Bulk-add users to existing org (#887)

* Add GQL mutation for bulk-adding org members Most of this code is identical to the bulk-add code in ProjectMutations, but the org version explicitly does *not* invite members if an email address is not found. Instead, any usernames or emails not found are returned to the frontend so that the user can take appropriate action. * Add frontend UI to bulk-add members to orgs * Fix GraphQL invalidation Since the org page query asks for `orgById`, the GraphQL cache is caching the type OrgById rather than the type Organization. While we're at it, we also invalidate the OrgById cache for a few other mutations like adding and removing members from an org. And we stop asking for the mutation to return the list of org members, because the org admins don't have permission to access the .members field of orgs in normal queries, only in the orgById query. This stops the GraphQL permissions error that was popping up when org admins tried to do these operations. --------- Co-authored-by: Kevin Hahn <[email protected]>
sillsdev · Jul 23, 2024 · 6d6e539 · 6d6e539
1 parent 7ac36b2
commit 6d6e539
Show file tree

Hide file tree

Showing 10 changed files with 328 additions and 24 deletions.
diff --git a/backend/LexBoxApi/GraphQL/OrgMutations.cs b/backend/LexBoxApi/GraphQL/OrgMutations.cs
@@ -196,6 +196,54 @@ private async Task UpdateOrgMemberRole(LexBoxDbContext dbContext, Organization o
         await dbContext.SaveChangesAsync();
     }
 
+    public record BulkAddOrgMembersInput(Guid OrgId, string[] Usernames, OrgRole Role);
+    public record OrgMemberRole(string Username, OrgRole Role);
+    public record BulkAddOrgMembersResult(List<OrgMemberRole> AddedMembers, List<OrgMemberRole> NotFoundMembers, List<OrgMemberRole> ExistingMembers);
+
+    [Error<NotFoundException>]
+    [Error<DbError>]
+    [Error<UnauthorizedAccessException>]
+    [UseMutationConvention]
+    public async Task<BulkAddOrgMembersResult> BulkAddOrgMembers(
+        BulkAddOrgMembersInput input,
+        IPermissionService permissionService,
+        LexBoxDbContext dbContext)
+    {
+        permissionService.AssertCanEditOrg(input.OrgId);
+        var orgExists = await dbContext.Orgs.AnyAsync(o => o.Id == input.OrgId);
+        if (!orgExists) throw NotFoundException.ForType<Organization>();
+        List<OrgMemberRole> AddedMembers = [];
+        List<OrgMemberRole> ExistingMembers = [];
+        List<OrgMemberRole> NotFoundMembers = [];
+        var existingUsers = await dbContext.Users.Include(u => u.Organizations).Where(u => input.Usernames.Contains(u.Username) || input.Usernames.Contains(u.Email)).ToArrayAsync();
+        var byUsername = existingUsers.Where(u => u.Username is not null).ToDictionary(u => u.Username!);
+        var byEmail = existingUsers.Where(u => u.Email is not null).ToDictionary(u => u.Email!);
+        foreach (var usernameOrEmail in input.Usernames)
+        {
+            var user = byUsername.GetValueOrDefault(usernameOrEmail) ?? byEmail.GetValueOrDefault(usernameOrEmail);
+            if (user is null)
+            {
+                NotFoundMembers.Add(new OrgMemberRole(usernameOrEmail, input.Role));
+            }
+            else
+            {
+                var userOrg = user.Organizations.FirstOrDefault(p => p.OrgId == input.OrgId);
+                if (userOrg is not null)
+                {
+                    ExistingMembers.Add(new OrgMemberRole(user.Username ?? user.Email!, userOrg.Role));
+                }
+                else
+                {
+                    AddedMembers.Add(new OrgMemberRole(user.Username ?? user.Email!, input.Role));
+                    // Not yet a member, so add a membership. We don't want to touch existing memberships, which might have other roles
+                    user.Organizations.Add(new OrgMember { Role = input.Role, OrgId = input.OrgId, UserId = user.Id });
+                }
+            }
+        }
+        await dbContext.SaveChangesAsync();
+        return new BulkAddOrgMembersResult(AddedMembers, NotFoundMembers, ExistingMembers);
+    }
+
     [Error<NotFoundException>]
     [Error<DbError>]
     [Error<RequiredException>]

diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
@@ -164,6 +164,11 @@ public bool CanEditOrg(Guid orgId)
         return false;
     }
 
+    public void AssertCanEditOrg(Guid orgId)
+    {
+        if (!CanEditOrg(orgId)) throw new UnauthorizedAccessException();
+    }
+
     public void AssertCanEditOrg(Organization org)
     {
         if (!CanEditOrg(org.Id)) throw new UnauthorizedAccessException();

diff --git a/backend/LexCore/ServiceInterfaces/IPermissionService.cs b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
@@ -34,5 +34,6 @@ public interface IPermissionService
     bool IsOrgMember(Guid orgId);
     bool CanEditOrg(Guid orgId);
     void AssertCanEditOrg(Organization org);
+    void AssertCanEditOrg(Guid orgId);
     void AssertCanAddProjectToOrg(Organization org);
 }
diff --git a/frontend/schema.graphql b/frontend/schema.graphql
@@ -31,6 +31,17 @@ type AuthUserProject {
   projectId: UUID!
 }
 
