Description
Introduction
Currently everyone can add people to their organization without their consent. This could lead to a serious problem in the future regarding spamming or trolling.
Proposal
Let's say there is Alice and Bob. Alice has an organization and wants Bob to join her. So Alice navigates to her organization and chooses a proper team for Bob. Alice then needs to type in Bob's username and afterwards she hits the Add Team Member button.
Until now everything is exactly the same as the current procedure but instead of Bob just being added to the team, he receives an E-Mail where he is being asked to join. Bob can now choose whether he accepts or declines the invitation (via a button, a link, or something). Only if he accepts, he will get added to the team.
If Bob does not respond to the invitation for a specified amount of time, the invitation will expire.
No matter what Bob does, Alice will be notified so she can react properly.
Credits
The main idea of this feature request comes from a codeberg user. Unfortunately, they have deleted their account but the issue is still open on our side at codeberg.
See: codeberg for further information.