From 8daef631cfc69f9d9290ded5a086989c9a5046ef Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Fri, 19 Dec 2025 05:39:06 +0100
Subject: [PATCH] Adress all reviewer feedback

---
 models/actions/config.go                     |  2 +-
 models/repo/repo_unit.go                     | 30 +++------
 templates/org/settings/actions_general.tmpl  | 67 +++++++-------------
 templates/repo/settings/actions_general.tmpl | 67 +++++++-------------
 web_src/js/features/repo-settings-actions.ts | 24 +++++++
 web_src/js/index-domready.ts                 |  2 +
 6 files changed, 85 insertions(+), 107 deletions(-)
 create mode 100644 web_src/js/features/repo-settings-actions.ts

diff --git a/models/actions/config.go b/models/actions/config.go
index bb04f8a3ca..7bd64b74d4 100644
--- a/models/actions/config.go
+++ b/models/actions/config.go
@@ -1,4 +1,4 @@
-// Copyright 2024 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package actions
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 4c3b212f7b..e84a52439c 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -196,8 +196,8 @@ type ActionsTokenPermissions struct {
 	Wiki perm.AccessMode `json:"wiki"`
 }
 
-// HasRead checks if the permission has read access for the given scope
-func (p ActionsTokenPermissions) HasRead(scope string) bool {
+// HasAccess checks if the permission meets the required access level for the given scope
+func (p ActionsTokenPermissions) HasAccess(scope string, required perm.AccessMode) bool {
 	var mode perm.AccessMode
 	switch scope {
 	case "actions":
@@ -213,27 +213,17 @@ func (p ActionsTokenPermissions) HasRead(scope string) bool {
 	case "wiki":
 		mode = p.Wiki
 	}
-	return mode >= perm.AccessModeRead
+	return mode >= required
 }
 
-// HasWrite checks if the permission has write access for the given scope
+// HasRead checks if the permission has read access for the given scope (convenience wrapper for templates)
+func (p ActionsTokenPermissions) HasRead(scope string) bool {
+	return p.HasAccess(scope, perm.AccessModeRead)
+}
+
+// HasWrite checks if the permission has write access for the given scope (convenience wrapper for templates)
 func (p ActionsTokenPermissions) HasWrite(scope string) bool {
-	var mode perm.AccessMode
-	switch scope {
-	case "actions":
-		mode = p.Actions
-	case "contents":
-		mode = p.Contents
-	case "issues":
-		mode = p.Issues
-	case "packages":
-		mode = p.Packages
-	case "pull_requests":
-		mode = p.PullRequests
-	case "wiki":
-		mode = p.Wiki
-	}
-	return mode >= perm.AccessModeWrite
+	return p.HasAccess(scope, perm.AccessModeWrite)
 }
 
