1 files changed, 24 insertions, 2 deletions

diff --git a/app/services/application_settings/update_service.rb b/app/services/application_settings/update_service.rb
index df9217bea32..7792b811b4e 100644
--- a/app/services/application_settings/update_service.rb
+++ b/app/services/application_settings/update_service.rb
@@ -9,6 +9,16 @@ module ApplicationSettings
     MARKDOWN_CACHE_INVALIDATING_PARAMS = %w(asset_proxy_enabled asset_proxy_url asset_proxy_secret_key asset_proxy_whitelist).freeze
 
     def execute
+      result = update_settings
+
+      auto_approve_blocked_users if result
+
+      result
+    end
+
+    private
+
+    def update_settings
       validate_classification_label(application_setting, :external_authorization_service_default_label) unless bypass_external_auth?
 
       if application_setting.errors.any?
@@ -40,8 +50,6 @@ module ApplicationSettings
       @application_setting.save
     end
 
-    private
-
     def usage_stats_updated?
       params.key?(:usage_ping_enabled) || params.key?(:version_check_enabled)
     end
@@ -95,6 +103,20 @@ module ApplicationSettings
     def bypass_external_auth?
       params.key?(:external_authorization_service_enabled) && !Gitlab::Utils.to_boolean(params[:external_authorization_service_enabled])
     end
+
+    def auto_approve_blocked_users
+      return unless should_auto_approve_blocked_users?
+
+      ApproveBlockedPendingApprovalUsersWorker.perform_async(current_user.id)
+    end
+
+    def should_auto_approve_blocked_users?
+      return false unless application_setting.previous_changes.key?(:require_admin_approval_after_user_signup)
+
+      enabled_previous, enabled_current = application_setting.previous_changes[:require_admin_approval_after_user_signup]
+
+      enabled_previous && !enabled_current
+    end
   end
 end