+type BulkAddOrgMembersPayload {
+  bulkAddOrgMembersResult: BulkAddOrgMembersResult
+  errors: [BulkAddOrgMembersError!]
+}
+
+type BulkAddOrgMembersResult {
+  addedMembers: [OrgMemberRole!]!
+  notFoundMembers: [OrgMemberRole!]!
+  existingMembers: [OrgMemberRole!]!
+}
+
 type BulkAddProjectMembersPayload {
   bulkAddProjectMembersResult: BulkAddProjectMembersResult
   errors: [BulkAddProjectMembersError!]
@@ -208,6 +219,7 @@ type Mutation {
   removeProjectFromOrg(input: RemoveProjectFromOrgInput!): RemoveProjectFromOrgPayload!
   setOrgMemberRole(input: SetOrgMemberRoleInput!): SetOrgMemberRolePayload!
   changeOrgMemberRole(input: ChangeOrgMemberRoleInput!): ChangeOrgMemberRolePayload!
+  bulkAddOrgMembers(input: BulkAddOrgMembersInput!): BulkAddOrgMembersPayload!
   changeOrgName(input: ChangeOrgNameInput!): ChangeOrgNamePayload!
   createProject(input: CreateProjectInput!): CreateProjectPayload! @authorize(policy: "VerifiedEmailRequiredPolicy")
   addProjectMember(input: AddProjectMemberInput!): AddProjectMemberPayload!
@@ -293,6 +305,11 @@ type OrgMemberDtoCreatedBy {
   name: String!
 }
 
+type OrgMemberRole {
+  username: String!
+  role: OrgRole!
+}
+
 type OrgProjects {
   org: Organization!
   project: Project!
@@ -418,6 +435,10 @@ type SoftDeleteProjectPayload {
   errors: [SoftDeleteProjectError!]
 }
 
+type UnauthorizedAccessError implements Error {
+  message: String!
+}
+
 type UniqueValueError implements Error {
   message: String!
 }
@@ -462,6 +483,8 @@ union AddProjectMemberError = NotFoundError | DbError | ProjectMembersMustBeVeri
 
 union AddProjectToOrgError = DbError | NotFoundError
 
+union BulkAddOrgMembersError = NotFoundError | DbError | UnauthorizedAccessError
+
 union BulkAddProjectMembersError = NotFoundError | InvalidEmailError | DbError
 
 union ChangeOrgMemberRoleError = DbError | NotFoundError
@@ -518,6 +541,12 @@ input BooleanOperationFilterInput {
   neq: Boolean
 }
 
+input BulkAddOrgMembersInput {
+  orgId: UUID!
+  usernames: [String!]!
+  role: OrgRole!
+}
+
 input BulkAddProjectMembersInput {
   projectId: UUID
   usernames: [String!]!

diff --git a/frontend/src/lib/components/Badges/OrgMemberBadge.svelte b/frontend/src/lib/components/Badges/OrgMemberBadge.svelte
@@ -0,0 +1,25 @@
+<script lang="ts">
+  import { OrgRole } from '$lib/gql/types';
+  import FormatUserOrgRole from '../Orgs/FormatUserOrgRole.svelte';
+  import ActionBadge from './ActionBadge.svelte';
+  import Badge from './Badge.svelte';
+  export let member: { name: string; role: OrgRole };
+  export let canManage = false;
+
+  export let type: 'existing' | 'new' = 'existing';
+  $: actionIcon = (type === 'existing' ? 'i-mdi-dots-vertical' as const : 'i-mdi-close' as const);
+  $: variant = member.role === OrgRole.Admin ? 'btn-primary' as const : 'btn-secondary' as const;
+</script>
+
+<ActionBadge {actionIcon} {variant} disabled={!canManage} on:action>
+  <span class="pr-3 whitespace-nowrap overflow-ellipsis overflow-x-clip" title={member.name}>
+    {member.name}
+  </span>
+
+  <!-- justify the name left and the role right -->
+  <span class="flex-grow" />
+
+  <Badge>
+    <FormatUserOrgRole role={member.role} />
+  </Badge>
+</ActionBadge>
diff --git a/frontend/src/lib/gql/gql-client.ts b/frontend/src/lib/gql/gql-client.ts
@@ -28,6 +28,9 @@ import {
   type BulkAddProjectMembersMutationVariables,
   type DeleteDraftProjectMutationVariables,
   type MutationAddProjectToOrgArgs,
+  type BulkAddOrgMembersMutationVariables,
+  type ChangeOrgMemberRoleMutationVariables,
+  type AddOrgMemberMutationVariables,
 } from './types';
 import type {Readable, Unsubscriber} from 'svelte/store';
 import {derived} from 'svelte/store';
@@ -70,6 +73,15 @@ function createGqlClient(_gqlEndpoint?: string): Client {
                 cache.invalidate({__typename: 'Project', id: args.input.projectId});
               }
             },
+            bulkAddOrgMembers: (result, args: BulkAddOrgMembersMutationVariables, cache, _info) => {
+              cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+            },
+            changeOrgMemberRole: (result, args: ChangeOrgMemberRoleMutationVariables, cache, _info) => {
+              cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+            },
+            setOrgMemberRole: (result, args: AddOrgMemberMutationVariables, cache, _info) => {
+              cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+            },
             leaveProject: (result, args: LeaveProjectMutationVariables, cache, _info) => {
               cache.invalidate({__typename: 'Project', id: args.input.projectId});
             },

