diff options
Diffstat (limited to 'app/policies/ci/build_policy.rb')
-rw-r--r-- | app/policies/ci/build_policy.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb index fc154e6b465..73e4cbee54a 100644 --- a/app/policies/ci/build_policy.rb +++ b/app/policies/ci/build_policy.rb @@ -81,7 +81,7 @@ module Ci # Authorizing the user to access to protected entities. # There is a "jailbreak" mode to exceptionally bypass the authorization, # however, you should NEVER allow it, rather suspect it's a wrong feature/product design. - rule { ~can?(:jailbreak) & (archived | protected_ref | protected_environment) }.policy do + rule { ~can?(:jailbreak) & (archived | (protected_ref & ~admin) | protected_environment) }.policy do prevent :update_build prevent :update_commit_status prevent :erase_build |