module Ci class BuildPolicy < CommitStatusPolicy condition(:protected_action) do next false unless @subject.action? access = ::Gitlab::UserAccess.new(@user, project: @subject.project) !access.can_merge_to_branch?(@subject.ref) || !access.can_create_tag?(@subject.ref) end rule { protected_action }.prevent :update_build end end