Merge branch 'access_token_scopes' into 'master'

Correct copy on Project Access Token scope page See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/100129 Merged-by: Matthias Käppler <mkaeppler@gitlab.com> Approved-by: Cynthia "Arty" Ng <cng@gitlab.com> Approved-by: Hannah Sutor <hsutor@gitlab.com> Approved-by: Suzanne Selhorn - out until Oct 18 <sselhorn@gitlab.com> Approved-by: Matthias Käppler <mkaeppler@gitlab.com> Approved-by: Jessie Young <jessieyoung@gitlab.com> Co-authored-by: Phil Hughes <me@iamphill.com> Co-authored-by: Łukasz Korbasiewicz <lkorbasiewicz@gitlab.com>

Merge branch 'access_token_scopes' into 'master'
0da7a380 · Matthias Käppler · 6235fbeb · b77394a2 · 0da7a380 · 0da7a380
--- a/app/views/projects/settings/access_tokens/index.html.haml
+++ b/app/views/projects/settings/access_tokens/index.html.haml
@@ -39,6 +39,7 @@
          access_levels: ProjectMember.permissible_access_level_roles(current_user, @project),
          default_access_level: Gitlab::Access::GUEST,
          prefix: :resource_access_token,
+          description_prefix: :project_access_token,
          help_path: help_page_path('user/project/settings/project_access_tokens', anchor: 'scopes-for-a-project-access-token')
    = render 'shared/access_tokens/table',

--- a/app/views/shared/access_tokens/_form.html.haml
+++ b/app/views/shared/access_tokens/_form.html.haml
 - ajax = local_assigns.fetch(:ajax, false)
 - title = local_assigns.fetch(:title, _('Add a %{type}') % { type: type })
 - prefix = local_assigns.fetch(:prefix, :personal_access_token)
+- description_prefix = local_assigns.fetch(:description_prefix, prefix)
 - help_path = local_assigns.fetch(:help_path)
 - resource = local_assigns.fetch(:resource, false)
 - access_levels = local_assigns.fetch(:access_levels, false)
@@ -43,7 +44,7 @@
    %p.text-secondary#select_scope_help_text
      = s_('Tokens|Scopes set the permission levels granted to the token.')
      = link_to _("Learn more."), help_path, target: '_blank', rel: 'noopener noreferrer'
-    = render 'shared/tokens/scopes_form', prefix: prefix, token: token, scopes: scopes, f: f
+    = render 'shared/tokens/scopes_form', prefix: prefix, description_prefix: description_prefix, token: token, scopes: scopes, f: f
  .gl-mt-3
    = f.submit _('Create %{type}') % { type: type }, data: { qa_selector: 'create_token_button' }, pajamas_button: true
--- a/app/views/shared/tokens/_scopes_form.html.haml
+++ b/app/views/shared/tokens/_scopes_form.html.haml
 - scopes = local_assigns.fetch(:scopes)
 - prefix = local_assigns.fetch(:prefix)
+- description_prefix = local_assigns.fetch(:description_prefix, prefix)
 - token = local_assigns.fetch(:token)
 - f = local_assigns.fetch(:f)
 %fieldset
  - scopes.each do |scope|
-    - help_text = t scope, scope: scope_description(prefix)
+    - help_text = t scope, scope: scope_description(description_prefix)
    = f.gitlab_ui_checkbox_component :scopes, scope,
      help_text: help_text,
      checkbox_options: { checked: token.scopes.include?(scope), id: "#{prefix}_scopes_#{scope}", multiple: true, data: { qa_selector: "#{scope}_checkbox" } },

--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -98,17 +98,17 @@ en:
        Grants read-only access to the user's primary email address using OpenID Connect.
    project_access_token_scope_desc:
      api:
-        Grants complete read/write access to the scoped project API.
+        Grants complete read and write access to the scoped project API, including the Package Registry.
      read_api:
-        Grants read access to the scoped project API.
+        Grants read access to the scoped project API, including the Package Registry.
      read_repository:
-        Allows read-only access (pull) to the repository.
+        Grants read access (pull) to the repository.
      write_repository:
-        Allows read-write access (pull, push) to the repository.
+        Grants read and write access (pull and push) to the repository.
      read_registry:
-        Allows read-access (pull) to container registry images if the project is private and authorization is required.
+        Grants read access (pull) to the Container Registry images if a project is private and authorization is required.
      write_registry:
-        Allows write-access (push) to container registry.
+        Grants write access (push) to the Container Registry.
    flash:
      applications:
        create:

