Skip to content

Hide Create Access Token button from admin when viewing other users

Warren Gifford requested to merge mv/create-token-button into main

Created by: miveronese

#35797 (closed)

This PR removes, in the frontend, the button that allows admins to create access tokens for other users. This option doesn't exist in the backend.

The choice of removing this button was made based on a security alert, in our graphql backend, that informs us that admins should not be allowed to create Access Tokens for other users.

Test plan

Manually tested in a local instance where I could confirm that: a) the button is hidden b) the alert that popped up when and admin was creating a token is removed

Screen Shot 2022-06-13 at 13 06 40

App preview:

Check out the client app preview documentation to learn more.

Merge request reports

Loading