Adjust update_runners_registration_token permission

The permissions for the registration token weren't consistent with every other permissions related to the runner. It's now required to be a group owner instead of maintainer. Changelog: changed

Adjust update_runners_registration_token permission
The permissions for the registration token weren't consistent with every other permissions related to the runner. It's now required to be a group owner instead of maintainer. Changelog: changed
6182eecf · dcouture · Douglas Barbosa Alexandre · d59ee459 · 6182eecf · 6182eecf
Commit 6182eecf authored Oct 07, 2021 by dcouture Committed by Douglas Barbosa Alexandre Oct 14, 2021
4 changed files
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -163,7 +163,6 @@ class GroupPolicy < BasePolicy
    enable :admin_cluster
    enable :read_deploy_token
    enable :create_jira_connect_subscription
-    enable :update_runners_registration_token
    enable :maintainer_access
  end
@@ -180,6 +179,7 @@ class GroupPolicy < BasePolicy
    enable :update_default_branch_protection
    enable :create_deploy_token
    enable :destroy_deploy_token
+    enable :update_runners_registration_token
    enable :owner_access
  end

--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -1005,7 +1005,7 @@ RSpec.describe GroupPolicy do
    context 'with maintainer' do
      let(:current_user) { maintainer }
-      it { is_expected.to be_allowed(:update_runners_registration_token) }
+      it { is_expected.to be_disallowed(:update_runners_registration_token) }
    end
    context 'with reporter' do

--- a/spec/requests/api/ci/runners_reset_registration_token_spec.rb
+++ b/spec/requests/api/ci/runners_reset_registration_token_spec.rb
@@ -118,7 +118,7 @@ RSpec.describe API::Ci::Runners do
      end
      include_context 'when authorized', 'group' do
-        let_it_be(:user) { create_default(:group_member, :maintainer, user: create(:user), group: group ).user }
+        let_it_be(:user) { create_default(:group_member, :owner, user: create(:user), group: group ).user }
        def get_token
          group.reload.runners_token

--- a/spec/requests/api/graphql/mutations/ci/runners_registration_token/reset_spec.rb
+++ b/spec/requests/api/graphql/mutations/ci/runners_registration_token/reset_spec.rb
@@ -89,7 +89,7 @@ RSpec.describe 'RunnersRegistrationTokenReset' do
    end
    include_context 'when authorized', 'group' do
-      let_it_be(:user) { create_default(:group_member, :maintainer, user: create(:user), group: group ).user }
+      let_it_be(:user) { create_default(:group_member, :owner, user: create(:user), group: group ).user }
      def get_token
        group.reload.runners_token