From 5cd1accdddce9710179881a4f74be9f019bdfb57 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Mon, 13 Jan 2025 13:53:25 -0500
Subject: [PATCH 1/7] Backend changes so org admins can invite guest users

---
 .../LexBoxApi/Controllers/LoginController.cs  |  2 +-
 backend/LexBoxApi/GraphQL/ProjectMutations.cs |  7 +++++-
 backend/LexBoxApi/GraphQL/UserMutations.cs    |  3 ++-
 .../LexBoxApi/Services/PermissionService.cs   | 24 +++++++++++++++++++
 .../ServiceInterfaces/IPermissionService.cs   |  4 ++++
 5 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/backend/LexBoxApi/Controllers/LoginController.cs b/backend/LexBoxApi/Controllers/LoginController.cs
index 3d4f6d21b..8c6f76e5a 100644
--- a/backend/LexBoxApi/Controllers/LoginController.cs
+++ b/backend/LexBoxApi/Controllers/LoginController.cs
@@ -170,7 +170,7 @@ public async Task<ActionResult<LexAuthUser>> VerifyEmail(
 
         user.Email = loggedInContext.User.Email;
         user.EmailVerified = true;
-        // Guest ussers are promoted to "regular" users once they verify an email address
+        // Guest users are promoted to "regular" users once they verify an email address
         user.CreatedById = null;
         user.UpdateUpdatedDate();
         await lexBoxDbContext.SaveChangesAsync();
diff --git a/backend/LexBoxApi/GraphQL/ProjectMutations.cs b/backend/LexBoxApi/GraphQL/ProjectMutations.cs
index 55e2b8ed5..c57243ff5 100644
--- a/backend/LexBoxApi/GraphQL/ProjectMutations.cs
+++ b/backend/LexBoxApi/GraphQL/ProjectMutations.cs
@@ -134,9 +134,9 @@ public record BulkAddProjectMembersResult(List<UserProjectRole> AddedMembers, Li
     [Error<NotFoundException>]
     [Error<InvalidEmailException>]
     [Error<DbError>]
-    [AdminRequired]
     [UseMutationConvention]
     public async Task<BulkAddProjectMembersResult> BulkAddProjectMembers(
+        IPermissionService permissionService,
         LoggedInContext loggedInContext,
         BulkAddProjectMembersInput input,
         LexBoxDbContext dbContext)
@@ -145,6 +145,11 @@ public async Task<BulkAddProjectMembersResult> BulkAddProjectMembers(
         {
             var projectExists = await dbContext.Projects.AnyAsync(p => p.Id == input.ProjectId.Value);
             if (!projectExists) throw new NotFoundException("Project not found", "project");
+            await permissionService.AssertCanCreateGuestUserInProject(input.ProjectId.Value);
+        }
+        else
+        {
+            permissionService.AssertCanCreateGuestUserInAnyProject();
         }
         List<UserProjectRole> AddedMembers = [];
         List<UserProjectRole> CreatedMembers = [];
diff --git a/backend/LexBoxApi/GraphQL/UserMutations.cs b/backend/LexBoxApi/GraphQL/UserMutations.cs
index 72e92252e..634138d03 100644
--- a/backend/LexBoxApi/GraphQL/UserMutations.cs
+++ b/backend/LexBoxApi/GraphQL/UserMutations.cs
@@ -96,8 +96,8 @@ IEmailService emailService
     [Error<DbError>]
     [Error<UniqueValueException>]
     [Error<RequiredException>]
-    [AdminRequired]
     public async Task<LexAuthUser> CreateGuestUserByAdmin(
+        IPermissionService permissionService,
         LoggedInContext loggedInContext,
         CreateGuestUserByAdminInput input,
         LexBoxDbContext dbContext,
@@ -105,6 +105,7 @@ IEmailService emailService
     )
     {
         using var createGuestUserActivity = LexBoxActivitySource.Get().StartActivity("CreateGuestUser");
+        permissionService.AssertCanCreateGuestUserInAnyProject();
 
         var hasExistingUser = input.Email is null && input.Username is null
             ? throw new RequiredException("Guest users must have either an email or a username")
diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
index 983461be7..656b773dd 100644
--- a/backend/LexBoxApi/Services/PermissionService.cs
+++ b/backend/LexBoxApi/Services/PermissionService.cs
@@ -141,6 +141,30 @@ public async ValueTask AssertCanManageProjectMemberRole(Guid projectId, Guid use
             throw new UnauthorizedAccessException("Not allowed to change own project role.");
     }
 
