fix: address review feedback — role restriction, locale parity, formatting

- Restrict API token creation/revocation to AccountRole.User or higher
  (guests cannot use API tokens), per reviewer suggestion
- Add 5 missing translation keys (ApiTokenPermissions, ApiTokenScopePreset,
  ApiTokenScopeReadOnly, ApiTokenScopeReadWrite, ApiTokenScopeFullAccess)
  to all non-en locale files to fix locale parity CI test
- Fix prettier formatting in apiTokenScopes.test.ts
- Rename local `extra` to `tokenExtra` in createApiToken to avoid
  shadowing the decoded token's `extra` field

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Don Kendall <kendall@donkendall.com>

Author: dnplkndll

foundations/core/packages/account-client/src/client.ts

@@ -257,7 +257,12 @@ export interface AccountClient {
   getWorkspaceUsersWithPermission: (params: { permission: string }) => Promise<AccountUuid[]>
 
   verify2fa: (code: string) => Promise<LoginInfo>
-  createApiToken: (name: string, workspaceUuid: WorkspaceUuid, expiryDays: number, scopes?: string[]) => Promise<ApiTokenResult>
+  createApiToken: (
+    name: string,
+    workspaceUuid: WorkspaceUuid,
+    expiryDays: number,
+    scopes?: string[]
+  ) => Promise<ApiTokenResult>
   listApiTokens: () => Promise<ApiTokenInfo[]>
   revokeApiToken: (tokenId: string) => Promise<void>
   listWorkspaceApiTokens: (workspaceUuid: WorkspaceUuid) => Promise<ApiTokenInfo[]>
@@ -1232,7 +1237,12 @@ class AccountClientImpl implements AccountClient {
     await this.rpc(request)
   }
 
-  async createApiToken (name: string, workspaceUuid: WorkspaceUuid, expiryDays: number, scopes?: string[]): Promise<ApiTokenResult> {
+  async createApiToken (
+    name: string,
+    workspaceUuid: WorkspaceUuid,
+    expiryDays: number,
+    scopes?: string[]
+  ): Promise<ApiTokenResult> {
     const request = {
       method: 'createApiToken' as const,
       params: { name, workspaceUuid, expiryDays, scopes }

models/setting/src/index.ts

@@ -121,7 +121,7 @@ export class TInviteSettings extends TConfiguration implements InviteSettings {
 @UX(setting.string.RoleCapabilitySettings)
 export class TRoleCapabilitySettings extends TConfiguration implements RoleCapabilitySettings {
   @Prop(TypeRecord(), setting.string.RoleCapabilitySettings)
-    roleByCapability!: Record<string, AccountRole[]>
+  roleByCapability!: Record<string, AccountRole[]>
 }
 
 @Model(setting.class.OfficeSettings, core.class.Configuration, DOMAIN_SETTING)
@@ -147,7 +147,7 @@ export class TSpaceTypeCreator extends TClass implements SpaceTypeCreator {
   extraComponent!: AnyComponent
 }
 
-export function createModel (builder: Builder): void {
+export function createModel(builder: Builder): void {
   builder.createModel(
     TIntegration,
     TIntegrationType,

plugins/setting-assets/lang/cs.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/de.json

@@ -263,6 +263,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/es.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/fr.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/it.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/ja.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/pt-br.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }

plugins/setting-assets/lang/pt.json

@@ -262,6 +262,11 @@
     "ApiTokenExpiry180Days": "180 days",
     "ApiTokenExpiry365Days": "365 days",
     "ApiTokenLoadError": "Failed to load API tokens",
-    "ApiTokenCreateError": "Failed to create token. Please try again."
+    "ApiTokenCreateError": "Failed to create token. Please try again.",
+    "ApiTokenPermissions": "Permissions",
+    "ApiTokenScopePreset": "Permissions",
+    "ApiTokenScopeReadOnly": "Read Only",
+    "ApiTokenScopeReadWrite": "Read & Write",
+    "ApiTokenScopeFullAccess": "Full Access"
   }
 }