Consolidate oauth apps perms descriptions, and make project perms clearer (supabase#37525)

joshenlim · web-flow · commit 1d85aa632b98 · 2025-07-29T17:27:07.000+08:00
diff --git a/apps/studio/components/interfaces/Organization/OAuthApps/AuthorizeRequesterDetails.tsx b/apps/studio/components/interfaces/Organization/OAuthApps/AuthorizeRequesterDetails.tsx
@@ -1,6 +1,8 @@
 import { OAuthScope } from '@supabase/shared-types/out/constants'
 import { Check } from 'lucide-react'
 
+import { PERMISSIONS_DESCRIPTIONS } from './OAuthApps.constants'
+
 export interface AuthorizeRequesterDetailsProps {
   icon: string | null
   name: string
@@ -48,7 +50,7 @@ export const ScopeSection = ({
   return null
 }
 
-const AuthorizeRequesterDetails = ({
+export const AuthorizeRequesterDetails = ({
   icon,
   name,
   domain,
@@ -79,57 +81,57 @@ const AuthorizeRequesterDetails = ({
         </p>
         <div className="pt-2">
           <ScopeSection
-            description="access to analytics logs."
+            description={PERMISSIONS_DESCRIPTIONS.ANALYTICS}
             hasReadScope={scopes.includes(OAuthScope.ANALYTICS_READ)}
             hasWriteScope={scopes.includes(OAuthScope.ANALYTICS_WRITE)}
           />
           <ScopeSection
-            description="access to auth configurations and SSO providers."
+            description={PERMISSIONS_DESCRIPTIONS.AUTH}
             hasReadScope={scopes.includes(OAuthScope.AUTH_READ)}
             hasWriteScope={scopes.includes(OAuthScope.AUTH_WRITE)}
           />
           <ScopeSection
-            description="access to Postgres configurations, SQL snippets, SSL enforcement configurations and Typescript schema types."
+            description={PERMISSIONS_DESCRIPTIONS.DATABASE}
             hasReadScope={scopes.includes(OAuthScope.DATABASE_READ)}
             hasWriteScope={scopes.includes(OAuthScope.DATABASE_WRITE)}
           />
           <ScopeSection
-            description="access to custom domains and vanity subdomains."
+            description={PERMISSIONS_DESCRIPTIONS.DOMAINS}
             hasReadScope={scopes.includes(OAuthScope.DOMAINS_READ)}
             hasWriteScope={scopes.includes(OAuthScope.DOMAINS_WRITE)}
           />
           <ScopeSection
-            description="access to edge functions."
+            description={PERMISSIONS_DESCRIPTIONS.EDGE_FUNCTIONS}
             hasReadScope={scopes.includes(OAuthScope.EDGE_FUNCTIONS_READ)}
             hasWriteScope={scopes.includes(OAuthScope.EDGE_FUNCTIONS_WRITE)}
           />
           <ScopeSection
-            description="access to environments/branches."
+            description={PERMISSIONS_DESCRIPTIONS.ENVIRONMENT}
             hasReadScope={scopes.includes(OAuthScope.ENVIRONMENT_READ)}
             hasWriteScope={scopes.includes(OAuthScope.ENVIRONMENT_WRITE)}
           />
           <ScopeSection
-            description="access to the organization and all its members."