+    public async ValueTask<bool> CanCreateGuestUserInProject(Guid projectId)
+    {
+        if (User is null) return false;
+        if (User.Role == UserRole.admin) return true;
+        return await ManagesOrgThatOwnsProject(projectId);
+    }
+
+    public async ValueTask AssertCanCreateGuestUserInProject(Guid projectId)
+    {
+        if (!await CanCreateGuestUserInProject(projectId)) throw new UnauthorizedAccessException();
+    }
+
+    public bool CanCreateGuestUserInAnyProject()
+    {
+        if (User is null) return false;
+        if (User.Role == UserRole.admin) return true;
+        return User.Orgs.Any(o => o.Role == OrgRole.Admin);
+    }
+
+    public void AssertCanCreateGuestUserInAnyProject()
+    {
+        if (!CanCreateGuestUserInAnyProject()) throw new UnauthorizedAccessException();
+    }
+
     public async ValueTask<bool> CanAskToJoinProject(Guid projectId)
     {
         if (User is null) return false;
diff --git a/backend/LexCore/ServiceInterfaces/IPermissionService.cs b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
index f575a4af3..f7e486382 100644
--- a/backend/LexCore/ServiceInterfaces/IPermissionService.cs
+++ b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
@@ -20,6 +20,10 @@ public interface IPermissionService
     ValueTask AssertCanManageProject(Guid projectId);
     ValueTask AssertCanManageProject(string projectCode);
     ValueTask AssertCanManageProjectMemberRole(Guid projectId, Guid userId);
+    ValueTask<bool> CanCreateGuestUserInProject(Guid projectId);
+    ValueTask AssertCanCreateGuestUserInProject(Guid projectId);
+    bool CanCreateGuestUserInAnyProject();
+    void AssertCanCreateGuestUserInAnyProject();
     ValueTask<bool> CanAskToJoinProject(Guid projectId);
     ValueTask<bool> CanAskToJoinProject(string projectCode);
     ValueTask AssertCanAskToJoinProject(Guid projectId);

From 6e6a0231b0111000cb70ebc61c04f2106aa19792 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Mon, 13 Jan 2025 15:57:20 -0500
Subject: [PATCH 2/7] Frontend changes so org admins can invite guest users

---
 .../(authenticated)/org/[org_id]/+page.svelte  | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
index 9417d1d4e..f225a21f4 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
@@ -25,6 +25,10 @@
   import BulkAddOrgMembers from './BulkAddOrgMembers.svelte';
   import Dropdown from '$lib/components/Dropdown.svelte';
   import AddMyProjectsToOrgModal from './AddMyProjectsToOrgModal.svelte';
+  import CreateUserModal from '$lib/components/Users/CreateUserModal.svelte';
+  import {createGuestUserByAdmin, type LexAuthUser} from '$lib/user';
+  import {Duration} from '$lib/util/time';
+  import {browser} from '$app/environment';
 
   export let data: PageData;
   $: user = data.user;
@@ -113,6 +117,11 @@
       await goto('/');
     }
   }
+
+  let createUserModal: CreateUserModal;
+  function onUserCreated(user: LexAuthUser): void {
+    notifySuccess($t('admin_dashboard.notifications.user_created', { name: user.name }), Duration.Long);
+  }
 </script>
 
 <PageBreadcrumb href="/org/list">{$t('org.table.title')}</PageBreadcrumb>
@@ -130,6 +139,14 @@
       </Button>
       <AddOrgMemberModal bind:this={addOrgMemberModal} {org} />
       <BulkAddOrgMembers orgId={org.id} />
+      <!-- svelte-ignore a11y-no-static-element-interactions -->
+      <svelte:element this={browser ? 'button' : 'div'} class="btn btn-sm btn-success max-xs:btn-square"
+        on:click={() => createUserModal.open()}>
+        <span class="admin-tabs:hidden">
+          {$t('admin_dashboard.create_user_modal.create_user')}
+        </span>
+        <span class="i-mdi-plus text-2xl" />
+      </svelte:element>
     {/if}
   </svelte:fragment>
   <div slot="title" class="max-w-full flex items-baseline flex-wrap">
@@ -223,3 +240,4 @@
 <ConfirmDeleteModal bind:this={deleteOrgModal} i18nScope="delete_org_modal" />
 <ChangeOrgMemberRoleModal orgId={org.id} bind:this={changeMemberRoleModal} />
 <UserModal bind:this={userModal} />
+<CreateUserModal handleSubmit={createGuestUserByAdmin} on:submitted={(e) => onUserCreated(e.detail)} bind:this={createUserModal}/>

