Add functionality and security.

app/controllers/projects/pipeline_schedules_controller.rb

@@ -33,6 +33,8 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   end
 
   def update
+    return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
+
     if Ci::CreatePipelineScheduleService
         .new(@project, current_user, schedule_params).update(schedule)
       redirect_to namespace_project_pipeline_schedules_path(@project.namespace.becomes(Namespace), @project)

app/policies/ci/pipeline_schedule_policy.rb

 module Ci
   class PipelineSchedulePolicy < PipelinePolicy
+    alias_method :pipeline_schedule, :subject
+
+    def rules
+      super
+
+      access = pipeline_schedule.project.team.max_member_access(user.id)
+
+      if access == Gitlab::Access::DEVELOPER && pipeline_schedule.owner != user
+        cannot! :update_pipeline_schedule
+      end
+    end
   end
 end