4 files changed, 18 insertions, 25 deletions

diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb
index 87af6a9a7f7..2b35f7da7b4 100644
--- a/app/models/members/group_member.rb
+++ b/app/models/members/group_member.rb
@@ -7,7 +7,6 @@ class GroupMember < Member
 
   SOURCE_TYPE = 'Namespace'
   SOURCE_TYPE_FORMAT = /\ANamespace\z/.freeze
-  THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS = 1000
 
   belongs_to :group, foreign_key: 'source_id'
   alias_attribute :namespace_id, :source_id
@@ -67,28 +66,8 @@ class GroupMember < Member
     # its projects are also destroyed, so the removal of project_authorizations
     # will happen behind the scenes via DB foreign keys anyway.
     return if destroyed_by_association.present?
-    return unless user_id
-    return super if Feature.disabled?(:refresh_authorizations_via_affected_projects_on_group_membership, group)
 
-    # rubocop:disable CodeReuse/ServiceClass
-    projects_to_refresh = Groups::ProjectsRequiringAuthorizationsRefresh::OnDirectMembershipFinder.new(group).execute
-    threshold_exceeded = (projects_to_refresh.size > THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS)
-
-    # We want to try the new approach only if the number of affected projects are greater than the set threshold.
-    return super unless threshold_exceeded
-
-    AuthorizedProjectUpdate::ProjectAccessChangedService
-      .new(projects_to_refresh)
-      .execute(blocking: false)
-
-    # Until we compare the inconsistency rates of the new approach
-    # the old approach, we still run AuthorizedProjectsWorker
-    # but with some delay and lower urgency as a safety net.
-    UserProjectAccessChangedService
-      .new(user_id)
-      .execute(blocking: false, priority: UserProjectAccessChangedService::LOW_PRIORITY)
-
-    # rubocop:enable CodeReuse/ServiceClass
+    super
   end
 
   def send_invite
diff --git a/app/models/members/last_group_owner_assigner.rb b/app/models/members/last_group_owner_assigner.rb
index c85116858c7..e411a0ef5eb 100644
--- a/app/models/members/last_group_owner_assigner.rb
+++ b/app/models/members/last_group_owner_assigner.rb
@@ -8,7 +8,7 @@ class LastGroupOwnerAssigner
   end
 
   def execute
-    @last_blocked_owner = no_owners_in_heirarchy? && group.single_blocked_owner?
+    @last_blocked_owner = no_owners_in_hierarchy? && group.single_blocked_owner?
     @group_single_owner = owners.size == 1
 
     members.each { |member| set_last_owner(member) }
@@ -18,7 +18,7 @@ class LastGroupOwnerAssigner
 
   attr_reader :group, :members, :last_blocked_owner, :group_single_owner
 
-  def no_owners_in_heirarchy?
+  def no_owners_in_hierarchy?
     owners.empty?
   end
 
diff --git a/app/models/members/member_role.rb b/app/models/members/member_role.rb
new file mode 100644
index 00000000000..2e8532fa739
--- /dev/null
+++ b/app/models/members/member_role.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class MemberRole < ApplicationRecord  # rubocop:disable Gitlab/NamespacedClass
+  has_many :members
+  belongs_to :namespace
+
+  validates :namespace_id, presence: true
+  validates :base_access_level, presence: true
+end
diff --git a/app/models/members/project_member.rb b/app/models/members/project_member.rb
index c97f00364fd..8fd82fcb34a 100644
--- a/app/models/members/project_member.rb
+++ b/app/models/members/project_member.rb
@@ -111,7 +111,7 @@ class ProjectMember < Member
 
     # rubocop:disable CodeReuse/ServiceClass
     if blocking
-      AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker.bulk_perform_and_wait([[project.id, user.id]])
+      blocking_project_authorizations_refresh
     else
       AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker.perform_async(project.id, user.id)
     end
@@ -124,6 +124,11 @@ class ProjectMember < Member
     # rubocop:enable CodeReuse/ServiceClass
   end
 
+  # This method is overridden in the test environment, see stubbed_member.rb
+  def blocking_project_authorizations_refresh
+    AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker.bulk_perform_and_wait([[project.id, user.id]])
+  end
+
   # TODO: https://gitlab.com/groups/gitlab-org/-/epics/7054
   # temporary until we can we properly remove the source columns
   override :set_member_namespace_id