From a0fde4af8e107fbd9acb498e4bc96eb18a0f9d29 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 29 Apr 2022 08:21:56 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-8-stable-ee

---
 app/policies/ci/pipeline_schedule_policy.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'app/policies/ci/pipeline_schedule_policy.rb')

diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb
index 2ef5ffd6a5a..3a674bfef92 100644
--- a/app/policies/ci/pipeline_schedule_policy.rb
+++ b/app/policies/ci/pipeline_schedule_policy.rb
@@ -15,11 +15,14 @@ module Ci
     rule { can?(:create_pipeline) }.enable :play_pipeline_schedule
 
     rule { can?(:admin_pipeline) | (can?(:update_build) & owner_of_schedule) }.policy do
-      enable :update_pipeline_schedule
       enable :admin_pipeline_schedule
       enable :read_pipeline_schedule_variables
     end
 
+    rule { admin | (owner_of_schedule & can?(:update_build)) }.policy do
+      enable :update_pipeline_schedule
+    end
+
     rule { can?(:admin_pipeline_schedule) & ~owner_of_schedule }.policy do
       enable :take_ownership_pipeline_schedule
     end
-- 
cgit v1.2.1