diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index a12b4d393d7146c8f99942fbf536a2c0da8d1257..d37890de9aea2732087abb65697e39fdeaed0a3d 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -199,7 +199,9 @@ describe Gitlab::GitAccess, lib: true do
 
     def stub_git_hooks
       # Running the `pre-receive` hook is expensive, and not necessary for this test.
-      allow_any_instance_of(GitHooksService).to receive(:execute).and_yield
+      allow_any_instance_of(GitHooksService).to receive(:execute) do |service, &block|
+        block.call(service)
+      end
     end
 
     def merge_into_protected_branch
@@ -232,11 +234,18 @@ describe Gitlab::GitAccess, lib: true do
             else
               project.team << [user, role]
             end
+          end
+
+          permissions_matrix[role].each do |action, allowed|
+            context action do
+              subject { access.send(:check_push_access!, changes[action]) }
 
-            permissions_matrix[role].each do |action, allowed|
-              context action do
-                subject { access.send(:check_push_access!, changes[action]) }
-                it { expect(subject.allowed?).to allowed ? be_truthy : be_falsey }
+              it do
+                if allowed
+                  expect { subject }.not_to raise_error
+                else
+                  expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError)
+                end
               end
             end
           end