Add more permissions for managing auth key access.

Closes #3261708

src/Form/UserKeyAuthForm.php

@@ -134,18 +134,21 @@ class UserKeyAuthForm extends FormBase {
       ];
     }
 
-    $form['actions'] = [
-      'new' => [
-        '#type' => 'submit',
-        '#value' => $this->t('Generate new key'),
-      ],
-      'delete' => [
-        '#type' => 'submit',
-        '#value' => $this->t('Delete current key'),
-        '#access' => (bool) $key,
-        '#submit' => ['::deleteKey'],
-      ],
-    ];
+    if ($user->id() == $this->currentUser()->id() && $this->currentUser()->hasPermission('manage own auth keys')
+      || $this->currentUser()->hasPermission('manage any auth keys')) {
+      $form['actions'] = [
+        'new' => [
+          '#type' => 'submit',
+          '#value' => $this->t('Generate new key'),
+        ],
+        'delete' => [
+          '#type' => 'submit',
+          '#value' => $this->t('Delete current key'),
+          '#access' => (bool) $key,
+          '#submit' => ['::deleteKey'],
+        ],
+      ];
+    }
 
     return $form;
   }
@@ -192,10 +195,10 @@ class UserKeyAuthForm extends FormBase {
     // Check if the user being edited is not the current user.
     if ($user->id() != $current_user->id()) {
       // Check admin-access.
-      $access = AccessResult::allowedIfHasPermission($current_user, 'administer users');
+      $access = AccessResult::allowedIfHasPermissions($current_user, ['manage any auth keys'], 'OR');
     }
     else {
-      $access = AccessResult::allowedIf($this->keyAuth->access($current_user));
+      $access = AccessResult::allowedIfHasPermissions($current_user, ['manage any auth keys', 'view own auth keys'], 'OR');
     }
 
     // Add caching.