+            description={PERMISSIONS_DESCRIPTIONS.ORGANIZATIONS}
             hasReadScope={scopes.includes(OAuthScope.ORGANIZATIONS_READ)}
             hasWriteScope={scopes.includes(OAuthScope.ORGANIZATIONS_WRITE)}
           />
           <ScopeSection
-            description="access to metadata, its upgrade status, network restrictions and network bans."
+            description={PERMISSIONS_DESCRIPTIONS.PROJECTS}
             hasReadScope={scopes.includes(OAuthScope.PROJECTS_READ)}
             hasWriteScope={scopes.includes(OAuthScope.PROJECTS_WRITE)}
           />
           <ScopeSection
-            description="access to PostgREST configurations."
+            description={PERMISSIONS_DESCRIPTIONS.REST}
             hasReadScope={scopes.includes(OAuthScope.REST_READ)}
             hasWriteScope={scopes.includes(OAuthScope.REST_WRITE)}
           />
           <ScopeSection
-            description="access to API keys, secrets and pgsodium configurations."
+            description={PERMISSIONS_DESCRIPTIONS.SECRETS}
             hasReadScope={scopes.includes(OAuthScope.SECRETS_READ)}
             hasWriteScope={scopes.includes(OAuthScope.SECRETS_WRITE)}
           />
           <ScopeSection
-            description="access to storage buckets and files."
+            description={PERMISSIONS_DESCRIPTIONS.STORAGE}
             hasReadScope={scopes.includes(OAuthScope.STORAGE_READ)}
             hasWriteScope={scopes.includes(OAuthScope.STORAGE_WRITE)}
           />
@@ -138,5 +140,3 @@ const AuthorizeRequesterDetails = ({
     </div>
   )
 }
-
-export default AuthorizeRequesterDetails
diff --git a/apps/studio/components/interfaces/Organization/OAuthApps/OAuthApps.constants.ts b/apps/studio/components/interfaces/Organization/OAuthApps/OAuthApps.constants.ts
@@ -0,0 +1,15 @@
+export const PERMISSIONS_DESCRIPTIONS = {
+  ANALYTICS: 'access to analytics logs.',
+  AUTH: 'access to auth configurations and SSO providers.',
+  DATABASE:
+    'access to Postgres configurations, SQL snippets, SSL enforcement configurations and Typescript schema types.',
+  DOMAINS: 'access to custom domains and vanity subdomains.',
+  EDGE_FUNCTIONS: 'access to edge functions.',
+  ENVIRONMENT: 'access to environments/branches.',
+  ORGANIZATIONS: 'access to the organization and all its members.',
+  PROJECTS:
+    "access to creation and deletion of projects, each project's metadata, upgrade status, network restrictions and network bans.",
+  REST: 'access to PostgREST configurations.',
+  SECRETS: 'access to API keys, secrets and pgsodium configurations.',
+  STORAGE: 'access to storage buckets and files.',
+}
diff --git a/apps/studio/components/interfaces/Organization/OAuthApps/PublishAppSidePanel/Scopes.tsx b/apps/studio/components/interfaces/Organization/OAuthApps/PublishAppSidePanel/Scopes.tsx
@@ -11,6 +11,7 @@ import {
   DropdownMenuSeparator,
   DropdownMenuTrigger,
 } from 'ui'
+import { PERMISSIONS_DESCRIPTIONS } from '../OAuthApps.constants'
 
