diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php
index b5966f9b..80cd7f18 100644
--- a/resources/lib/UnityGroup.php
+++ b/resources/lib/UnityGroup.php
@@ -218,8 +218,7 @@ public function denyGroup($operator = null, $send_mail = true)
     //     // now we delete the ldap entry
     //     $ldapPiGroupEntry = $this->getLDAPPiGroup();
     //     if ($ldapPiGroupEntry->exists()) {
-    //         ldapPiGroupEntry->delete();
-
+    //         $ldapPiGroupEntry->delete();
     //         $this->REDIS->removeCacheArray("sorted_groups", "", $this->getPIUID());
     //         foreach ($users as $user) {
     //             $this->REDIS->removeCacheArray($user->getUID(), "groups", $this->getPIUID());
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
index 9e036d1c..948ae86f 100644
--- a/resources/lib/UnityLDAP.php
+++ b/resources/lib/UnityLDAP.php
@@ -312,28 +312,24 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh
     public function getUserEntry($uid)
     {
         $uid = ldap_escape($uid, LDAP_ESCAPE_DN);
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU);
-        return $ldap_entry;
+        return $this->getEntry(unityLDAP::RDN . "=$uid," . $this->STR_USEROU);
     }
 
     public function getGroupEntry($gid)
     {
         $uid = ldap_escape($gid, LDAP_ESCAPE_DN);
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);
-        return $ldap_entry;
+        return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);
     }
 
     public function getPIGroupEntry($gid)
     {
         $uid = ldap_escape($gid, LDAP_ESCAPE_DN);
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);
-        return $ldap_entry;
+        return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);
     }
 
     public function getOrgGroupEntry($gid)
     {
         $uid = ldap_escape($gid, LDAP_ESCAPE_DN);
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
-        return $ldap_entry;
+        return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
     }
 }
diff --git a/test/functional/LoginShellSetTest.php b/test/functional/LoginShellSetTest.php
index df5423cf..90233248 100644
--- a/test/functional/LoginShellSetTest.php
+++ b/test/functional/LoginShellSetTest.php
@@ -23,9 +23,7 @@ public function tearDown(): void
     public static function getShells()
     {
         global $HTTP_HEADER_TEST_INPUTS;
-        // phpcs:disable
         return [["/bin/bash"]] + array_map(function($x){return [$x];}, $HTTP_HEADER_TEST_INPUTS);
-        // phpcs:enable
     }
 
