From 6d6e5396c03fe7f46b2aef2891c10d4599b8d3a7 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Tue, 23 Jul 2024 08:48:31 +0700
Subject: [PATCH] Bulk-add users to existing org (#887)

* Add GQL mutation for bulk-adding org members

Most of this code is identical to the bulk-add code in ProjectMutations,
but the org version explicitly does *not* invite members if an email
address is not found. Instead, any usernames or emails not found are
returned to the frontend so that the user can take appropriate action.

* Add frontend UI to bulk-add members to orgs

* Fix GraphQL invalidation

Since the org page query asks for `orgById`, the GraphQL cache is
caching the type OrgById rather than the type Organization.

While we're at it, we also invalidate the OrgById cache for a few other
mutations like adding and removing members from an org. And we stop
asking for the mutation to return the list of org members, because the
org admins don't have permission to access the .members field of orgs in
normal queries, only in the orgById query. This stops the GraphQL
permissions error that was popping up when org admins tried to do these
operations.

---------

Co-authored-by: Kevin Hahn <kevin_hahn@sil.org>
---
 backend/LexBoxApi/GraphQL/OrgMutations.cs     |  48 ++++++
 .../LexBoxApi/Services/PermissionService.cs   |   5 +
 .../ServiceInterfaces/IPermissionService.cs   |   1 +
 frontend/schema.graphql                       |  29 ++++
 .../components/Badges/OrgMemberBadge.svelte   |  25 +++
 frontend/src/lib/gql/gql-client.ts            |  12 ++
 frontend/src/lib/i18n/locales/en.json         |  15 ++
 .../(authenticated)/org/[org_id]/+page.svelte |   2 +
 .../(authenticated)/org/[org_id]/+page.ts     |  57 ++++---
 .../org/[org_id]/BulkAddOrgMembers.svelte     | 158 ++++++++++++++++++
 10 files changed, 328 insertions(+), 24 deletions(-)
 create mode 100644 frontend/src/lib/components/Badges/OrgMemberBadge.svelte
 create mode 100644 frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte

diff --git a/backend/LexBoxApi/GraphQL/OrgMutations.cs b/backend/LexBoxApi/GraphQL/OrgMutations.cs
index e7d6ae56e..f76cc5080 100644
--- a/backend/LexBoxApi/GraphQL/OrgMutations.cs
+++ b/backend/LexBoxApi/GraphQL/OrgMutations.cs
@@ -196,6 +196,54 @@ private async Task UpdateOrgMemberRole(LexBoxDbContext dbContext, Organization o
         await dbContext.SaveChangesAsync();
     }
 
