Merge branch '5480-epic-notifications-ce' into 'master'

Backport 5480-epic-notifications from EE

See merge request gitlab-org/gitlab-ce!18724

2 files changed, 8 insertions, 3 deletions

diff --git a/lib/gitlab/email/handler/create_note_handler.rb b/lib/gitlab/email/handler/create_note_handler.rb
index 8eea33b9ab5..5791dbd0484 100644
--- a/lib/gitlab/email/handler/create_note_handler.rb
+++ b/lib/gitlab/email/handler/create_note_handler.rb
@@ -8,6 +8,7 @@ module Gitlab
         include ReplyProcessing
 
         delegate :project, to: :sent_notification, allow_nil: true
+        delegate :noteable, to: :sent_notification
 
         def can_handle?
           mail_key =~ /\A\w+\z/
@@ -18,7 +19,7 @@ module Gitlab
 
           validate_permission!(:create_note)
 
-          raise NoteableNotFoundError unless sent_notification.noteable
+          raise NoteableNotFoundError unless noteable
           raise EmptyEmailError if message.blank?
 
           verify_record!(
diff --git a/lib/gitlab/email/handler/reply_processing.rb b/lib/gitlab/email/handler/reply_processing.rb
index 32c5caf93e8..da5ff350549 100644
--- a/lib/gitlab/email/handler/reply_processing.rb
+++ b/lib/gitlab/email/handler/reply_processing.rb
@@ -32,8 +32,12 @@ module Gitlab
         def validate_permission!(permission)
           raise UserNotFoundError unless author
           raise UserBlockedError if author.blocked?
-          raise ProjectNotFound unless author.can?(:read_project, project)
-          raise UserNotAuthorizedError unless author.can?(permission, project)
+
+          if project
+            raise ProjectNotFound unless author.can?(:read_project, project)
+          end
+
+          raise UserNotAuthorizedError unless author.can?(permission, project || noteable)
         end
 
         def verify_record!(record:, invalid_exception:, record_name:)