Skip to content

feat(jetstream): enable read-only personal access tokens#793

Open
vcnainala wants to merge 2 commits into
developmentfrom
feat/jetstream-personal-access-tokens
Open

feat(jetstream): enable read-only personal access tokens#793
vcnainala wants to merge 2 commits into
developmentfrom
feat/jetstream-personal-access-tokens

Conversation

@vcnainala

@vcnainala vcnainala commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Member

Summary

  • Enable Jetstream Features::api() so verified users can manage personal access tokens at /user/api-tokens (account menu → Personal Access Tokens).
  • Restrict Sanctum PAT abilities to read only; default new tokens to read.
  • REST API authorization is unchanged: Lomkit policies + Spatie permissions (delete_molecule, etc.), not Sanctum ability middleware.

Test plan

  • phpunit --filter=ApiToken (3 tests)
  • Log in as verified user → create PAT → use Authorization: Bearer <token> on GET /api/molecules
  • Confirm token UI shows only read permission
  • Confirm DELETE /api/molecules returns 403 for users without Spatie delete permissions

Resolves

Closes #744

vcnainala added 2 commits June 1, 2026 19:21
@vcnainala
feat(jetstream): enable read-only personal access tokens in UI
cd871bc 
Turn on Jetstream API features and restrict Sanctum PAT abilities to read.
REST authorization remains on Spatie permissions via Lomkit policies.
@vcnainala
docs(api): document personal access tokens
aae0217 
Describe how verified users create PATs, read-only Sanctum abilities, and
Spatie-based authorization for mutations and deletes.
@codecov-commenter

codecov-commenter commented Jun 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 6.08%. Comparing base (a4c26c6) to head (aae0217).
⚠️ Report is 4 commits behind head on development.

Additional details and impacted files 
@@               Coverage Diff                @@
##             development    #793      +/-   ##
================================================
- Coverage           6.14%   6.08%   -0.07%     
- Complexity          1736    1737       +1     
================================================
  Files                227     227              
  Lines               8945    8956      +11     
================================================
- Hits                 550     545       -5     
- Misses              8395    8411      +16

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@vcnainala vcnainala mentioned this pull request Jun 7, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vcnainala @codecov-commenter