diff --git a/app/services/ci/create_pipeline_service.rb b/app/services/ci/create_pipeline_service.rb
index f331f86e622..700ac42d56e 100644
--- a/app/services/ci/create_pipeline_service.rb
+++ b/app/services/ci/create_pipeline_service.rb
@@ -23,16 +23,16 @@ module Ci
 
       unless allowed_to_trigger_pipeline?(triggering_user)
         if can?(triggering_user, :create_pipeline, project)
-          return error("Insufficient permissions for protected ref '#{ref}'")
+          if branch? || tag?
+            return error("Insufficient permissions for protected ref '#{ref}'")
+          else
+            return error('Reference not found')
+          end
         else
           return error('Insufficient permissions to create a new pipeline')
         end
       end
 
-      unless branch? || tag?
-        return error('Reference not found')
-      end
-
       unless commit
         return error('Commit not found')
       end
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index 6c6111006b6..d9a5af09f08 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -94,13 +94,15 @@ module Gitlab
 
     def protected_branch_accessible_to?(ref, action:)
       ProtectedBranch.protected_ref_accessible_to?(
-        ref, user, action: action,
+        ref, user,
+        action: action,
         protected_refs: project.protected_branches)
     end
 
     def protected_tag_accessible_to?(ref, action:)
       ProtectedTag.protected_ref_accessible_to?(
-        ref, user, action: action,
+        ref, user,
+        action: action,
         protected_refs: project.protected_tags)
     end