CT-1402 fix2 token management endpoint

apiary.apib

@@ -2128,12 +2128,13 @@ can be called with an application token with scope `manage:storage-tokens`.
 
     + description: Test Token (required) - Token description
     + canManageBuckets: true (boolean) - Token has full permissions on tabular storage
-    + canManageTokens: true (boolean) - Token has permission to create tokens in project
+    + canManageTokens: false (boolean) - deprecated & will be ignored - Token has permission to create tokens in project
     + canReadAllFileUploads: true (boolean) - Token has full permissions to files staging
     + canPurgeTrash: true (boolean) - Allows permanently remove deleted configurations.
     + expiresIn: 60 (number) - Token lifetime
     + bucketPermissions (object)
         - in.c-main: read
+    + componentAccess[] (optional) - Grants access for component configurations. Allowed values are [valid component IDs](https://components.keboola.com/components).
 
 + Request (application/json)
     + Headers

openapi.yml

@@ -854,7 +854,11 @@ paths:
                     created: '2014-11-11T08:40:51.620Z'
       summary: Retrieve an organization
       operationId: Retrieve an organization
-      description: ''
+      description: >-
+        To access token needs to be superuser, member of the organization,
+        member of the maintainer or application token with
+
+        scope `organizations:read`.
       tags:
         - Organizations
       parameters:
@@ -4248,7 +4252,7 @@ paths:
             example:
               description: Test Token
               canManageBuckets: true
-              canManageTokens: true
+              canManageTokens: false
               canReadAllFileUploads: true
               canPurgeTrash: true
               expiresIn: 60
@@ -4269,8 +4273,9 @@ paths:
                   description: Token has full permissions on tabular storage
                 canManageTokens:
                   type: boolean
-                  example: true
-                  description: Token has permission to create tokens in project
+                  description: >-
+                    deprecated & will be ignored - Token has permission to
+                    create tokens in project
                 canReadAllFileUploads:
                   type: boolean
                   example: true
@@ -4289,6 +4294,12 @@ paths:
                     in.c:
                       type: string
                       description: 'main: read'
+                componentAccess[]:
+                  type: string
+                  description: >-
+                    Grants access for component configurations. Allowed values
+                    are [valid component
+                    IDs](https://components.keboola.com/components).
   /manage/projects/{project_id}/credits:
     post:
       responses:

tests/ProjectDeleteTest.php

@@ -149,7 +149,6 @@ public function testPurgeExpiredProjectRemoveMetadata()
         $params = [
             'canManageBuckets' => true,
             'canReadAllFileUploads' => true,
-            'canManageTokens' => true,
             'canPurgeTrash' => true,
             'description' => $this->generateDescriptionForTestObject(),
         ];

tests/ProjectsTest.php

@@ -6,6 +6,7 @@
 use Keboola\ManageApi\Backend;
 use Keboola\ManageApi\Client;
 use Keboola\ManageApi\ClientException;
+use Keboola\ManageApi\Exception;
 use Keboola\ManageApi\ProjectRole;
 use Keboola\StorageApi\ClientException as StorageApiClientException;
 use Keboola\StorageApi\Options\ListFilesOptions;
@@ -1149,7 +1150,7 @@ public function testCreateProjectStorageTokenWithBucketPermissions()
         $this->assertEquals([$newBucketId => 'read'], $verified['bucketPermissions']);
     }
 
-    public function testCreateProjectStorageTokenWithMangeTokensPermission()
+    public function testCreateProjectStorageTokenWithMangeTokensPermissionAndComponentAccess()
     {
         $organization = $this->client->createOrganization($this->testMaintainerId, [
             'name' => 'My org',
@@ -1178,6 +1179,27 @@ public function testCreateProjectStorageTokenWithMangeTokensPermission()
         $this->assertTrue($verified['canManageBuckets']);
         $this->assertTrue($verified['canManageTokens']);
         $this->assertTrue($verified['canReadAllFileUploads']);
+
+        $requestedComponents = ['component1', 'component2', 'component3'];
+        $token2 = $this->client->createProjectStorageToken($project['id'], [
+            'description' => 'test',
+            'expiresIn' => 60,
+            'canManageBuckets' => true,
+            'canReadAllFileUploads' => true,
+            'componentAccess' => $requestedComponents,
+        ]);
+
+        $client2 = $this->getStorageClient([
+            'url' => getenv('KBC_MANAGE_API_URL'),
+            'token' => $token2['token'],
+        ]);
+
+        $verified2 = $client2->verifyToken();
+        $this->assertEquals($project['id'], $verified['owner']['id']);
+        $this->assertTrue($verified2['canManageBuckets']);
+        $this->assertFalse($verified2['canManageTokens']);
+        $this->assertTrue($verified2['canReadAllFileUploads']);
+        $this->assertEquals($requestedComponents, $verified2['componentAccess']);
     }
 
     public function testSuperAdminCanDisableAndEnableProject()