diff --git a/frontend/src/lib/i18n/locales/en.json b/frontend/src/lib/i18n/locales/en.json
@@ -263,6 +263,21 @@ the [Linguistics Institute at Payap University](https://li.payap.ac.th/) in Chia
       "user_needs_to_relogin": "Added members will need to log out and back in again before they see the new organization.",
       "invalid_email_address": "Invalid email address: {email}",
     },
+    "bulk_add_members": {
+      "add_button": "Bulk Add Members",
+      "explanation": "Adds all the entered logins and emails to this organization. Unlike the bulk-add feature for projects, new accounts will NOT be automatically created.",
+      "modal_title": "Bulk Add Members",
+      "submit_button": "Add Members",
+      "finish_button": "Close",
+      "usernames": "Logins or emails (one per line)",
+      "usernames_description": "This should be the **email or Send/Receive login** for existing accounts",
+      "invalid_username": "Invalid login/username: {username}. Only letters, numbers, and underscore (_) characters are allowed.",
+      "empty_user_field": "Please enter email addresses and/or logins",
+      "members_added": "{addedCount} new {addedCount, plural, one {member was} other {members were}} added to the organization.",
+      "already_members": "{count, plural, one {# user was} other {# users were}} already in the organization.",
+      "accounts_not_found": "{notFoundCount} {notFoundCount, plural, one {user was} other {users were}} not found.",
+      "invalid_email_address": "Invalid email address: {email}.",
+    },
     "change_role_modal": {
       "title": "Choose role for {name}",
       "button_label": "Change Role"

diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
@@ -21,6 +21,7 @@
   import OrgMemberTable from './OrgMemberTable.svelte';
   import ProjectTable from '$lib/components/Projects/ProjectTable.svelte';
   import type { UUID } from 'crypto';
+  import BulkAddOrgMembers from './BulkAddOrgMembers.svelte';
 
   export let data: PageData;
   $: user = data.user;
@@ -102,6 +103,7 @@
         <span class="i-mdi-account-plus-outline text-2xl" />
       </Button>
       <AddOrgMemberModal bind:this={addOrgMemberModal} orgId={org.id} />
+      <BulkAddOrgMembers orgId={org.id} />
     {/if}
   </svelte:fragment>
   <div slot="title" class="max-w-full flex items-baseline flex-wrap">

diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.ts b/frontend/src/routes/(authenticated)/org/[org_id]/+page.ts
@@ -1,6 +1,7 @@
 import type {
   $OpResult,
   AddOrgMemberMutation,
+  BulkAddOrgMembersMutation,
   ChangeOrgMemberRoleMutation,
   ChangeOrgNameInput,
   ChangeOrgNameMutation,
@@ -109,14 +110,6 @@ export async function _deleteOrgUser(orgId: string, userId: string): $OpResult<D
           changeOrgMemberRole(input: $input) {
             organization {
               id
-              members {
-                id
-                role
-                user {
-                  id
-                  name
-                }
-              }
             }
           }
         }
@@ -135,14 +128,6 @@ export async function _addOrgMember(orgId: UUID, emailOrUsername: string, role:
           setOrgMemberRole(input: $input) {
             organization {
               id
-              members {
-                id
-                role
-                user {
-                  id
-                  name
-                }
-              }
             }
             errors {
               __typename
@@ -158,6 +143,38 @@ export async function _addOrgMember(orgId: UUID, emailOrUsername: string, role:
   return result;
 }
 
+export async function _bulkAddOrgMembers(orgId: UUID, usernames: string[], role: OrgRole): $OpResult<BulkAddOrgMembersMutation> {
+  //language=GraphQL
+  const result = await getClient()
+    .mutation(
+      graphql(`
+        mutation BulkAddOrgMembers($input: BulkAddOrgMembersInput!) {
+          bulkAddOrgMembers(input: $input) {
+            bulkAddOrgMembersResult {
+              addedMembers {
+                username
+                role
+              }
+              existingMembers {
+                username
+                role
+              }
+              notFoundMembers {
+                username
+                role
+              }
+            }
+            errors {
+              __typename
+            }
+          }
+        }
+      `),
+      { input: { orgId, usernames, role } }
+    );
+  return result;
+}
+
 export async function _orgMemberById(orgId: UUID, userId: UUID): Promise<OrgMemberDto> {
   //language=GraphQL
   const result = await getClient()
@@ -201,14 +218,6 @@ export async function _changeOrgMemberRole(orgId: string, userId: string, role:
           changeOrgMemberRole(input: $input) {
             organization {
               id
-              members {
-                id
-                role
-                user {
-                  id
-                  name
-                }
-              }
             }
             errors {
               __typename