diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
index 9be470660e6cd85f70fc6c235f6154c6a8b3520e..848f2b4e314e1eb4344bef0f99c4d91e15bff45d 100644
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -8,14 +8,6 @@ module Ci
 
     private
 
-    def authenticate_public_page!
-      unless project.public
-        authenticate_user!
-
-        return access_denied! unless can?(current_user, :read_project, gl_project)
-      end
-    end
-
     def authenticate_token!
       unless project.valid_token?(params[:token])
         return head(403)
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index ad0adc178665b686c076a96417bf5495cac5d09b..7d72e0b951b5108e684de7174e53dca41337cfdb 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -2,7 +2,7 @@ class Projects::BuildsController < Projects::ApplicationController
   before_action :ci_project
   before_action :build, except: [:index, :cancel_all]
 
-  before_action :authorize_admin_project!, except: [:index, :show, :status]
+  before_action :authorize_manage_builds!, except: [:index, :show, :status]
 
   layout "project"
 
@@ -74,4 +74,10 @@ class Projects::BuildsController < Projects::ApplicationController
   def build_path(build)
     namespace_project_build_path(build.gl_project.namespace, build.gl_project, build)
   end
+
+  def authorize_manage_builds!
+    unless can?(current_user, :manage_builds, project)
+      return page_404
+    end
+  end
 end
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 7886f3c6deb20545a6231c026eb9bbffa64dff5c..878c3a66e7df2820906d9fedc2d56875e5b3536c 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -4,7 +4,8 @@
 class Projects::CommitController < Projects::ApplicationController
   # Authorize
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_download_code!, except: [:cancel_builds]
+  before_action :authorize_manage_builds!, only: [:cancel_builds]
   before_action :commit
 
   def show
@@ -55,4 +56,12 @@ class Projects::CommitController < Projects::ApplicationController
   def commit
     @commit ||= @project.commit(params[:id])
   end
+
+  private
+
+  def authorize_manage_builds!
+    unless can?(current_user, :manage_builds, project)
+      return page_404
+    end
+  end
 end