Improve Members::DestroyService

Signed-off-by: Rémy Coutable <remy@rymai.me>

1 files changed, 9 insertions, 1 deletions

diff --git a/lib/api/members.rb b/lib/api/members.rb
index a18ce769e29..03dbf4eabb8 100644
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -65,6 +65,14 @@ module API
           # for both project and group members in 9.0!
           conflict!('Member already exists') if source_type == 'group' && member
 
+          access_requester = source.requesters.find_by(user_id: params[:user_id])
+          if access_requester
+            # We delete a potential access requester before creating the new member.
+            # We pass current_user = access_requester so that the requester doesn't
+            # receive a "access denied" email.
+            ::Members::DestroyService.new(source, access_requester.user, params).execute(:requesters)
+          end
+
           unless member
             member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
           end
@@ -134,7 +142,7 @@ module API
           if member.nil?
             { message: "Access revoked", id: params[:user_id].to_i }
           else
-            ::Members::DestroyService.new(member, current_user).execute
+            ::Members::DestroyService.new(source, current_user, params).execute
 
             present member.user, with: Entities::Member, member: member
           end