Address MR review comments

app/graphql/mutations/ci/runners_registration_token/reset.rb

@@ -6,7 +6,7 @@ module Mutations
       class Reset < BaseMutation
         graphql_name 'RunnersRegistrationTokenReset'
 
-        authorize :reset_runners_registration_token
+        authorize :update_runners_registration_token
 
         argument :full_path, GraphQL::ID_TYPE,
           required: false,
@@ -18,22 +18,8 @@ module Mutations
           description: 'The runner token after mutation.'
 
         def resolve(**args)
-          full_path = args[:full_path]
-          scope = full_path.blank? ? :global : authorized_find!(full_path: full_path)
-
-          if scope == :global
-            authorize!(scope)
-
-            ApplicationSetting.current.reset_runners_registration_token!
-
-            token = ApplicationSetting.current.runners_registration_token
-          else
-            scope.reset_runners_token!
-            token = scope.runners_token
-          end
-
           {
-            token: token,
+            token: reset_token(args[:full_path]),
             errors: []
           }
         end
@@ -45,6 +31,19 @@ module Mutations
 
           GitlabSchema.object_from_id(full_path, expected_type: [::Project, ::Group])
         end
+
+        def reset_token(full_path)
+          if full_path.blank?
+            authorize!(:global)
+
+            ApplicationSetting.current.reset_runners_registration_token!
+            ApplicationSetting.current_without_cache.runners_registration_token
+          else
+            project_or_group = authorized_find!(full_path: full_path)
+            project_or_group.reset_runners_token!
+            project_or_group.runners_token
+          end
+        end
       end
     end
   end

app/policies/global_policy.rb

@@ -115,7 +115,7 @@ class GlobalPolicy < BasePolicy
     enable :approve_user
     enable :reject_user
     enable :read_usage_trends_measurement
-    enable :reset_runners_registration_token
+    enable :update_runners_registration_token
   end
 
   # We can't use `read_statistics` because the user may have different permissions for different projects

app/policies/group_policy.rb

@@ -144,7 +144,7 @@ class GroupPolicy < BasePolicy
     enable :admin_cluster
     enable :read_deploy_token
     enable :create_jira_connect_subscription
-    enable :reset_runners_registration_token
+    enable :update_runners_registration_token
   end
 
   rule { owner }.policy do

app/policies/project_policy.rb

@@ -419,7 +419,7 @@ class ProjectPolicy < BasePolicy
     enable :update_freeze_period
     enable :destroy_freeze_period
     enable :admin_feature_flags_client
-    enable :reset_runners_registration_token
+    enable :update_runners_registration_token
   end
 
   rule { public_project & metrics_dashboard_allowed }.policy do

spec/requests/api/graphql/mutations/ci/runners_registration_token/reset_spec.rb

@@ -6,10 +6,7 @@ RSpec.describe 'RunnersRegistrationTokenReset' do
   include GraphqlHelpers
 
   let(:mutation) { graphql_mutation(:runners_registration_token_reset, input) }
-
-  def mutation_response
-    graphql_mutation_response(:runners_registration_token_reset)
-  end
+  let(:mutation_response) { graphql_mutation_response(:runners_registration_token_reset) }
 
   subject { post_graphql_mutation(mutation, current_user: user) }
 
@@ -19,6 +16,7 @@ RSpec.describe 'RunnersRegistrationTokenReset' do
 
       expect(graphql_errors).not_to be_empty
       expect(graphql_errors).to include(a_hash_including('message' => "The resource that you are attempting to access does not exist or you don't have permission to perform this action"))
+      expect(mutation_response).to be_nil
     end
   end