From 27a5080c34c64a84219d855d652b994c5e344a0a Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 3 May 2023 15:12:58 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 app/policies/ci/build_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/policies')

diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb
index fc154e6b465..73e4cbee54a 100644
--- a/app/policies/ci/build_policy.rb
+++ b/app/policies/ci/build_policy.rb
@@ -81,7 +81,7 @@ module Ci
     # Authorizing the user to access to protected entities.
     # There is a "jailbreak" mode to exceptionally bypass the authorization,
     # however, you should NEVER allow it, rather suspect it's a wrong feature/product design.
-    rule { ~can?(:jailbreak) & (archived | protected_ref | protected_environment) }.policy do
+    rule { ~can?(:jailbreak) & (archived | (protected_ref & ~admin) | protected_environment) }.policy do
       prevent :update_build
       prevent :update_commit_status
       prevent :erase_build
-- 
cgit v1.2.3