diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 09724ae2e92..d66dcad88bd 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -79,18 +79,8 @@ module Gitlab
       oldrev, newrev, ref = change.split(' ')
 
       action = if project.protected_branch?(branch_name(ref))
-                 # we dont allow force push to protected branch
-                 if forced_push?(project, oldrev, newrev)
-                   :force_push_code_to_protected_branches
-                   # and we dont allow remove of protected branch
-                 elsif newrev == Gitlab::Git::BLANK_SHA
-                   :remove_protected_branches
-                 elsif project.developers_can_push_to_protected_branch?(branch_name(ref))
-                   :push_code
-                 else
-                   :push_code_to_protected_branches
-                 end
-               elsif project.repository.tag_names.include?(tag_name(ref))
+                 protected_branch_action(project, oldrev, newrev, branch_name(ref))
+               elsif protected_tag?(tag_name(ref))
                  # Prevent any changes to existing git tag unless user has permissions
                  :admin_project
                else
@@ -110,6 +100,24 @@ module Gitlab
 
     private
 
+    def protected_branch_action(project, oldrev, newrev, branch_name)
+      # we dont allow force push to protected branch
+      if forced_push?(project, oldrev, newrev)
+       :force_push_code_to_protected_branches
+       # and we dont allow remove of protected branch
+      elsif newrev == Gitlab::Git::BLANK_SHA
+       :remove_protected_branches
+      elsif project.developers_can_push_to_protected_branch?(branch_name)
+       :push_code
+      else
+       :push_code_to_protected_branches
+      end
+    end
+
+    def protected_tag?(tag_name)
+      project.repository.tag_names.include?(tag_name)
+    end
+
     def user_allowed?(user)
       Gitlab::UserAccess.allowed?(user)
     end