Process PR comments

gsvd · gsvd · commit 6f25c01a7843 · 2025-02-26T09:01:12.000-05:00
diff --git a/models/auth/access_token_scope.go b/models/auth/access_token_scope.go
@@ -51,7 +51,7 @@ var AccessTokenScopeCategoryNames = map[AccessTokenScopeCategory]string{
 	AccessTokenScopeCategoryUser:         "user",
 }
 
-// AccessTokenScopeCategoryNames is a list of all access token scope category names
+// AccessTokenScopeCategoryNames is a list of all access token scope category names including admin's reserved scope
 var AllAccessTokenScopeCategoryNames = []string{
 	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryActivityPub],
 	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryAdmin],
@@ -64,6 +64,18 @@ var AllAccessTokenScopeCategoryNames = []string{
 	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryUser],
 }
 
+// AccessTokenScopeCategoryNames is a list of all access token scope category names without admin's reserved scope
+var AllNonAdminAccessTokenScopeCategoryNames = []string{
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryActivityPub],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryMisc],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryNotification],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryOrganization],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryPackage],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryIssue],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryRepository],
+	AccessTokenScopeCategoryNames[AccessTokenScopeCategoryUser],
+}
+
 // AccessTokenScopeLevel represents the access levels without a given scope category
 type AccessTokenScopeLevel int
 
diff --git a/routers/web/user/setting/applications.go b/routers/web/user/setting/applications.go
@@ -98,9 +98,15 @@ func loadApplicationsData(ctx *context.Context) {
 		return
 	}
 	ctx.Data["Tokens"] = tokens
-	ctx.Data["TokenCategories"] = auth_model.AllAccessTokenScopeCategoryNames
 	ctx.Data["EnableOAuth2"] = setting.OAuth2.Enabled
-	ctx.Data["IsAdmin"] = ctx.Doer.IsAdmin
+
+	// Handle specific ordered token categories for admin or non-admin users
+	if ctx.Doer.IsAdmin {
+		ctx.Data["TokenCategories"] = auth_model.AllAccessTokenScopeCategoryNames
+	} else {
+		ctx.Data["TokenCategories"] = auth_model.AllNonAdminAccessTokenScopeCategoryNames
+	}
+
 	if setting.OAuth2.Enabled {
 		ctx.Data["Applications"], err = db.Find[auth_model.OAuth2Application](ctx, auth_model.FindOAuth2ApplicationsOptions{
 			OwnerID: ctx.Doer.ID,
diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl
@@ -101,10 +101,7 @@
 				<button id="scoped-access-submit" class="ui primary button">
 					{{ctx.Locale.Tr "settings.generate_token"}}
 				</button>
-			</form>{{/* Fomantic ".ui.form .warning.message" is hidden by default, so put the warning message out of the form*/}}
-			<div id="scoped-access-warning" class="ui warning message center tw-hidden">
-				{{ctx.Locale.Tr "settings.at_least_one_permission"}}
-			</div>
+			</form>
 		</div>
 
 		{{if .EnableOAuth2}}
