Let's say I have a gitlab access token (generated and given to an application by a user). I can find if that token can be used to read from a repository by actually trying to read some data and seeing if that operation succeeds.
How do I find whether that token has write permissions (making commits) for a specific repository?
Beside trying a write operation, I don't know of an API which would be able to get the scope of a token.
As this issue illustrates, the scope is what you are looking for: "Limiting scopes of a personal access token"
Check if your token is listed when getting impersonation tokens: that API returns associated scopes.
