Fix project access token creation group settings link

app/views/projects/settings/access_tokens/index.html.haml

@@ -17,8 +17,9 @@
     - else
       = _('Project access token creation is disabled in this group. You can still use and manage existing tokens.')
       %p
-      - if current_user.can?(:admin_group, @project.group)
-        - group_settings_link = edit_group_path(@project.group)
+      - root_group = @project.group.root_ancestor
+      - if current_user.can?(:admin_group, root_group)
+        - group_settings_link = edit_group_path(root_group)
         - link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: group_settings_link }
         = _('You can enable project access token creation in %{link_start}group settings%{link_end}.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
 

changelogs/unreleased/sfang-fix-group-settings-link.yml

+---
+title: Fix project access token creation group settings link
+merge_request: 58686
+author:
+type: fixed

spec/features/projects/settings/access_tokens_spec.rb

@@ -116,6 +116,22 @@ RSpec.describe 'Project > Settings > Access Tokens', :js do
           end
         end
 
+        context 'with nested groups' do
+          let(:subgroup) { create(:group, parent: group) }
+
+          context 'when user is not a top level group owner' do
+            before do
+              subgroup.add_owner(user)
+            end
+
+            it 'does not show group settings link' do
+              visit project_settings_access_tokens_path(project)
+
+              expect(page).not_to have_link('group settings', href: edit_group_path(group))
+            end
+          end
+        end
+
         context 'when user is a group owner' do
           before do
             group.add_owner(user)