--- a/doc/user/group/settings/group_access_tokens.md
+++ b/doc/user/group/settings/group_access_tokens.md
@@ -140,10 +140,10 @@ The scope determines the actions you can perform when you authenticate with a gr
 |:-------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `api`              | Grants complete read and write access to the scoped group and related project API, including the [Package Registry](../../packages/package_registry/index.md).                   |
 | `read_api`         | Grants read access to the scoped group and related project API, including the [Package Registry](../../packages/package_registry/index.md).                                      |
-| `read_registry`    | Allows read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if any project within a group is private and authorization is required. |
+| `read_registry`    | Grants read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if any project within a group is private and authorization is required. |
-| `write_registry`   | Allows write access (push) to the [Container Registry](../../packages/container_registry/index.md).                                                                              |
+| `write_registry`   | Grants write access (push) to the [Container Registry](../../packages/container_registry/index.md).                                                                              |
-| `read_repository`  | Allows read access (pull) to all repositories within a group.                                                                                                                    |
+| `read_repository`  | Grants read access (pull) to all repositories within a group.                                                                                                                    |
-| `write_repository` | Allows read and write access (pull and push) to all repositories within a group.                                                                                                 |
+| `write_repository` | Grants read and write access (pull and push) to all repositories within a group.                                                                                                 |
 ## Enable or disable group access token creation

--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -105,14 +105,14 @@ A personal access token can perform actions based on the assigned scopes.
 | Scope              | Access |
 |--------------------|--------|
-| `api`              | Read-write for the complete API, including all groups and projects, the Container Registry, and the Package Registry. |
+| `api`              | Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. |
-| `read_user`        | Read-only for endpoints under `/users`. Essentially, access to any of the `GET` requests in the [Users API](../../api/users.md). |
+| `read_user`        | Grants read-only access to the authenticated user's profile through the `/user` API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under [`/users`](../../api/users.md). |
-| `read_api`         | Read-only for the complete API, including all groups and projects, the Container Registry, and the Package Registry. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) in GitLab 12.10.) |
+| `read_api`         | Grants read access to the API, including all groups and projects, the container registry, and the package registry. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) in GitLab 12.10.) |
-| `read_repository`  | Read-only (pull) for the repository through `git clone`. |
+| `read_repository`  | Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. |
-| `write_repository` | Read-write (pull, push) for the repository through `git clone`. |
+| `write_repository` | Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). |
-| `read_registry`    | Read-only (pull) for [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. |
+| `read_registry`    | Grants read-only (pull) access to a [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. |
-| `write_registry`   | Read-write (push) for [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) in GitLab 12.10.) |
+| `write_registry`   | Grants read-write (push) access to a [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) in GitLab 12.10.) |
-| `sudo`             | API actions as any user in the system (if the authenticated user is an administrator). |
+| `sudo`             | Grants permission to perform API actions as any user in the system, when authenticated as an administrator. |
 ## When personal access tokens expire

--- a/doc/user/project/deploy_tokens/index.md
+++ b/doc/user/project/deploy_tokens/index.md
@@ -68,11 +68,11 @@ following table along with GitLab version it was introduced in:
 | Scope                    | Description | Introduced in GitLab Version |
 |--------------------------|-------------|------------------------------|
-| `read_repository`        | Allows read-access to the repository through `git clone` | -- |
+| `read_repository`        | Grants read-access to the repository through `git clone` | -- |
-| `read_registry`          | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
+| `read_registry`          | Grants read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
-| `write_registry`         | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
+| `write_registry`         | Grants write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
-| `read_package_registry`  | Allows read access to the package registry. | 13.0 |
+| `read_package_registry`  | Grants read access to the package registry. | 13.0 |
-| `write_package_registry` | Allows write access to the package registry. | 13.0 |
+| `write_package_registry` | Grants write access to the package registry. | 13.0 |
 ## Deploy token custom username

--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -85,10 +85,10 @@ The scope determines the actions you can perform when you authenticate with a pr
 |:-------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `api`              | Grants complete read and write access to the scoped project API, including the [Package Registry](../../packages/package_registry/index.md).                |
 | `read_api`         | Grants read access to the scoped project API, including the [Package Registry](../../packages/package_registry/index.md).                                   |
-| `read_registry`    | Allows read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. |
+| `read_registry`    | Grants read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. |
-| `write_registry`   | Allows write access (push) to the [Container Registry](../../packages/container_registry/index.md).                                                             |
+| `write_registry`   | Grants write access (push) to the [Container Registry](../../packages/container_registry/index.md).                                                             |
-| `read_repository`  | Allows read access (pull) to the repository.                                                                                                                |
+| `read_repository`  | Grants read access (pull) to the repository.                                                                                                                |
-| `write_repository` | Allows read and write access (pull and push) to the repository.                                                                                             |
+| `write_repository` | Grants read and write access (pull and push) to the repository.                                                                                             |
 ## Enable or disable project access token creation