+    public record BulkAddOrgMembersInput(Guid OrgId, string[] Usernames, OrgRole Role);
+    public record OrgMemberRole(string Username, OrgRole Role);
+    public record BulkAddOrgMembersResult(List<OrgMemberRole> AddedMembers, List<OrgMemberRole> NotFoundMembers, List<OrgMemberRole> ExistingMembers);
+
+    [Error<NotFoundException>]
+    [Error<DbError>]
+    [Error<UnauthorizedAccessException>]
+    [UseMutationConvention]
+    public async Task<BulkAddOrgMembersResult> BulkAddOrgMembers(
+        BulkAddOrgMembersInput input,
+        IPermissionService permissionService,
+        LexBoxDbContext dbContext)
+    {
+        permissionService.AssertCanEditOrg(input.OrgId);
+        var orgExists = await dbContext.Orgs.AnyAsync(o => o.Id == input.OrgId);
+        if (!orgExists) throw NotFoundException.ForType<Organization>();
+        List<OrgMemberRole> AddedMembers = [];
+        List<OrgMemberRole> ExistingMembers = [];
+        List<OrgMemberRole> NotFoundMembers = [];
+        var existingUsers = await dbContext.Users.Include(u => u.Organizations).Where(u => input.Usernames.Contains(u.Username) || input.Usernames.Contains(u.Email)).ToArrayAsync();
+        var byUsername = existingUsers.Where(u => u.Username is not null).ToDictionary(u => u.Username!);
+        var byEmail = existingUsers.Where(u => u.Email is not null).ToDictionary(u => u.Email!);
+        foreach (var usernameOrEmail in input.Usernames)
+        {
+            var user = byUsername.GetValueOrDefault(usernameOrEmail) ?? byEmail.GetValueOrDefault(usernameOrEmail);
+            if (user is null)
+            {
+                NotFoundMembers.Add(new OrgMemberRole(usernameOrEmail, input.Role));
+            }
+            else
+            {
+                var userOrg = user.Organizations.FirstOrDefault(p => p.OrgId == input.OrgId);
+                if (userOrg is not null)
+                {
+                    ExistingMembers.Add(new OrgMemberRole(user.Username ?? user.Email!, userOrg.Role));
+                }
+                else
+                {
+                    AddedMembers.Add(new OrgMemberRole(user.Username ?? user.Email!, input.Role));
+                    // Not yet a member, so add a membership. We don't want to touch existing memberships, which might have other roles
+                    user.Organizations.Add(new OrgMember { Role = input.Role, OrgId = input.OrgId, UserId = user.Id });
+                }
+            }
+        }
+        await dbContext.SaveChangesAsync();
+        return new BulkAddOrgMembersResult(AddedMembers, NotFoundMembers, ExistingMembers);
+    }
+
     [Error<NotFoundException>]
     [Error<DbError>]
     [Error<RequiredException>]
diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
index d83a7fa42..661e30fbd 100644
--- a/backend/LexBoxApi/Services/PermissionService.cs
+++ b/backend/LexBoxApi/Services/PermissionService.cs
@@ -164,6 +164,11 @@ public bool CanEditOrg(Guid orgId)
         return false;
     }
 
+    public void AssertCanEditOrg(Guid orgId)
+    {
+        if (!CanEditOrg(orgId)) throw new UnauthorizedAccessException();
+    }
+
     public void AssertCanEditOrg(Organization org)
     {
         if (!CanEditOrg(org.Id)) throw new UnauthorizedAccessException();
diff --git a/backend/LexCore/ServiceInterfaces/IPermissionService.cs b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
index e63271ced..7a626ddb1 100644
--- a/backend/LexCore/ServiceInterfaces/IPermissionService.cs
+++ b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
@@ -34,5 +34,6 @@ public interface IPermissionService
     bool IsOrgMember(Guid orgId);
     bool CanEditOrg(Guid orgId);
     void AssertCanEditOrg(Organization org);
+    void AssertCanEditOrg(Guid orgId);
     void AssertCanAddProjectToOrg(Organization org);
 }
diff --git a/frontend/schema.graphql b/frontend/schema.graphql
index 2f5792744..858db9aa1 100644
--- a/frontend/schema.graphql
+++ b/frontend/schema.graphql
@@ -31,6 +31,17 @@ type AuthUserProject {
   projectId: UUID!
 }
 
+type BulkAddOrgMembersPayload {
+  bulkAddOrgMembersResult: BulkAddOrgMembersResult
+  errors: [BulkAddOrgMembersError!]
+}
+
+type BulkAddOrgMembersResult {
+  addedMembers: [OrgMemberRole!]!
+  notFoundMembers: [OrgMemberRole!]!
+  existingMembers: [OrgMemberRole!]!
+}
+
 type BulkAddProjectMembersPayload {
   bulkAddProjectMembersResult: BulkAddProjectMembersResult
   errors: [BulkAddProjectMembersError!]
@@ -208,6 +219,7 @@ type Mutation {
   removeProjectFromOrg(input: RemoveProjectFromOrgInput!): RemoveProjectFromOrgPayload!
   setOrgMemberRole(input: SetOrgMemberRoleInput!): SetOrgMemberRolePayload!
   changeOrgMemberRole(input: ChangeOrgMemberRoleInput!): ChangeOrgMemberRolePayload!
+  bulkAddOrgMembers(input: BulkAddOrgMembersInput!): BulkAddOrgMembersPayload!
   changeOrgName(input: ChangeOrgNameInput!): ChangeOrgNamePayload!
   createProject(input: CreateProjectInput!): CreateProjectPayload! @authorize(policy: "VerifiedEmailRequiredPolicy")
   addProjectMember(input: AddProjectMemberInput!): AddProjectMemberPayload!
@@ -293,6 +305,11 @@ type OrgMemberDtoCreatedBy {
   name: String!
 }
 
