[NEW] Personal access tokens for users to create API tokens #11638
Conversation
…ation) to use with REST API.
| throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken'}); | ||
| } | ||
| if (!RocketChat.settings.get('API_Enable_Personal_Access_Tokens')) { | ||
| throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken'}); |
There was a problem hiding this comment.
the error description here could say Personal Access Tokens are currently disabled. what do do you think?
| this.ready = new ReactiveVar(true); | ||
|
|
||
| this.autorun(() => { | ||
| const subscription = this.subscribe('personalAccessTokens'); |
There was a problem hiding this comment.
the subcribe command should be done outside the autorun block.
meteor is smart on this case because it knows you're not subscribing to a different thing, but still having it outside the autorun is a better pattern
| }); | ||
|
|
||
| Template.personalAccessTokens.onCreated(function() { | ||
| this.tokens = new ReactiveVar(); |
There was a problem hiding this comment.
you don't need this reactive var. instead you should be using the collection on the helpers
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| {{#unless hasTokens}} |
There was a problem hiding this comment.
you can replace this #unless block by a {{else}} block on {{#each}} command, like this:
{{#each tokens}}
... show tokens ...
{{else}}
... no tokens
{{/each}}
| "API_Personal_Access_Tokens_To_REST_API": "Personal access tokens to REST API", | ||
| "API_Personal_Access_Tokens_Remove_Modal": "Are you sure you wish to remove this personal access token?", | ||
| "API_Personal_Access_Token_Generated": "Personal Access Token successfully generated", | ||
| "API_Personal_Access_Token_Generated_Text_Token_s_UserId_s": "Please save your token carefully as you will no longer be able to view it afterwards. <br/>Token: <strong>%s</strong><br/>Your user Id: <strong>%s</strong>", |
There was a problem hiding this comment.
please use named variables instead of %s, in this case, something like (look at __token__ and __user_id__):
"API_Personal_Access_Token_Generated_Text_Token_s_UserId_s": "Please save your token carefully as you will no longer be able to view it afterwards. <br/>Token: <strong>__token__</strong><br/>Your user Id: <strong>__user_id__</strong>",
| @@ -45,6 +45,7 @@ <h1>{{_ "Backup_codes"}}</h1> | |||
| {{/if}} | |||
| {{/if}} | |||
| </form> | |||
| {{> personalAccessTokens }} | |||
There was a problem hiding this comment.
instead of adding this at Security page, I think it should have its own sub-menu.
this would also allow not writing it as a package, but as a meteor module
…ndividual section on sidebar
sampaiodiego
changed the title
Closes #7289