 const ScopeDropdownCheckboxItem = ({
   children,
@@ -66,12 +67,12 @@ const Scope = ({
 
   return (
     <div
-      className="flex flex-row justify-between p-4 border first:rounded-t last:rounded-b"
+      className="flex flex-row justify-between p-4 border first:rounded-t last:rounded-b gap-x-2"
       key={title}
     >
       <div className="flex flex-col">
         <span className="text-foreground text-sm">{title}</span>
-        <span className="text-foreground-light text-xs">{description}</span>
+        <span className="text-foreground-light text-xs capitalize-sentence">{description}</span>
       </div>
       <DropdownMenu>
         <DropdownMenuTrigger asChild>
@@ -109,87 +110,87 @@ export const ScopesPanel = ({
     <div className="-space-y-px">
       <Scope
         title="Analytics"
-        description="Analytics logs."
+        description={PERMISSIONS_DESCRIPTIONS.ANALYTICS}
         readScopeName={OAuthScope.ANALYTICS_READ}
         writeScopeName={OAuthScope.ANALYTICS_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Auth"
-        description="Auth configurations and SSO providers."
+        description={PERMISSIONS_DESCRIPTIONS.AUTH}
         readScopeName={OAuthScope.AUTH_READ}
         writeScopeName={OAuthScope.AUTH_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Database"
-        description="Postgres configurations, SQL snippets, SSL enforcement configurations and Typescript schema types."
+        description={PERMISSIONS_DESCRIPTIONS.DATABASE}
         readScopeName={OAuthScope.DATABASE_READ}
         writeScopeName={OAuthScope.DATABASE_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Domains"
-        description="Custom domains and vanity subdomains."
+        description={PERMISSIONS_DESCRIPTIONS.DOMAINS}
         readScopeName={OAuthScope.DOMAINS_READ}
         writeScopeName={OAuthScope.DOMAINS_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Edge Functions"
-        description="Edge functions."
+        description={PERMISSIONS_DESCRIPTIONS.EDGE_FUNCTIONS}
         readScopeName={OAuthScope.EDGE_FUNCTIONS_READ}
         writeScopeName={OAuthScope.EDGE_FUNCTIONS_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Environment"
-        description="Environments/branches."
+        description={PERMISSIONS_DESCRIPTIONS.ENVIRONMENT}
         readScopeName={OAuthScope.ENVIRONMENT_READ}
         writeScopeName={OAuthScope.ENVIRONMENT_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Organizations"
-        description="Organizations and all its members."
+        description={PERMISSIONS_DESCRIPTIONS.ORGANIZATIONS}
         readScopeName={OAuthScope.ORGANIZATIONS_READ}
         writeScopeName={OAuthScope.ORGANIZATIONS_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Projects"
-        description="Metadata, upgrade status, network restrictions and network bans."
+        description={PERMISSIONS_DESCRIPTIONS.PROJECTS}
         readScopeName={OAuthScope.PROJECTS_READ}
         writeScopeName={OAuthScope.PROJECTS_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="REST"
-        description="PostgREST configurations."
+        description={PERMISSIONS_DESCRIPTIONS.REST}
         readScopeName={OAuthScope.REST_READ}
         writeScopeName={OAuthScope.REST_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Secrets"
-        description="API keys, secrets and pgsodium configurations."
+        description={PERMISSIONS_DESCRIPTIONS.SECRETS}
         readScopeName={OAuthScope.SECRETS_READ}
         writeScopeName={OAuthScope.SECRETS_WRITE}
         scopes={scopes}
         setScopes={setScopes}
       />
       <Scope
         title="Storage"
-        description="Storage buckets and files."
+        description={PERMISSIONS_DESCRIPTIONS.STORAGE}
         readScopeName={OAuthScope.STORAGE_READ}
         writeScopeName={OAuthScope.STORAGE_WRITE}
         scopes={scopes}
diff --git a/apps/studio/components/interfaces/Organization/OAuthApps/PublishAppSidePanel/index.tsx b/apps/studio/components/interfaces/Organization/OAuthApps/PublishAppSidePanel/index.tsx
@@ -26,7 +26,7 @@ import {
   SidePanel,
   cn,
 } from 'ui'
-import AuthorizeRequesterDetails from '../AuthorizeRequesterDetails'
+import { AuthorizeRequesterDetails } from '../AuthorizeRequesterDetails'
 import { OAuthSecrets } from '../OAuthSecrets/OAuthSecrets'
 import { ScopesPanel } from './Scopes'
 
diff --git a/apps/studio/components/interfaces/Organization/ProjectClaim/confirm.tsx b/apps/studio/components/interfaces/Organization/ProjectClaim/confirm.tsx
@@ -1,10 +1,10 @@
 import { OAuthScope } from '@supabase/shared-types/out/constants'
+import { useQueryClient } from '@tanstack/react-query'
 import { CheckCircle2, ChevronRight, ChevronsLeftRight } from 'lucide-react'
 import Image from 'next/image'
 import { useRouter } from 'next/router'
 import { toast } from 'sonner'
 
-import { useQueryClient } from '@tanstack/react-query'
 import { useParams } from 'common'
 import { useApiAuthorizationApproveMutation } from 'data/api-authorization/api-authorization-approve-mutation'
 import { ApiAuthorizationResponse } from 'data/api-authorization/api-authorization-query'
@@ -22,6 +22,7 @@ import {
 } from 'ui'
 import { Admonition } from 'ui-patterns/admonition'
 import { ScopeSection } from '../OAuthApps/AuthorizeRequesterDetails'
+import { PERMISSIONS_DESCRIPTIONS } from '../OAuthApps/OAuthApps.constants'
 import { ProjectClaimLayout } from './layout'
 