+type OrgMemberRole {
+  username: String!
+  role: OrgRole!
+}
+
 type OrgProjects {
   org: Organization!
   project: Project!
@@ -418,6 +435,10 @@ type SoftDeleteProjectPayload {
   errors: [SoftDeleteProjectError!]
 }
 
+type UnauthorizedAccessError implements Error {
+  message: String!
+}
+
 type UniqueValueError implements Error {
   message: String!
 }
@@ -462,6 +483,8 @@ union AddProjectMemberError = NotFoundError | DbError | ProjectMembersMustBeVeri
 
 union AddProjectToOrgError = DbError | NotFoundError
 
+union BulkAddOrgMembersError = NotFoundError | DbError | UnauthorizedAccessError
+
 union BulkAddProjectMembersError = NotFoundError | InvalidEmailError | DbError
 
 union ChangeOrgMemberRoleError = DbError | NotFoundError
@@ -518,6 +541,12 @@ input BooleanOperationFilterInput {
   neq: Boolean
 }
 
+input BulkAddOrgMembersInput {
+  orgId: UUID!
+  usernames: [String!]!
+  role: OrgRole!
+}
+
 input BulkAddProjectMembersInput {
   projectId: UUID
   usernames: [String!]!
diff --git a/frontend/src/lib/components/Badges/OrgMemberBadge.svelte b/frontend/src/lib/components/Badges/OrgMemberBadge.svelte
new file mode 100644
index 000000000..c9894fd3b
--- /dev/null
+++ b/frontend/src/lib/components/Badges/OrgMemberBadge.svelte
@@ -0,0 +1,25 @@
+<script lang="ts">
+  import { OrgRole } from '$lib/gql/types';
+  import FormatUserOrgRole from '../Orgs/FormatUserOrgRole.svelte';
+  import ActionBadge from './ActionBadge.svelte';
+  import Badge from './Badge.svelte';
+  export let member: { name: string; role: OrgRole };
+  export let canManage = false;
+
+  export let type: 'existing' | 'new' = 'existing';
+  $: actionIcon = (type === 'existing' ? 'i-mdi-dots-vertical' as const : 'i-mdi-close' as const);
+  $: variant = member.role === OrgRole.Admin ? 'btn-primary' as const : 'btn-secondary' as const;
+</script>
+
+<ActionBadge {actionIcon} {variant} disabled={!canManage} on:action>
+  <span class="pr-3 whitespace-nowrap overflow-ellipsis overflow-x-clip" title={member.name}>
+    {member.name}
+  </span>
+
+  <!-- justify the name left and the role right -->
+  <span class="flex-grow" />
+
+  <Badge>
+    <FormatUserOrgRole role={member.role} />
+  </Badge>
+</ActionBadge>
diff --git a/frontend/src/lib/gql/gql-client.ts b/frontend/src/lib/gql/gql-client.ts
index d4f79fcd0..0d0cabb4a 100644
--- a/frontend/src/lib/gql/gql-client.ts
+++ b/frontend/src/lib/gql/gql-client.ts
@@ -28,6 +28,9 @@ import {
   type BulkAddProjectMembersMutationVariables,
   type DeleteDraftProjectMutationVariables,
   type MutationAddProjectToOrgArgs,
+  type BulkAddOrgMembersMutationVariables,
+  type ChangeOrgMemberRoleMutationVariables,
+  type AddOrgMemberMutationVariables,
 } from './types';
 import type {Readable, Unsubscriber} from 'svelte/store';
 import {derived} from 'svelte/store';
@@ -70,6 +73,15 @@ function createGqlClient(_gqlEndpoint?: string): Client {
                 cache.invalidate({__typename: 'Project', id: args.input.projectId});
               }
             },
+            bulkAddOrgMembers: (result, args: BulkAddOrgMembersMutationVariables, cache, _info) => {
+              cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+            },
+            changeOrgMemberRole: (result, args: ChangeOrgMemberRoleMutationVariables, cache, _info) => {
+              cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+            },
+            setOrgMemberRole: (result, args: AddOrgMemberMutationVariables, cache, _info) => {
+              cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+            },
             leaveProject: (result, args: LeaveProjectMutationVariables, cache, _info) => {
               cache.invalidate({__typename: 'Project', id: args.input.projectId});
             },
diff --git a/frontend/src/lib/i18n/locales/en.json b/frontend/src/lib/i18n/locales/en.json
index 24ed816d7..5a1a9dec1 100644
--- a/frontend/src/lib/i18n/locales/en.json
+++ b/frontend/src/lib/i18n/locales/en.json
@@ -263,6 +263,21 @@ the [Linguistics Institute at Payap University](https://li.payap.ac.th/) in Chia
       "user_needs_to_relogin": "Added members will need to log out and back in again before they see the new organization.",
       "invalid_email_address": "Invalid email address: {email}",
     },
+    "bulk_add_members": {
+      "add_button": "Bulk Add Members",
+      "explanation": "Adds all the entered logins and emails to this organization. Unlike the bulk-add feature for projects, new accounts will NOT be automatically created.",
+      "modal_title": "Bulk Add Members",
+      "submit_button": "Add Members",
+      "finish_button": "Close",
+      "usernames": "Logins or emails (one per line)",
+      "usernames_description": "This should be the **email or Send/Receive login** for existing accounts",
+      "invalid_username": "Invalid login/username: {username}. Only letters, numbers, and underscore (_) characters are allowed.",
+      "empty_user_field": "Please enter email addresses and/or logins",
+      "members_added": "{addedCount} new {addedCount, plural, one {member was} other {members were}} added to the organization.",
+      "already_members": "{count, plural, one {# user was} other {# users were}} already in the organization.",
+      "accounts_not_found": "{notFoundCount} {notFoundCount, plural, one {user was} other {users were}} not found.",
+      "invalid_email_address": "Invalid email address: {email}.",
+    },
     "change_role_modal": {
       "title": "Choose role for {name}",
       "button_label": "Change Role"
diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
index 3de1d91f7..26624b8b7 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
@@ -21,6 +21,7 @@
   import OrgMemberTable from './OrgMemberTable.svelte';
   import ProjectTable from '$lib/components/Projects/ProjectTable.svelte';
   import type { UUID } from 'crypto';
+  import BulkAddOrgMembers from './BulkAddOrgMembers.svelte';
 
