Rename can_push_or_merge_to_branch? to can_update_branch?

Also make sure pipeline would also check against tag as well

2 files changed, 8 insertions, 4 deletions

diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb
index 00adb51e7de..00f18d0155b 100644
--- a/app/policies/ci/build_policy.rb
+++ b/app/policies/ci/build_policy.rb
@@ -6,7 +6,7 @@ module Ci
       if @subject.tag?
         !access.can_create_tag?(@subject.ref)
       else
-        !access.can_push_or_merge_to_branch?(@subject.ref)
+        !access.can_update_branch?(@subject.ref)
       end
     end
 
diff --git a/app/policies/ci/pipeline_policy.rb b/app/policies/ci/pipeline_policy.rb
index 8dba28b8d97..07d724c9cfd 100644
--- a/app/policies/ci/pipeline_policy.rb
+++ b/app/policies/ci/pipeline_policy.rb
@@ -3,9 +3,13 @@ module Ci
     delegate { @subject.project }
 
     condition(:user_cannot_update) do
-      !::Gitlab::UserAccess
-        .new(@user, project: @subject.project)
-        .can_push_or_merge_to_branch?(@subject.ref)
+      access = ::Gitlab::UserAccess.new(@user, project: @subject.project)
+
+      if @subject.tag?
+        !access.can_create_tag?(@subject.ref)
+      else
+        !access.can_update_branch?(@subject.ref)
+      end
     end
 
     rule { user_cannot_update }.prevent :update_pipeline