 // DefaultActionsTokenPermissions returns the default permissions for permissive mode
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index 4c3c5cd266..e56925bcff 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -43,11 +43,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "actions.actions"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="actions_read" {{if call $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
+										<input type="checkbox" name="actions_read" {{if $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="actions_write" {{if call $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
+										<input type="checkbox" name="actions_write" {{if $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -57,11 +57,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.contents"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="contents_read" {{if call $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
+										<input type="checkbox" name="contents_read" {{if $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="contents_write" {{if call $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
+										<input type="checkbox" name="contents_write" {{if $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -71,11 +71,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.issues"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="issues_read" {{if call $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
+										<input type="checkbox" name="issues_read" {{if $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="issues_write" {{if call $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
+										<input type="checkbox" name="issues_write" {{if $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -85,11 +85,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.packages"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="packages_read" {{if call $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
+										<input type="checkbox" name="packages_read" {{if $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="packages_write" {{if call $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
+										<input type="checkbox" name="packages_write" {{if $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -99,11 +99,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.pull_requests"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="pull_requests_read" {{if call $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+										<input type="checkbox" name="pull_requests_read" {{if $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="pull_requests_write" {{if call $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+										<input type="checkbox" name="pull_requests_write" {{if $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -113,11 +113,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.wiki"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="wiki_read" {{if call $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
+										<input type="checkbox" name="wiki_read" {{if $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="wiki_write" {{if call $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+										<input type="checkbox" name="wiki_write" {{if $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -148,11 +148,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_read" {{if call $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_read" {{if $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_write" {{if call $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -162,11 +162,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_read" {{if call $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_read" {{if $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_write" {{if call $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -176,11 +176,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_read" {{if call $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_read" {{if $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_write" {{if call $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -190,11 +190,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_read" {{if call $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_read" {{if $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_write" {{if call $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -204,11 +204,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_read" {{if call $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_read" {{if $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_write" {{if call $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -218,11 +218,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_read" {{if call $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_read" {{if $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_write" {{if call $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -232,22 +232,3 @@
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
-
-<script>
-window.addEventListener('load', function() {
-	const customPerms = document.getElementById('custom-permissions');
-	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
-
-	function toggleCustom() {
-		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
-		if (selected && selected.value === 'custom') {
-			customPerms.style.display = 'block';
-		} else {
-			customPerms.style.display = 'none';
-		}
-	}
-
-	radios.forEach(r => r.addEventListener('change', toggleCustom));
-	toggleCustom();
-});
-</script>
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 93d3da6a89..4b801936a7 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -113,11 +113,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "actions.actions"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="actions_read" {{if call $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
+								<input type="checkbox" name="actions_read" {{if $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="actions_write" {{if call $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
+								<input type="checkbox" name="actions_write" {{if $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -127,11 +127,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="contents_read" {{if call $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
+								<input type="checkbox" name="contents_read" {{if $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="contents_write" {{if call $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
+								<input type="checkbox" name="contents_write" {{if $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -141,11 +141,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="issues_read" {{if call $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
+								<input type="checkbox" name="issues_read" {{if $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="issues_write" {{if call $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
+								<input type="checkbox" name="issues_write" {{if $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -155,11 +155,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="packages_read" {{if call $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
+								<input type="checkbox" name="packages_read" {{if $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="packages_write" {{if call $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
+								<input type="checkbox" name="packages_write" {{if $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -169,11 +169,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="pull_requests_read" {{if call $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+								<input type="checkbox" name="pull_requests_read" {{if $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="pull_requests_write" {{if call $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+								<input type="checkbox" name="pull_requests_write" {{if $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -183,11 +183,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="wiki_read" {{if call $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
+								<input type="checkbox" name="wiki_read" {{if $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="wiki_write" {{if call $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+								<input type="checkbox" name="wiki_write" {{if $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -204,11 +204,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_read" {{if call $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_read" {{if $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_write" {{if call $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -218,11 +218,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_read" {{if call $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_read" {{if $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_write" {{if call $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -232,11 +232,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_read" {{if call $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_read" {{if $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_write" {{if call $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -246,11 +246,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_read" {{if call $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_read" {{if $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_write" {{if call $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -260,11 +260,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_read" {{if call $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_read" {{if $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_write" {{if call $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -274,11 +274,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_read" {{if call $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_read" {{if $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_write" {{if call $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -296,22 +296,3 @@
 	</div>
 {{end}}
 </div>
-
-<script>
-window.addEventListener('load', function() {
-	const customPerms = document.getElementById('custom-permissions');
-	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
-
-	function toggleCustom() {
-		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
-		if (selected && selected.value === 'custom') {
-			customPerms.style.display = 'block';
-		} else {
-			customPerms.style.display = 'none';
-		}
-	}
-
-	radios.forEach(r => r.addEventListener('change', toggleCustom));
-	toggleCustom();
-});
-</script>
diff --git a/web_src/js/features/repo-settings-actions.ts b/web_src/js/features/repo-settings-actions.ts
new file mode 100644
index 0000000000..3b0f93ba57
--- /dev/null
+++ b/web_src/js/features/repo-settings-actions.ts
@@ -0,0 +1,24 @@
+export function initRepoSettingsActionsPermissions(): void {
+  const radios = document.querySelectorAll<HTMLInputElement>(
+    'input[name="token_permission_mode"]',
+  );
+  if (!radios.length) return;
+
+  function toggleCustom(): void {
+    const customPerms = document.querySelector<HTMLElement>('#custom-permissions');
+    if (!customPerms) return;
+
+    const selected = document.querySelector<HTMLInputElement>(
+      'input[name="token_permission_mode"]:checked',
+    );
+
+    customPerms.style.display =
+      selected?.value === 'custom' ? 'block' : 'none';
+  }
+
+  for (const radio of radios) {
+    radio.addEventListener('change', toggleCustom);
+  }
+
+  toggleCustom();
+}
diff --git a/web_src/js/index-domready.ts b/web_src/js/index-domready.ts
index 660e5c0989..da1f3f80d0 100644
--- a/web_src/js/index-domready.ts
+++ b/web_src/js/index-domready.ts
@@ -64,6 +64,7 @@ import {initGlobalButtonClickOnEnter, initGlobalButtons, initGlobalDeleteButton}
 import {initGlobalComboMarkdownEditor, initGlobalEnterQuickSubmit, initGlobalFormDirtyLeaveConfirm} from './features/common-form.ts';
 import {callInitFunctions} from './modules/init.ts';
 import {initRepoViewFileTree} from './features/repo-view-file-tree.ts';
+import {initRepoSettingsActionsPermissions} from './features/repo-settings-actions.ts';
 
 const initStartTime = performance.now();
 const initPerformanceTracer = callInitFunctions([
@@ -158,6 +159,7 @@ const initPerformanceTracer = callInitFunctions([
   initOAuth2SettingsDisableCheckbox,
 
   initRepoFileView,
+  initRepoSettingsActionsPermissions,
 ]);
 
 // it must be the last one, then the "querySelectorAll" only needs to be executed once for global init functions.