fix: permissions should allow to access client token types (#10543)

Internally token types are still identified as CLIENT, therefore when we filter the ones we're allowed to see, we should still consider them as CLIENT tokens not BACKEND tokens. This is internal until we can fully remove CLIENT with the next major.
2025-08-27 13:49:10 +02:00 · 2025-08-26 09:33:21 -07:00 · 2025-08-26 09:33:21 -07:00 · 8cb11f69df
commit 8cb11f69df
parent 750a32f0e9
2 changed files with 8 additions and 8 deletions
--- a/src/lib/routes/admin-api/api-token.ts
+++ b/src/lib/routes/admin-api/api-token.ts
@ -83,7 +83,7 @@ const permissionToTokenType: (permission: string) => ApiTokenType | undefined =
                UPDATE_CLIENT_API_TOKEN,
            ].includes(permission)
        ) {
-            return ApiTokenType.BACKEND;
+            return ApiTokenType.CLIENT;
        } else if (ADMIN === permission) {
            return ApiTokenType.ADMIN;
        } else {
--- a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts
+++ b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts
@ -67,7 +67,7 @@ test('editor users should only get client or frontend tokens', async () => {
        projects: [],
        tokenName: 'test',
        secret: '*:environment.1234',
-        type: ApiTokenType.BACKEND,
+        type: ApiTokenType.CLIENT,
    });

    await stores.apiTokenStore.insert({
@ -92,7 +92,7 @@ test('editor users should only get client or frontend tokens', async () => {
        .expect(200)
        .expect((res) => {
            expect(res.body.tokens.length).toBe(2);
-            expect(res.body.tokens[0].type).toBe(ApiTokenType.BACKEND);
+            expect(res.body.tokens[0].type).toBe(ApiTokenType.CLIENT);
            expect(res.body.tokens[1].type).toBe(ApiTokenType.FRONTEND);
        });

@ -126,7 +126,7 @@ test('viewer users should not be allowed to fetch tokens', async () => {
        projects: [],
        tokenName: 'test',
        secret: '*:environment.1234',
-        type: ApiTokenType.BACKEND,
+        type: ApiTokenType.CLIENT,
    });

    await stores.apiTokenStore.insert({
@ -462,7 +462,7 @@ describe('Fine grained API token permissions', () => {
                projects: [],
                tokenName: 'client',
                secret: '*:environment.client_secret_1234',
-                type: ApiTokenType.BACKEND,
+                type: ApiTokenType.CLIENT,
            });

            await stores.apiTokenStore.insert({
@ -485,7 +485,7 @@ describe('Fine grained API token permissions', () => {
                .expect(200)
                .expect((res) => {
                    expect(res.body.tokens).toHaveLength(1);
-                    expect(res.body.tokens[0].type).toBe(ApiTokenType.BACKEND);
+                    expect(res.body.tokens[0].type).toBe(ApiTokenType.CLIENT);
                });
            await destroy();
        });
@ -521,7 +521,7 @@ describe('Fine grained API token permissions', () => {
                projects: [],
                tokenName: 'client',
                secret: '*:environment.client_secret_4321',
-                type: ApiTokenType.BACKEND,
+                type: ApiTokenType.CLIENT,
            });

            await stores.apiTokenStore.insert({
@ -579,7 +579,7 @@ describe('Fine grained API token permissions', () => {
                projects: [],
                tokenName: 'client',
                secret: '*:environment.client_secret_4321',
-                type: ApiTokenType.BACKEND,
+                type: ApiTokenType.CLIENT,
            });
            await stores.apiTokenStore.insert({
                environment: '',