Adjust update_runners_registration_token permission
What does this MR do and why?
Related to #341311 (closed)
There was an inconsistency detailed in #341311 (comment 684599010) with the update_runners_registration_token
permission that's used when resetting the runner registration token.
This MR makes requires group owner role for update_runners_registration_token
instead of group maintainer to better align with all other runner operations.
Screenshots or screen recordings
N/A
How to set up and validate locally
curl --header "Private-Token: $TOKEN" "http://localhost:3000/api/v4/groups/$GROUPID/runners/reset_registration_token"
It should fail with a group maintainer token and succeed with a group owner token.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Dominic Couture