-
-
Notifications
You must be signed in to change notification settings - Fork 658
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: project tokens can now be created with the correct permissions #4165
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
const permissionRequired = tokenTypeToCreatePermission( | ||
createToken.type, | ||
); | ||
const permissionRequired = CREATE_PROJECT_API_TOKEN; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Creation of both frontend and client tokens use the same permission here. Seems to be a feature, not a bug so I've left it alone and allowed it to use that exact permission
}, | ||
]; | ||
|
||
const hasAdminAccess = useHasRootAccess(ADMIN); | ||
const hasCreateFrontendAccess = useHasRootAccess(CREATE_FRONTEND_API_TOKEN); | ||
const hasCreateFrontendTokenAccess = useHasRootAccess(CREATE_PROJECT_API_TOKEN, project); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CREATE_PROJECT_API_TOKEN gives access to create both front end and client tokens so this is intentional
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. We just had a customer report this as well, nice to have a fix ready.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
This fixes the creation of project only tokens (done through the project settings). When we redesigned the way tokens are created, we missed project specific tokens, which have their own permission set that wasn't respected. This forces only the project api for token creation to use the CREATE_PROJECT_API_TOKEN instead of the global CREATE_CLIENT_API_TOKEN or CREATE_FRONTEND_API_TOKEN