   export let data: PageData;
   $: user = data.user;
@@ -102,6 +103,7 @@
         <span class="i-mdi-account-plus-outline text-2xl" />
       </Button>
       <AddOrgMemberModal bind:this={addOrgMemberModal} orgId={org.id} />
+      <BulkAddOrgMembers orgId={org.id} />
     {/if}
   </svelte:fragment>
   <div slot="title" class="max-w-full flex items-baseline flex-wrap">
diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.ts b/frontend/src/routes/(authenticated)/org/[org_id]/+page.ts
index 2b453aa40..d07e27ad2 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/+page.ts
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/+page.ts
@@ -1,6 +1,7 @@
 import type {
   $OpResult,
   AddOrgMemberMutation,
+  BulkAddOrgMembersMutation,
   ChangeOrgMemberRoleMutation,
   ChangeOrgNameInput,
   ChangeOrgNameMutation,
@@ -109,14 +110,6 @@ export async function _deleteOrgUser(orgId: string, userId: string): $OpResult<D
           changeOrgMemberRole(input: $input) {
             organization {
               id
-              members {
-                id
-                role
-                user {
-                  id
-                  name
-                }
-              }
             }
           }
         }
@@ -135,14 +128,6 @@ export async function _addOrgMember(orgId: UUID, emailOrUsername: string, role:
           setOrgMemberRole(input: $input) {
             organization {
               id
-              members {
-                id
-                role
-                user {
-                  id
-                  name
-                }
-              }
             }
             errors {
               __typename
@@ -158,6 +143,38 @@ export async function _addOrgMember(orgId: UUID, emailOrUsername: string, role:
   return result;
 }
 
