diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index b3dfafb7b87463c3416d22ff1c5b13317135223e..5e50801eb23644f8c357338c22b57bc42d17e575 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -170,7 +170,7 @@ class Projects::BranchesController < Projects::ApplicationController
 
     confidential_issue_project = Project.find(params[:confidential_issue_project_id])
 
-    return unless can?(current_user, :push_code, confidential_issue_project)
+    return unless can?(current_user, :update_issue, confidential_issue_project)
 
     confidential_issue_project
   end
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index 712c3fa0ffe26ea5721e582873abdccf258f153c..dbc8681eb495fd9de69bb55a0432eef37f658661 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -124,7 +124,7 @@ describe Projects::BranchesController do
             stub_feature_flags(create_confidential_merge_request: true)
           end
 
-          context 'user cannot push code to issue project' do
+          context 'user cannot update issue' do
             let(:issue) { create(:issue, project: confidential_issue_project) }
 
             it 'does not post a system note' do
@@ -134,9 +134,9 @@ describe Projects::BranchesController do
             end
           end
 
-          context 'user can push code to issue project' do
+          context 'user can update issue' do
             before do
-              confidential_issue_project.add_developer(user)
+              confidential_issue_project.add_reporter(user)
             end
 
             context 'issue is under the specified project' do