 export const ProjectClaimConfirm = ({
@@ -188,57 +189,57 @@ export const ProjectClaimConfirm = ({
               >
                 <div>
                   <ScopeSection
-                    description="access to analytics logs."
+                    description={PERMISSIONS_DESCRIPTIONS.ANALYTICS}
                     hasReadScope={requester.scopes.includes(OAuthScope.ANALYTICS_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.ANALYTICS_WRITE)}
                   />
                   <ScopeSection
-                    description="access to auth configurations and SSO providers."
+                    description={PERMISSIONS_DESCRIPTIONS.AUTH}
                     hasReadScope={requester.scopes.includes(OAuthScope.AUTH_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.AUTH_WRITE)}
                   />
                   <ScopeSection
-                    description="access to Postgres configurations, SQL snippets, SSL enforcement configurations and Typescript schema types."
+                    description={PERMISSIONS_DESCRIPTIONS.DATABASE}
                     hasReadScope={requester.scopes.includes(OAuthScope.DATABASE_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.DATABASE_WRITE)}
                   />
                   <ScopeSection
-                    description="access to custom domains and vanity subdomains."
+                    description={PERMISSIONS_DESCRIPTIONS.DOMAINS}
                     hasReadScope={requester.scopes.includes(OAuthScope.DOMAINS_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.DOMAINS_WRITE)}
                   />
                   <ScopeSection
-                    description="access to edge functions."
+                    description={PERMISSIONS_DESCRIPTIONS.EDGE_FUNCTIONS}
                     hasReadScope={requester.scopes.includes(OAuthScope.EDGE_FUNCTIONS_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.EDGE_FUNCTIONS_WRITE)}
                   />
                   <ScopeSection
-                    description="access to environments/branches."
+                    description={PERMISSIONS_DESCRIPTIONS.ENVIRONMENT}
                     hasReadScope={requester.scopes.includes(OAuthScope.ENVIRONMENT_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.ENVIRONMENT_WRITE)}
                   />
                   <ScopeSection
-                    description="access to the organization and all its members."
+                    description={PERMISSIONS_DESCRIPTIONS.ORGANIZATIONS}
                     hasReadScope={requester.scopes.includes(OAuthScope.ORGANIZATIONS_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.ORGANIZATIONS_WRITE)}
                   />
                   <ScopeSection
-                    description="access to metadata, its upgrade status, network restrictions and network bans."
+                    description={PERMISSIONS_DESCRIPTIONS.PROJECTS}
                     hasReadScope={requester.scopes.includes(OAuthScope.PROJECTS_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.PROJECTS_WRITE)}
                   />
                   <ScopeSection
-                    description="access to PostgREST configurations."
+                    description={PERMISSIONS_DESCRIPTIONS.REST}
                     hasReadScope={requester.scopes.includes(OAuthScope.REST_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.REST_WRITE)}
                   />
                   <ScopeSection
-                    description="access to API keys, secrets and pgsodium configurations."
+                    description={PERMISSIONS_DESCRIPTIONS.SECRETS}
                     hasReadScope={requester.scopes.includes(OAuthScope.SECRETS_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.SECRETS_WRITE)}
                   />
                   <ScopeSection
-                    description="access to storage buckets and files."
+                    description={PERMISSIONS_DESCRIPTIONS.STORAGE}
                     hasReadScope={requester.scopes.includes(OAuthScope.STORAGE_READ)}
                     hasWriteScope={requester.scopes.includes(OAuthScope.STORAGE_WRITE)}
                   />
diff --git a/apps/studio/pages/authorize.tsx b/apps/studio/pages/authorize.tsx
@@ -6,7 +6,7 @@ import { useEffect, useState } from 'react'
 import { toast } from 'sonner'
 
 import { useParams } from 'common'
-import AuthorizeRequesterDetails from 'components/interfaces/Organization/OAuthApps/AuthorizeRequesterDetails'
+import { AuthorizeRequesterDetails } from 'components/interfaces/Organization/OAuthApps/AuthorizeRequesterDetails'
 import APIAuthorizationLayout from 'components/layouts/APIAuthorizationLayout'
 import { FormPanel } from 'components/ui/Forms/FormPanel'
 import ShimmeringLoader from 'components/ui/ShimmeringLoader'
