[Fix] Only admin account can create API tokens (alexjustesen#2397)

Co-authored-by: Alex Justesen <[email protected]>

Author: alexjustesen

app/Filament/Resources/ApiTokens/ApiTokenResource.php

@@ -8,6 +8,7 @@
 use Filament\Resources\Resource;
 use Filament\Schemas\Schema;
 use Filament\Tables\Table;
+use Illuminate\Support\Facades\Auth;
 use Laravel\Sanctum\PersonalAccessToken;
 
 class ApiTokenResource extends Resource
@@ -22,6 +23,16 @@ class ApiTokenResource extends Resource
 
     protected static ?string $pluralLabel = 'API Tokens';
 
+    public static function canAccess(): bool
+    {
+        return Auth::check() && Auth::user()->is_admin;
+    }
+
+    public static function shouldRegisterNavigation(): bool
+    {
+        return Auth::check() && Auth::user()->is_admin;
+    }
+
     public static function form(Schema $schema): Schema
     {
         return $schema->components(ApiTokenForm::schema());