     private function isShellValid(string $shell)
diff --git a/test/functional/PiMemberApproveTest.php b/test/functional/PiMemberApproveTest.php
new file mode 100644
index 00000000..dd51b571
--- /dev/null
+++ b/test/functional/PiMemberApproveTest.php
@@ -0,0 +1,74 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
+use UnityWebPortal\lib\UnityUser;
+
+class PiMemberApproveTest extends TestCase {
+    static $requestUid;
+    static $noRequestUid;
+
+    public static function setUpBeforeClass(): void{
+        global $USER;
+        switchUser(...getNormalUser());
+        self::$requestUid = $USER->getUID();
+        switchUser(...getNormalUser2());
+        self::$noRequestUid = $USER->getUID();
+    }
+
+    private function approveUser(string $uid)
+    {
+        post(
+            __DIR__ . "/../../webroot/panel/pi.php",
+            ["form_type" => "userReq", "action" => "approve", "uid" => $uid]
+        );
+    }
+
+    public function testApproveRequest()
+    {
+        global $USER, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK;
+        switchUser(...getUserIsPIHasNoMembersNoMemberRequests());
+        $pi = $USER;
+        $piGroup = $USER->getPIGroup();
+        $this->assertTrue($piGroup->exists());
+        $this->assertEquals([$pi->getUID()], $piGroup->getGroupMemberUIDs());
+        $this->assertEmpty($piGroup->getRequests());
+        $requestedUser = new UnityUser(self::$requestUid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+        try {
+            $piGroup->newUserRequest($requestedUser);
+            $this->assertFalse($piGroup->userExists($requestedUser));
+
+            $piGroup->approveUser($requestedUser);
+            $this->assertEmpty($piGroup->getRequests());
+
+            $this->assertEquals([$pi->getUID(), self::$requestUid], $piGroup->getGroupMemberUIDs());
+            $this->assertTrue($piGroup->userExists($requestedUser));
+        } finally {
+            $piGroup->removeUser($requestedUser);
+            $SQL->removeRequest(self::$requestUid, $piGroup->getPIUID());
+        }
+    }
+
+    public function testApproveNonexistentRequest()
+    {
+        global $USER, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK;
+        switchUser(...getUserIsPIHasNoMembersNoMemberRequests());
+        $pi = $USER;
+        $piGroup = $USER->getPIGroup();
+        $this->assertTrue($piGroup->exists());
+        $this->assertEquals([$pi->getUID()], $piGroup->getGroupMemberUIDs());
+        $this->assertEmpty($piGroup->getRequests());
+
+        $notRequestedUser = new UnityUser(self::$noRequestUid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+        $this->assertFalse($piGroup->userExists($notRequestedUser));
+        $this->assertEmpty($piGroup->getRequests());
+
+        try {
+            $piGroup->approveUser($notRequestedUser);
+            $this->assertEquals([$pi->getUID()], $piGroup->getGroupMemberUIDs());
+            $this->assertFalse($piGroup->userExists($notRequestedUser));
+        } finally {
+            $piGroup->removeUser($notRequestedUser);
+        }
+    }
+}
diff --git a/test/functional/PiMemberDenyTest.php b/test/functional/PiMemberDenyTest.php
new file mode 100644
index 00000000..79e5df77
--- /dev/null
+++ b/test/functional/PiMemberDenyTest.php
@@ -0,0 +1,46 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
+use UnityWebPortal\lib\UnityUser;
+
+class PiMemberDenyTest extends TestCase {
+    static $requestUid;
+
+    public static function setUpBeforeClass(): void{
+        global $USER;
+        switchUser(...getNormalUser());
+        self::$requestUid = $USER->getUID();
+    }
+
+    private function denyUser(string $uid)
+    {
+        post(
+            __DIR__ . "/../../webroot/panel/pi.php",
+            ["form_type" => "userReq", "action" => "approve", "uid" => $uid]
+        );
+    }
+
+    public function testDenyRequest()
+    {
+        global $USER, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK;
+        switchUser(...getUserIsPIHasNoMembersNoMemberRequests());
+        $pi = $USER;
+        $piGroup = $USER->getPIGroup();
+        $this->assertTrue($piGroup->exists());
+        $this->assertEquals([$pi->getUID()], $piGroup->getGroupMemberUIDs());
+        $this->assertEmpty($piGroup->getRequests());
+        $requestedUser = new UnityUser(self::$requestUid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+        try {
+            $piGroup->newUserRequest($requestedUser);
+            $this->assertFalse($piGroup->userExists($requestedUser));
+
+            $piGroup->denyUser($requestedUser);
+            $this->assertEmpty($piGroup->getRequests());
+            $this->assertEquals([$pi->getUID()], $piGroup->getGroupMemberUIDs());
+            $this->assertFalse($piGroup->userExists($requestedUser));
+        } finally {
+            $SQL->removeRequest(self::$requestUid, $piGroup->getPIUID());
+        }
+    }
+}
diff --git a/test/functional/PiRemoveUserTest.php b/test/functional/PiRemoveUserTest.php
new file mode 100644
index 00000000..7953e5be
--- /dev/null
+++ b/test/functional/PiRemoveUserTest.php
@@ -0,0 +1,68 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
+use UnityWebPortal\lib\UnityUser;
+
+class PiRemoveUserTest extends TestCase {
+    private function removeUser(string $uid)
+    {
+        post(
+            __DIR__ . "/../../webroot/panel/pi.php",
+            ["form_name" => "remUser", "uid" => $uid]
+        );
+    }
+
+    public function testRemoveUser()
+    {
+        global $USER, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK;
+        switchUser(...getUserIsPIHasAtLeastOneMember());
+        $pi = $USER;
+        $piUid = $USER->getUID();
+        $piGroup = $USER->getPIGroup();
+        $this->assertTrue($piGroup->exists());
+        $memberUIDs = $piGroup->getGroupMemberUIDs();
+        // the 0th member of the PI group is the PI
+        $this->assertGreaterThan(1, count($memberUIDs));
+        // the ordering of the uids in getGroupMemberUIDs is different each time
+        // use a linear search to find a user who is not the PI
+        $memberToDelete = null;
+        foreach ($memberUIDs as $uid) {
+            if ($uid != $piUid) {
+                $memberToDelete = new UnityUser($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+                break;
+            }
+        }
+        $this->assertNotEquals($pi->getUID(), $memberToDelete->getUID());
+        $this->assertTrue($piGroup->userExists($memberToDelete));
+        try {
+            $this->removeUser($memberToDelete->getUID());
+            $this->assertFalse($piGroup->userExists($memberToDelete));
+        } finally {
+            if (!$piGroup->userExists($memberToDelete)) {
+                $piGroup->newUserRequest($memberToDelete);
+                $piGroup->approveUser($memberToDelete);
+            }
+        }
+    }
+
+    public function testRemovePIFromTheirOwnGroup()
+    {
+        global $USER, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK;
+        switchUser(...getUserIsPIHasAtLeastOneMember());
+        $pi = $USER;
+        $piGroup = $USER->getPIGroup();
+        $this->assertTrue($piGroup->exists());
+        $this->assertTrue($piGroup->userExists($pi));
+        $this->expectException(Exception::class);
+        try {
+            $this->removeUser($pi->getUID());
+            $this->assertTrue($piGroup->userExists($pi));
+        } finally {
+            if (!$piGroup->userExists($pi)) {
+                $piGroup->newUserRequest($pi);
+                $piGroup->approveUser($pi);
+            }
+       }
+    }
+}
diff --git a/test/phpunit-bootstrap.php b/test/phpunit-bootstrap.php
index 77267a08..ae5f6a1b 100644
--- a/test/phpunit-bootstrap.php
+++ b/test/phpunit-bootstrap.php
@@ -106,6 +106,11 @@ function getNormalUser()
     return ["user2@org1.test", "foo", "bar", "user2@org1.test"];
 }
 
