Define authorize_update_pipeline_schedule and apply to :edit, :take_ownership, :update

app/controllers/projects/pipeline_schedules_controller.rb

@@ -1,11 +1,11 @@
 class Projects::PipelineSchedulesController < Projects::ApplicationController
+  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
+
   before_action :authorize_read_pipeline_schedule!
   before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
   before_action :authorize_update_pipeline_schedule!, only: [:edit, :take_ownership, :update]
   before_action :authorize_admin_pipeline_schedule!, only: [:destroy]
 
-  before_action :schedule, only: [:edit, :update, :destroy, :take_ownership]
-
   def index
     @scope = params[:scope]
     @all_schedules = PipelineSchedulesFinder.new(@project).execute
@@ -33,8 +33,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   end
 
   def update
-    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
-
     if Ci::CreatePipelineScheduleService
         .new(@project, current_user, schedule_params).update(schedule)
       redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project)
@@ -72,4 +70,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
       .permit(:description, :cron, :cron_timezone, :ref, :active,
         variables_attributes: [:id, :key, :value, :_destroy] )
   end
+
+  def authorize_update_pipeline_schedule!
+    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
+  end
 end