Use policies to determine what notes a user can reference
Extracted from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1508/diffs#note_26284928:
Currently, we check if a user can use a reference like @all
by checking manually for project membership: https://gitlab.com/gitlab-org/gitlab-ce/blob/v9.0.3/lib/banzai/reference_parser/user_parser.rb#L63-85
This means that in EE, where we want to override this check, we can't use the policy framework, but just have to override the method: https://gitlab.com/gitlab-org/gitlab-ee/blob/d1bec0745f8ff35e3d150ca82729f6b377b6fbd7/lib/banzai/reference_parser/ee/base_parser.rb
It would be nice if this was part of the policies framework, because then we could use the same way of checking as we do for any other action a user can perform.
/cc @jneen