove these
+  # comments:
+  # disable_ddl_transaction!
+
+  def up
+    # The default needs to be `[]`, but all existing access tokens need to have `scopes` set to `['api']`.
+    # It's easier to achieve this by adding the column with the `['api']` default, and then changing the default to
+    # `[]`.
+    change_column_default :personal_access_tokens, :scopes, [].to_yaml
+  end
+
+  def down
+    # The default needs to be `[]`, but all existing access tokens need to have `scopes` set to `['api']`.
+    # It's easier to achieve this by adding the column with the `['api']` default, and then changing the default to
+    # `[]`.
+    change_column_default :personal_access_tokens, :scopes, ['api'].to_yaml
+  end
+end

db/schema.rb

@@ -854,6 +854,7 @@ ActiveRecord::Schema.define(version: 20161212142807) do
     t.datetime "expires_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string   "scopes", default: "--- []\n", null: false
   end
 
   add_index "personal_access_tokens", ["token"], name: "index_personal_access_tokens_on_token", unique: true, using: :btree

spec/factories/personal_access_tokens.rb

@@ -5,5 +5,6 @@ FactoryGirl.define do
     name { FFaker::Product.brand }
     revoked false
     expires_at { 5.days.from_now }
+    scopes ['api']
   end
 end