From f0bc6a7adede96d975f0beca50d85dc57c39e341 Mon Sep 17 00:00:00 2001
From: Tim Haasdyk <tim_haasdyk@sil.org>
Date: Tue, 14 Jan 2025 17:27:21 +0100
Subject: [PATCH 3/7] Move other org user/member buttons into menu

---
 .../(authenticated)/org/[org_id]/+page.svelte | 39 ++++++++++++-------
 .../org/[org_id]/BulkAddOrgMembers.svelte     |  5 ---
 2 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
index f225a21f4..a8b5d3da5 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
@@ -28,7 +28,7 @@
   import CreateUserModal from '$lib/components/Users/CreateUserModal.svelte';
   import {createGuestUserByAdmin, type LexAuthUser} from '$lib/user';
   import {Duration} from '$lib/util/time';
-  import {browser} from '$app/environment';
+  import IconButton from '$lib/components/IconButton.svelte';
 
   export let data: PageData;
   $: user = data.user;
@@ -67,6 +67,8 @@
     await addOrgMemberModal.openModal();
   }
 
+  let bulkAddMembersModal: BulkAddOrgMembers;
+
   let changeMemberRoleModal: ChangeOrgMemberRoleModal;
   async function openChangeMemberRoleModal(member: OrgUser): Promise<void> {
     await changeMemberRoleModal.open({
@@ -132,21 +134,33 @@
       <AddMyProjectsToOrgModal {user} {org} />
     {/if}
     {#if canManage}
-      <Button variant="btn-success"
+    <div class="join gap-x-0.5">
+      <Button variant="btn-success" class="join-item"
         on:click={openAddOrgMemberModal}>
         {$t('org_page.add_user.add_button')}
         <span class="i-mdi-account-plus-outline text-2xl" />
       </Button>
-      <AddOrgMemberModal bind:this={addOrgMemberModal} {org} />
-      <BulkAddOrgMembers orgId={org.id} />
-      <!-- svelte-ignore a11y-no-static-element-interactions -->
-      <svelte:element this={browser ? 'button' : 'div'} class="btn btn-sm btn-success max-xs:btn-square"
-        on:click={() => createUserModal.open()}>
-        <span class="admin-tabs:hidden">
-          {$t('admin_dashboard.create_user_modal.create_user')}
-        </span>
-        <span class="i-mdi-plus text-2xl" />
-      </svelte:element>
+      <Dropdown>
+        <IconButton icon="i-mdi-menu-down" variant="btn-success" join outline={false} />
+        <ul slot="content" class="menu">
+          <li>
+            <button class="whitespace-nowrap text-success" on:click={() => bulkAddMembersModal.open()}>
+              {$t('org_page.bulk_add_members.add_button')}
+              <Icon icon="i-mdi-account-multiple-plus-outline" />
+            </button>
+          </li>
+          <li>
+            <button class="whitespace-nowrap text-success" on:click={() => createUserModal.open()}>
+              {$t('admin_dashboard.create_user_modal.create_user')}
+              <Icon icon="i-mdi-plus" />
+            </button>
+          </li>
+        </ul>
+      </Dropdown>
+    </div>
+    <CreateUserModal handleSubmit={createGuestUserByAdmin} on:submitted={(e) => onUserCreated(e.detail)} bind:this={createUserModal}/>
+    <AddOrgMemberModal bind:this={addOrgMemberModal} {org} />
+    <BulkAddOrgMembers bind:this={bulkAddMembersModal} orgId={org.id} />
     {/if}
   </svelte:fragment>
   <div slot="title" class="max-w-full flex items-baseline flex-wrap">
@@ -240,4 +254,3 @@
 <ConfirmDeleteModal bind:this={deleteOrgModal} i18nScope="delete_org_modal" />
 <ChangeOrgMemberRoleModal orgId={org.id} bind:this={changeMemberRoleModal} />
 <UserModal bind:this={userModal} />
-<CreateUserModal handleSubmit={createGuestUserByAdmin} on:submitted={(e) => onUserCreated(e.detail)} bind:this={createUserModal}/>
diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
index b3a03a145..54963fb26 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
@@ -79,11 +79,6 @@
   }
 </script>
 
