Add latest changes from gitlab-org/gitlab@master

1 files changed, 18 insertions, 2 deletions

diff --git a/app/services/members/destroy_service.rb b/app/services/members/destroy_service.rb
index 7e620047c78..fdd43260521 100644
--- a/app/services/members/destroy_service.rb
+++ b/app/services/members/destroy_service.rb
@@ -2,8 +2,8 @@
 
 module Members
   class DestroyService < Members::BaseService
-    def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false)
-      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_destroy_member?(member)
+    def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false)
+      raise Gitlab::Access::AccessDeniedError unless skip_authorization || authorized?(member, destroy_bot)
 
       @skip_auth = skip_authorization
 
@@ -28,6 +28,12 @@ module Members
 
     private
 
+    def authorized?(member, destroy_bot)
+      return can_destroy_bot_member?(member) if destroy_bot
+
+      can_destroy_member?(member)
+    end
+
     def delete_subresources(member)
       return unless member.is_a?(GroupMember) && member.user && member.group
 
@@ -55,6 +61,10 @@ module Members
       can?(current_user, destroy_member_permission(member), member)
     end
 
+    def can_destroy_bot_member?(member)
+      can?(current_user, destroy_bot_member_permission(member), member)
+    end
+
     def destroy_member_permission(member)
       case member
       when GroupMember
@@ -66,6 +76,12 @@ module Members
       end
     end
 
+    def destroy_bot_member_permission(member)
+      raise "Unsupported bot member type: #{member}" unless member.is_a?(ProjectMember)
+
+      :destroy_project_bot_member
+    end
+
     def enqueue_unassign_issuables(member)
       source_type = member.is_a?(GroupMember) ? 'Group' : 'Project'