+function getNormalUser2()
+{
+    return ["user2@org1.test", "foo", "bar", "user2@org1.test"];
+}
+
 function getUserHasNotRequestedAccountDeletionHasGroup()
 {
     return ["user1@org1.test", "foo", "bar", "user1@org1.test"];
@@ -136,6 +141,16 @@ function getUserWithOneKey()
     return ["user5@org2.test", "foo", "bar", "user5@org2.test"];
 }
 
+function getUserIsPIHasNoMembersNoMemberRequests()
+{
+    return ["user5@org2.test", "foo", "bar", "user5@org2.test"];
+}
+
+function getUserIsPIHasAtLeastOneMember()
+{
+    return ["user1@org1.test", "foo", "bar", "user1@org1.test"];
+}
+
 function getNonExistentUser()
 {
     return ["user1@nonexistent.test", "foo", "bar", "user1@nonexistent.test"];
diff --git a/test/unit/AjaxSshValidateTest.php b/test/unit/AjaxSshValidateTest.php
index 6f670a43..e4bf6aac 100644
--- a/test/unit/AjaxSshValidateTest.php
+++ b/test/unit/AjaxSshValidateTest.php
@@ -12,9 +12,7 @@ public static function providerTestSshValidate()
         // sanity check only, see UnitySiteTest for more comprehensive test cases
         return [
             [false, "foobar"],
-            // phpcs:disable
             [true, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+XqO25MUB9x/pS04I3JQ7rMGboWyGXh0GUzkOrTi7a"],
-            // phpcs:enable
         ];
     }
 
diff --git a/test/unit/UnityGithubTest.php b/test/unit/UnityGithubTest.php
index d36841b3..a860db3d 100644
--- a/test/unit/UnityGithubTest.php
+++ b/test/unit/UnityGithubTest.php
@@ -17,9 +17,7 @@ public static function providerTestGetGithubKeys()
             # user with no keys
             ["sheldor1510", []],
             # user with 1 key
-            //phpcs:disable
             ["simonLeary42", ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGRl6JWPj+Gq2Lz9GjYdUl4/unLoFOyfgeiII1CxutpabPByRJbeuonR0zTpn51tZeYuAUOJBOeKt+Lj4i4UDGl6igpdXXSwkBXl7jxfRPwJ6WuTkDx7Z8ynwnqlDV2q089q4OX/b/uuHgsIhIBwrouKsRQaZIqTbwNMfiqQ2zl14V0KMrTPzOiwR6Q+hqSaR5Z29WKE7ff/OWzSC3/0T6avCmcCbQaRPJdVM+QC17B0vl8FzPwRjorMngwZ0cImdQ/0Ww1d12YAL7UWp1c2egfnthKP3MuQZnNF8ixsAk1eIIwTRdiI87BOoorW8NXhxXmhyheRCsFwyP4LJBqyUVoZJ0UYyk0AO4G9EStnfpiz8YXGK+M1G4tUrWgzs1cdjlHtgCWUmITtgabnYCC4141m7n4GZTk2H/lSrJcvAs3JEiwLTj1lzeGgzeSsz/XKsnOJyzjEVr2Jp3iT+J9PbQpfS0SxTCIGgxMqllovv79pfsF/zc+vaxqSShyHW7oyn7hLMHM60LO/IIX1RWGL3rD9ecXx2pXXQ1RhIkVteIi13XkFt+KW00cstFlAd3EHCoY/XorShd2jeID7tpnYlmNfotYUs6IKefvpNC0PWkh5UXFEv3SUfw4Wd8O0DiHfhkrhxn1W/GajqSIlZ5DKgPzFg8EHexv8lSa7WJg0H3YQ=="]]
-            //phpcs:enable
         ];
     }
 
diff --git a/tools/docker-dev/sql/bootstrap-users.sql b/tools/docker-dev/sql/bootstrap-users.sql
index b56421f5..3fe7da0b 100644
--- a/tools/docker-dev/sql/bootstrap-users.sql
+++ b/tools/docker-dev/sql/bootstrap-users.sql
@@ -1 +1,6 @@
-INSERT INTO `account_deletion_requests` (`id`, `timestamp`, `uid`) VALUES (1, '1970-01-01 00:00:01', 'user4_org1_test');
+INSERT INTO `account_deletion_requests` (`id`, `timestamp`, `uid`) VALUES
+    (1, '1970-01-01 00:00:01', 'user4_org1_test');
+
+-- INSERT INTO `requests` (`id`, `request_for`, `uid`, `timestamp`) VALUES
+--     (1, 'pi_user1_org1_test', 'user6_org1_test', '1970-01-01 00:00:01'),
+--     (2, 'pi_user1_org1_test', 'user7_org1_test', '1970-01-01 00:00:01');