diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 54b7e5df2a..374dfaf3a1 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -24,6 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup/markdown"
 	"code.gitea.io/gitea/modules/optional"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/util"
@@ -397,6 +398,11 @@ func UpdateIssueDeadline(ctx *context.Context) {
 		return
 	}
 
+	if ctx.Doer.IsRestricted && !setting.RestrictedUser.AllowEditDueDate {
+		ctx.HTTPError(http.StatusForbidden, "", "restricted users cannot modify due dates")
+		return
+	}
+
 	deadlineUnix, _ := common.ParseDeadlineDateToEndOfDay(ctx.FormString("deadline"))
 	if err := issues_model.UpdateIssueDeadline(ctx, issue, deadlineUnix, ctx.Doer); err != nil {
 		ctx.HTTPError(http.StatusInternalServerError, "UpdateIssueDeadline", err.Error())