diff --git a/server/middleware/repo.go b/server/middleware/repo.go
index f44bc5a1..95ca0289 100644
--- a/server/middleware/repo.go
+++ b/server/middleware/repo.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"net/http"
+	"regexp"
 
 	"github.com/drone/drone/server/datastore"
 	"github.com/goji/context"
@@ -89,6 +90,13 @@ func RequireRepoAdmin(c *web.C, h http.Handler) http.Handler {
 		case user != nil && role.Read == false && role.Admin == false:
 			w.WriteHeader(http.StatusNotFound)
 			return
+		case user != nil && role.Write == true && role.Admin == false:
+			if IsRebuild(r.URL.Path) {
+				h.ServeHTTP(w, r)
+				return
+			}
+			w.WriteHeader(http.StatusForbidden)
+			return
 		case user != nil && role.Read == true && role.Admin == false:
 			w.WriteHeader(http.StatusForbidden)
 			return
@@ -100,3 +108,9 @@ func RequireRepoAdmin(c *web.C, h http.Handler) http.Handler {
 	}
 	return http.HandlerFunc(fn)
 }
+
+func IsRebuild(path string) bool {
+	const pattern = `\/(.*)\/(.*)\/(.*)\/branches\/(.*)\/commits\/(.*)`
+	ok, _ := regexp.MatchString(pattern, path)
+	return ok
+}