+export async function _bulkAddOrgMembers(orgId: UUID, usernames: string[], role: OrgRole): $OpResult<BulkAddOrgMembersMutation> {
+  //language=GraphQL
+  const result = await getClient()
+    .mutation(
+      graphql(`
+        mutation BulkAddOrgMembers($input: BulkAddOrgMembersInput!) {
+          bulkAddOrgMembers(input: $input) {
+            bulkAddOrgMembersResult {
+              addedMembers {
+                username
+                role
+              }
+              existingMembers {
+                username
+                role
+              }
+              notFoundMembers {
+                username
+                role
+              }
+            }
+            errors {
+              __typename
+            }
+          }
+        }
+      `),
+      { input: { orgId, usernames, role } }
+    );
+  return result;
+}
+
 export async function _orgMemberById(orgId: UUID, userId: UUID): Promise<OrgMemberDto> {
   //language=GraphQL
   const result = await getClient()
@@ -201,14 +218,6 @@ export async function _changeOrgMemberRole(orgId: string, userId: string, role:
           changeOrgMemberRole(input: $input) {
             organization {
               id
-              members {
-                id
-                role
-                user {
-                  id
-                  name
-                }
-              }
             }
             errors {
               __typename
diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
new file mode 100644
index 000000000..b3a03a145
--- /dev/null
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
@@ -0,0 +1,158 @@
+<script lang="ts">
+  import Button from '$lib/forms/Button.svelte';
+  import { DialogResponse, FormModal, type FormSubmitReturn } from '$lib/components/modals';
+  import { TextArea, isEmail } from '$lib/forms';
+  import { OrgRole, type BulkAddOrgMembersResult } from '$lib/gql/types';
+  import t from '$lib/i18n';
+  import { z } from 'zod';
+  import { _bulkAddOrgMembers } from './+page';
+  import Icon from '$lib/icons/Icon.svelte';
+  import BadgeList from '$lib/components/Badges/BadgeList.svelte';
+  import { distinct } from '$lib/util/array';
+  import { SupHelp, helpLinks } from '$lib/components/help';
+  import { usernameRe } from '$lib/user';
+  import OrgMemberBadge from '$lib/components/Badges/OrgMemberBadge.svelte';
+  import type { UUID } from 'crypto';
+  import { invalidate } from '$app/navigation';
+
+  enum BulkAddSteps {
+    Add,
+    Results,
+  }
+
+  let currentStep = BulkAddSteps.Add;
+
+  export let orgId: string;
+  const schema = z.object({
+    usernamesText: z.string().trim().min(1, $t('org_page.bulk_add_members.empty_user_field')),
+  });
+
+  let formModal: FormModal<typeof schema>;
+  $: form = formModal?.form();
+
+  let addedMembers: BulkAddOrgMembersResult['addedMembers'] = [];
+  let notFoundMembers: BulkAddOrgMembersResult['notFoundMembers'] = [];
+  let existingMembers: BulkAddOrgMembersResult['existingMembers'] = [];
+
+  function validateBulkAddInput(usernames: string[]): FormSubmitReturn<typeof schema> {
+    if (usernames.length === 0) return { usernamesText: [$t('org_page.bulk_add_members.empty_user_field')] };
+
+    for (const username of usernames) {
+      if (username.includes('@')) {
+        if (!isEmail(username)) return { usernamesText: [$t('org_page.bulk_add_members.invalid_email_address', { email: username })] };
+      } else if (!usernameRe.test(username)) {
+        return { usernamesText: [$t('org_page.bulk_add_members.invalid_username', { username })] };
+      }
+    }
+  }
+
+  async function openModal(): Promise<void> {
+    currentStep = BulkAddSteps.Add;
+    const { response } = await formModal.open(undefined, async (state) => {
+      const usernames = state.usernamesText.currentValue
+        .split('\n')
+        // Remove whitespace
