Project access token specific scope descriptions

Updates the scope description for Project Access Tokens to be project specific.

Project access token specific scope descriptions
Updates the scope description for Project Access Tokens to be project specific.
ba62e826 · Aishwarya Subramanian · 8f803264 · ba62e826 · ba62e826 · ba62e826
Commit ba62e826 authored May 11, 2020 by Aishwarya Subramanian
5 changed files
--- a/app/helpers/access_tokens_helper.rb
+++ b/app/helpers/access_tokens_helper.rb
+# frozen_string_literal: true
+
+module AccessTokensHelper
+  def scope_description(prefix)
+    prefix == :project_access_token ? [:doorkeeper, :project_access_token_scope_desc] : [:doorkeeper, :scope_desc]
+  end
+end
--- a/app/views/shared/tokens/_scopes_form.html.haml
+++ b/app/views/shared/tokens/_scopes_form.html.haml
@@ -6,4 +6,4 @@
  %fieldset.form-group.form-check
    = check_box_tag "#{prefix}[scopes][]", scope, token.scopes.include?(scope), id: "#{prefix}_scopes_#{scope}", class: "form-check-input qa-#{scope}-radio"
    = label_tag ("#{prefix}_scopes_#{scope}"), scope, class: 'label-bold form-check-label'
-    .text-secondary= t scope, scope: [:doorkeeper, :scope_desc]
+    .text-secondary= t scope, scope: scope_description(prefix)
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -88,6 +88,19 @@ en:
        Grants read-only access to the user's profile data using OpenID Connect.
      email:
        Grants read-only access to the user's primary email address using OpenID Connect.
+    project_access_token_scope_desc:
+      api:
+        Grants complete read/write access to the scoped project API.
+      read_api:
+        Grants read access to the scoped project API.
+      read_repository:
+        Allows read-only access (pull) to the repository.
+      write_repository:
+        Allows read-write access (pull, push) to the repository.
+      read_registry:
+        Allows read-access (pull) to container registry images if the project is private and authorization is required.
+      write_registry:
+        Allows write-access (push) to container registry.
    flash:
      applications:
        create:

--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -47,7 +47,7 @@ the following table.

 | Scope              |  Description |
 | ------------------ |  ----------- |
-| `api`              | Grants complete read/write access to scoped project API. |
+| `api`              | Grants complete read/write access to the scoped project API. |
 | `read_api`         | Grants read access to the scoped project API. |
 | `read_registry`    | Allows read-access (pull) to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. |
 | `write_registry`   | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). |

--- a/spec/helpers/access_tokens_helper_spec.rb
+++ b/spec/helpers/access_tokens_helper_spec.rb
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe AccessTokensHelper do
+  describe "#scope_description" do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:prefix, :description_location) do
+      :personal_access_token  | [:doorkeeper, :scope_desc]
+      :project_access_token   | [:doorkeeper, :project_access_token_scope_desc]
+    end
+
+    with_them do
+      it { expect(helper.scope_description(prefix)).to eq(description_location) }
+    end
+  end
+end