From f0d63bed22163247357fac9a0dc38b35dc991ea0 Mon Sep 17 00:00:00 2001
From: Peter Stockings <pstockings@jadeworld.com>
Date: Thu, 20 Nov 2025 19:44:00 +1100
Subject: [PATCH] Allow creation of api keys scoped to functions

---
 routes/settings.py                         |  8 ++++++--
 templates/dashboard/settings/api_keys.html | 16 ++++++++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/routes/settings.py b/routes/settings.py
index 74395c8..481b2bd 100644
--- a/routes/settings.py
+++ b/routes/settings.py
@@ -18,14 +18,18 @@ def api_keys():
         if isinstance(key['scopes'], str):
             key['scopes'] = json.loads(key['scopes'])
             
+    # Fetch user's functions for scoping
+    functions = db.get_http_functions_for_user(user_id)
+
     if htmx:
         return render_block(
             environment, 
             "dashboard/settings/api_keys.html", 
             "page", 
-            api_keys=api_keys
+            api_keys=api_keys,
+            functions=functions
         )
-    return render_template("dashboard/settings/api_keys.html", api_keys=api_keys)
+    return render_template("dashboard/settings/api_keys.html", api_keys=api_keys, functions=functions)
 
 @settings.route("/api-keys", methods=["POST"])
 @login_required
diff --git a/templates/dashboard/settings/api_keys.html b/templates/dashboard/settings/api_keys.html
index ff13a6c..e82699c 100644
--- a/templates/dashboard/settings/api_keys.html
+++ b/templates/dashboard/settings/api_keys.html
@@ -96,9 +96,21 @@
                             class="rounded border-gray-300 text-blue-600 focus:ring-blue-500">
                         <span class="ml-2 text-sm text-gray-600 dark:text-gray-400">Full Access (*)</span>
                     </label>
-                    <!-- Future: Add function specific scopes here -->
+
+                    <div class="mt-3 border-t pt-3">
+                        <p class="text-xs font-medium text-gray-500 mb-2">Or limit to specific functions:</p>
+                        <div class="max-h-40 overflow-y-auto space-y-2 pl-1">
+                            {% for function in functions %}
+                            <label class="flex items-center">
+                                <input type="checkbox" name="scopes" value="function:{{ function.id }}"
+                                    class="rounded border-gray-300 text-blue-600 focus:ring-blue-500">
+                                <span class="ml-2 text-sm text-gray-600 dark:text-gray-400">{{ function.name }}</span>
+                            </label>
+                            {% endfor %}
+                        </div>
+                    </div>
                 </div>
-                <p class="mt-1 text-xs text-gray-500">Currently only full access is supported via UI.</p>
+                <p class="mt-1 text-xs text-gray-500">Select "Full Access" or specific functions.</p>
             </div>
 
             <div class="flex justify-end space-x-3">