User `Guest` access per project leak

Summary

User access leak

Steps to reproduce

Grant one user access Guest to your private repository. He created new issue, available only for repository stuff members. Then make him to leave by button Leave on members page. Result: he have access to your private repository.

Expected behavior

User can access to private repository.

Actual behavior

Security problems?

Relevant logs and/or screenshots

No logs, user not found on members page. But he can access to your project. I didn't tested if user re-login.

Output of checks

This bug happens on GitLab.com