[WEB-4327] Chore PAT permissions (#7224)

* chore: improved pat permissions

* fix: err message

* fix: removed permission from backend

* [WEB-4330] refactor: update API token endpoints to use user context instead of workspace slug

- Changed URL patterns for API token endpoints to use "users/api-tokens/" instead of "workspaces/<str:slug>/api-tokens/".
- Refactored ApiTokenEndpoint methods to remove workspace slug parameter and adjust database queries accordingly.
- Added new test cases for API token creation, retrieval, deletion, and updates, including support for bot users and minimal data submissions.

* fix: removed workspace slug from api-tokens

* fix: refactor

* chore: url.py code rabbit suggestion

* fix: APITokenService moved to package

---------

Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>

packages/services/src/developer/api-token.service.ts

@@ -9,12 +9,11 @@ export class APITokenService extends APIService {
 
   /**
    * Retrieves all API tokens for a specific workspace
-   * @param {string} workspaceSlug - The unique identifier for the workspace
    * @returns {Promise<IApiToken[]>} Array of API tokens associated with the workspace
    * @throws {Error} Throws response data if the request fails
    */
-  async list(workspaceSlug: string): Promise<IApiToken[]> {
-    return this.get(`/api/workspaces/${workspaceSlug}/api-tokens/`)
+  async list(): Promise<IApiToken[]> {
+    return this.get(`/api/users/api-tokens/`)
       .then((response) => response?.data)
       .catch((error) => {
         throw error?.response?.data;
@@ -23,13 +22,12 @@ export class APITokenService extends APIService {
 
   /**
    * Retrieves a specific API token by its ID
-   * @param {string} workspaceSlug - The unique identifier for the workspace
    * @param {string} tokenId - The unique identifier of the API token
    * @returns {Promise<IApiToken>} The requested API token's details
    * @throws {Error} Throws response data if the request fails
    */
-  async retrieve(workspaceSlug: string, tokenId: string): Promise<IApiToken> {
-    return this.get(`/api/workspaces/${workspaceSlug}/api-tokens/${tokenId}`)
+  async retrieve(tokenId: string): Promise<IApiToken> {
+    return this.get(`/api/users/api-tokens/${tokenId}`)
       .then((response) => response?.data)
       .catch((error) => {
         throw error?.response?.data;
@@ -38,13 +36,12 @@ export class APITokenService extends APIService {
 
   /**
    * Creates a new API token for a workspace
-   * @param {string} workspaceSlug - The unique identifier for the workspace
    * @param {Partial<IApiToken>} data - The data for creating the new API token
    * @returns {Promise<IApiToken>} The newly created API token
    * @throws {Error} Throws response data if the request fails
    */
-  async create(workspaceSlug: string, data: Partial<IApiToken>): Promise<IApiToken> {
-    return this.post(`/api/workspaces/${workspaceSlug}/api-tokens/`, data)
+  async create(data: Partial<IApiToken>): Promise<IApiToken> {
+    return this.post(`/api/users/api-tokens/`, data)
       .then((response) => response?.data)
       .catch((error) => {
         throw error?.response?.data;
@@ -53,13 +50,12 @@ export class APITokenService extends APIService {
 
   /**
    * Deletes a specific API token from the workspace
-   * @param {string} workspaceSlug - The unique identifier for the workspace
    * @param {string} tokenId - The unique identifier of the API token to delete
    * @returns {Promise<IApiToken>} The deleted API token's details
    * @throws {Error} Throws response data if the request fails
    */
-  async destroy(workspaceSlug: string, tokenId: string): Promise<IApiToken> {
-    return this.delete(`/api/workspaces/${workspaceSlug}/api-tokens/${tokenId}`)
+  async destroy(tokenId: string): Promise<IApiToken> {
+    return this.delete(`/api/users/api-tokens/${tokenId}`)
       .then((response) => response?.data)
       .catch((error) => {
         throw error?.response?.data;