Give ProjectNotFound when the project is not readable

3 files changed, 3 insertions, 6 deletions

diff --git a/lib/gitlab/email/handler.rb b/lib/gitlab/email/handler.rb
index 55fbee276b8..56d848cdd7b 100644
--- a/lib/gitlab/email/handler.rb
+++ b/lib/gitlab/email/handler.rb
@@ -25,7 +25,7 @@ module Gitlab
       def validate_permission!(permission)
         raise UserNotFoundError unless author
         raise UserBlockedError if author.blocked?
-        # TODO: Give project not found error if author cannot read project
+        raise ProjectNotFound unless author.can?(:read_project, project)
         raise UserNotAuthorizedError unless author.can?(permission, project)
       end
 
diff --git a/lib/gitlab/email/handler/create_issue.rb b/lib/gitlab/email/handler/create_issue.rb
index 24f8f59900d..8829fbb0e49 100644
--- a/lib/gitlab/email/handler/create_issue.rb
+++ b/lib/gitlab/email/handler/create_issue.rb
@@ -10,9 +10,6 @@ module Gitlab
         end
 
         def execute
-          # Must be private project without access
-          raise ProjectNotFound unless author.can?(:read_project, project)
-
           validate_permission!(:create_issue)
           validate_authentication_token!
 
diff --git a/spec/lib/gitlab/email/receiver_spec.rb b/spec/lib/gitlab/email/receiver_spec.rb
index 58c525f4048..a9b93044a08 100644
--- a/spec/lib/gitlab/email/receiver_spec.rb
+++ b/spec/lib/gitlab/email/receiver_spec.rb
@@ -88,8 +88,8 @@ describe Gitlab::Email::Receiver, lib: true do
       project.update_attribute(:visibility_level, Project::PRIVATE)
     end
 
-    it "raises a UserNotAuthorizedError" do
-      expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotAuthorizedError)
+    it "raises a ProjectNotFound" do
+      expect { receiver.execute }.to raise_error(Gitlab::Email::ProjectNotFound)
     end
   end