DEV: Require at least one scope for API key granular mode (#31253)

Currently, if creating an API key in "granular" mode, and not selecting any scopes, a globally scoped API key is created. This can be surprising and is not ideal. Having a key with no scopes isn't useful in the first place, so this PR adds client- and server side validations to check that at least one scope is selected if using "granular" mode.
2025-02-25 18:55:32 -06:00 · 2025-02-10 13:22:08 +08:00
parent 7be88bbe8a
commit 3d11e3ca10
7 changed files with 55 additions and 2 deletions
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@@ -5478,6 +5478,7 @@ en:
            When using scopes, you can restrict an API key to a specific set of endpoints.
            You can also define which parameters will be allowed. Use commas to separate multiple values.
          title: Scopes
+          one_or_more: At least one scope must be selected.
          granular: Granular
          read_only: Read-only
          global: Global
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -847,6 +847,9 @@ en:
          attributes:
            linkable_type:
              invalid: "is not valid"
+        api_key:
+          base:
+            at_least_one_granular_scope: "at least one must be selected"

  uncategorized_category_name: "Uncategorized"