From 78f74c3500acce8bd1e29c076a4559a0b529c9a5 Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Tue, 16 Aug 2016 10:02:45 -0500
Subject: [PATCH] Temporary fix for #825 - LDAP sync converts access requests
 to members

---
 CHANGELOG-EE                               |  1 +
 lib/ee/gitlab/ldap/sync/group.rb           | 15 ++++++++++++---
 spec/lib/ee/gitlab/ldap/sync/group_spec.rb | 18 +++++++++++++++++-
 3 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG-EE b/CHANGELOG-EE
index d6201135a3182b..4ee9a96eea3842 100644
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
@@ -4,6 +4,7 @@ v 8.11.0 (unreleased)
   - Allow projects to be moved between repository storages
   - Add rake task to remove old repository copies from repositories moved to another storage
   - Performance improvement of push rules
+  - Temporary fix for #825 - LDAP sync converts access requests to members. !655
   - Change LdapGroupSyncWorker to use new LDAP group sync classes
   - Removed unused GitLab GEO database index
   - Enable monitoring for ES classes
diff --git a/lib/ee/gitlab/ldap/sync/group.rb b/lib/ee/gitlab/ldap/sync/group.rb
index 9e9217cc35a461..a0e489ceac14ff 100644
--- a/lib/ee/gitlab/ldap/sync/group.rb
+++ b/lib/ee/gitlab/ldap/sync/group.rb
@@ -124,9 +124,18 @@ def add_or_update_user_membership(user, group, access)
             if access < ::Gitlab::Access::OWNER && group.last_owner?(user)
               warn_cannot_remove_last_owner(user, group)
             else
-              # If you pass the user object, instead of just user ID,
-              # it saves an extra user database query.
-              group.add_users([user], access, skip_notification: true)
+              # Temporarily handle access requests until
+              # gitlab-org/gitlab-ee#825 is properly resolved.
+              member = group.requesters.find_by(user_id: user.id)
+              if member.present?
+                member.access_level = access
+                member.requested_at = nil
+                member.save
+              else
+                # If you pass the user object, instead of just user ID,
+                # it saves an extra user database query.
+                group.add_users([user], access, skip_notification: true)
+              end
             end
           end
 
diff --git a/spec/lib/ee/gitlab/ldap/sync/group_spec.rb b/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
index ed38c5d2edcbd9..35a4a47aaa3636 100644
--- a/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
+++ b/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
@@ -49,7 +49,7 @@
 
             sync_group.update_permissions
 
-            expect(group.members).not_to include(user)
+            expect(group.members.pluck(:user_id)).not_to include(user.id)
           end
         end
 
@@ -59,6 +59,22 @@
           expect(group.members.pluck(:user_id)).to include(user.id)
         end
 
+        it 'converts an existing membership access request to a real member' do
+          group.members.create(
+            user: user,
+            access_level: ::Gitlab::Access::MASTER,
+            requested_at: DateTime.now
+          )
+          # Validate that the user is properly created as a requester first.
+          expect(group.requesters.pluck(:user_id)).to include(user.id)
+
+          sync_group.update_permissions
+
+          expect(group.members.pluck(:user_id)).to include(user.id)
+          expect(group.members.find_by(user_id: user.id).access_level)
+            .to eq(::Gitlab::Access::DEVELOPER)
+        end
+
         it 'downgrades existing member access' do
           # Create user with higher access
           group.add_users([user],
-- 
GitLab