+        .map(s => s.trim())
+        // Remove empty lines before validating, otherwise final newline would count as invalid because empty string
+        .filter(s => s)
+        .filter(distinct);
+
+      const bulkErrors = validateBulkAddInput(usernames);
+      if (bulkErrors) return bulkErrors;
+
+      const { error, data } = await _bulkAddOrgMembers(
+        orgId as UUID,
+        usernames,
+        OrgRole.User,
+      );
+
+      addedMembers = data?.bulkAddOrgMembers.bulkAddOrgMembersResult?.addedMembers ?? [];
+      notFoundMembers = data?.bulkAddOrgMembers.bulkAddOrgMembersResult?.notFoundMembers ?? [];
+      existingMembers = data?.bulkAddOrgMembers.bulkAddOrgMembersResult?.existingMembers ?? [];
+      return error?.message;
+    }, { keepOpenOnSubmit: true });
+
+    if (response === DialogResponse.Submit) {
+      await invalidate(`org:${orgId}`);
+      currentStep = BulkAddSteps.Results;
+    }
+  }
+</script>
+
+<Button variant="btn-success" on:click={openModal}>
+  {$t('org_page.bulk_add_members.add_button')}
+  <span class="i-mdi-account-multiple-plus-outline text-2xl" />
+</Button>
+
+<FormModal bind:this={formModal} {schema} let:errors>
+    <span slot="title">
+      {$t('org_page.bulk_add_members.modal_title')}
+      <SupHelp helpLink={helpLinks.bulkAddCreate} />
+    </span>
+    {#if currentStep == BulkAddSteps.Add}
+      <p class="mb-2">{$t('org_page.bulk_add_members.explanation')}</p>
+      <div class="contents usernames">
+        <TextArea
+          id="usernamesText"
+          label={$t('org_page.bulk_add_members.usernames')}
+          description={$t('org_page.bulk_add_members.usernames_description')}
+          bind:value={$form.usernamesText}
+          error={errors.usernamesText}
+        />
+      </div>
+    {:else if currentStep == BulkAddSteps.Results}
+      <div class="mb-4">
+        <p class="flex gap-1 items-center">
+          <Icon icon="i-mdi-plus" color="text-success" />
+          {$t('org_page.bulk_add_members.members_added', {addedCount: addedMembers.length})}
+        </p>
+        {#if addedMembers.length > 0}
+          <div class="mt-2">
+            <BadgeList>
+              {#each addedMembers as user}
+              <OrgMemberBadge member={{ name: user.username, role: user.role }} />
+              {/each}
+            </BadgeList>
+          </div>
+        {/if}
+      </div>
+      <div class="mb-4">
+        <p class="flex gap-1 items-center">
+          <Icon icon="i-mdi-account-off" color="text-info" />
+          {$t('org_page.bulk_add_members.accounts_not_found', {notFoundCount: notFoundMembers.length})}
+        </p>
+        {#if notFoundMembers.length > 0}
+          <div class="mt-2">
+            <BadgeList>
+              {#each notFoundMembers as user}
+                <OrgMemberBadge member={{ name: user.username, role: user.role }} />
+              {/each}
+            </BadgeList>
+          </div>
+        {/if}
+      </div>
+      {#if existingMembers.length > 0}
+        <p class="flex gap-1 items-center">
+          <Icon icon="i-mdi-account-outline" color="text-info" />
+          {$t('org_page.bulk_add_members.already_members', {count: existingMembers.length})}
+        </p>
+        <div class="mt-2">
+          <BadgeList>
+            {#each existingMembers as user}
+              <OrgMemberBadge member={{ name: user.username, role: user.role }} />
+            {/each}
+          </BadgeList>
+        </div>
+      {/if}
+    {:else}
+      <p>Internal error: unknown step {currentStep}</p>
+    {/if}
+    <span slot="submitText">{$t('org_page.bulk_add_members.submit_button')}</span>
+    <span slot="closeText">{$t('org_page.bulk_add_members.finish_button')}</span>
+  </FormModal>
+
+<style lang="postcss">
+  .usernames :global(.description) {
+    @apply text-success;
+  }
+</style>