From 3158f57dba6dcef3e586ae8fced7deb6fdbd6dc0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Thu, 28 Jul 2016 19:31:17 +0200
Subject: Improve Members::DestroyService
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 lib/api/access_requests.rb |  4 +---
 lib/api/members.rb         | 10 +++++++++-
 2 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'lib/api')

diff --git a/lib/api/access_requests.rb b/lib/api/access_requests.rb
index 7b9de7c9598..75be24efd59 100644
--- a/lib/api/access_requests.rb
+++ b/lib/api/access_requests.rb
@@ -75,9 +75,7 @@ module API
           required_attributes! [:user_id]
           source = find_source(source_type, params[:id])
 
-          access_requester = source.requesters.find_by!(user_id: params[:user_id])
-
-          ::Members::DestroyService.new(access_requester, current_user).execute
+          ::Members::DestroyService.new(source, current_user, declared(params)).execute(:requesters)
         end
       end
     end
diff --git a/lib/api/members.rb b/lib/api/members.rb
index a18ce769e29..03dbf4eabb8 100644
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -65,6 +65,14 @@ module API
           # for both project and group members in 9.0!
           conflict!('Member already exists') if source_type == 'group' && member
 
+          access_requester = source.requesters.find_by(user_id: params[:user_id])
+          if access_requester
+            # We delete a potential access requester before creating the new member.
+            # We pass current_user = access_requester so that the requester doesn't
+            # receive a "access denied" email.
+            ::Members::DestroyService.new(source, access_requester.user, params).execute(:requesters)
+          end
+
           unless member
             member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
           end
@@ -134,7 +142,7 @@ module API
           if member.nil?
             { message: "Access revoked", id: params[:user_id].to_i }
           else
-            ::Members::DestroyService.new(member, current_user).execute
+            ::Members::DestroyService.new(source, current_user, params).execute
 
             present member.user, with: Entities::Member, member: member
           end
-- 
cgit v1.2.1