-<Button variant="btn-success" on:click={openModal}>
-  {$t('org_page.bulk_add_members.add_button')}
-  <span class="i-mdi-account-multiple-plus-outline text-2xl" />
-</Button>
-
 <FormModal bind:this={formModal} {schema} let:errors>
     <span slot="title">
       {$t('org_page.bulk_add_members.modal_title')}

From 205c2da3d2aa6c80a0168ac57aa52950a4538ab8 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Tue, 14 Jan 2025 17:49:26 -0500
Subject: [PATCH 4/7] Fix compile and lint errors

---
 .../(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte      | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
index 54963fb26..2fb829259 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/BulkAddOrgMembers.svelte
@@ -1,5 +1,4 @@
 <script lang="ts">
-  import Button from '$lib/forms/Button.svelte';
   import { DialogResponse, FormModal, type FormSubmitReturn } from '$lib/components/modals';
   import { TextArea, isEmail } from '$lib/forms';
   import { OrgRole, type BulkAddOrgMembersResult } from '$lib/gql/types';
@@ -46,7 +45,7 @@
     }
   }
 
-  async function openModal(): Promise<void> {
+  export async function open(): Promise<void> {
     currentStep = BulkAddSteps.Add;
     const { response } = await formModal.open(undefined, async (state) => {
       const usernames = state.usernamesText.currentValue

From 4001568a02d9d81d761c5d587215a3a2101fa523 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Tue, 14 Jan 2025 17:50:32 -0500
Subject: [PATCH 5/7] Increase text contrast on dropdown menu

---
 frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
index a8b5d3da5..d474c518e 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
@@ -144,13 +144,13 @@
         <IconButton icon="i-mdi-menu-down" variant="btn-success" join outline={false} />
         <ul slot="content" class="menu">
           <li>
-            <button class="whitespace-nowrap text-success" on:click={() => bulkAddMembersModal.open()}>
+            <button class="whitespace-nowrap" on:click={() => bulkAddMembersModal.open()}>
               {$t('org_page.bulk_add_members.add_button')}
               <Icon icon="i-mdi-account-multiple-plus-outline" />
             </button>
           </li>
           <li>
-            <button class="whitespace-nowrap text-success" on:click={() => createUserModal.open()}>
+            <button class="whitespace-nowrap" on:click={() => createUserModal.open()}>
               {$t('admin_dashboard.create_user_modal.create_user')}
               <Icon icon="i-mdi-plus" />
             </button>

From 4b02d26861734937bf64a5c266dbb7396e35c7fa Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Wed, 15 Jan 2025 10:21:01 -0500
Subject: [PATCH 6/7] Remove CanCreateGuestUserInAnyProject permission

It was a little confusing, so I consolidated it with
CanCreteGuestUserInProject by making the project ID optional. Site
admins can create guest users without a project ID, but org admins will
be required to specify a project ID when creating guest users.
---
 backend/LexBoxApi/GraphQL/ProjectMutations.cs | 14 ++++---------
 backend/LexBoxApi/GraphQL/UserMutations.cs    |  5 +++--
 .../LexBoxApi/Services/PermissionService.cs   | 20 +++++--------------
 .../ServiceInterfaces/IPermissionService.cs   |  6 ++----
 frontend/schema.graphql                       | 16 +++------------
 5 files changed, 17 insertions(+), 44 deletions(-)

diff --git a/backend/LexBoxApi/GraphQL/ProjectMutations.cs b/backend/LexBoxApi/GraphQL/ProjectMutations.cs
index c57243ff5..739a3b854 100644
--- a/backend/LexBoxApi/GraphQL/ProjectMutations.cs
+++ b/backend/LexBoxApi/GraphQL/ProjectMutations.cs
@@ -141,16 +141,10 @@ public async Task<BulkAddProjectMembersResult> BulkAddProjectMembers(
         BulkAddProjectMembersInput input,
         LexBoxDbContext dbContext)
     {
-        if (input.ProjectId.HasValue)
-        {
-            var projectExists = await dbContext.Projects.AnyAsync(p => p.Id == input.ProjectId.Value);
-            if (!projectExists) throw new NotFoundException("Project not found", "project");
-            await permissionService.AssertCanCreateGuestUserInProject(input.ProjectId.Value);
-        }
-        else
-        {
-            permissionService.AssertCanCreateGuestUserInAnyProject();
-        }
+        await permissionService.AssertCanCreateGuestUserInProject(input.ProjectId);
+        if (input.ProjectId == null) throw new NotFoundException("Project not found", "project");
+        var projectExists = await dbContext.Projects.AnyAsync(p => p.Id == input.ProjectId.Value);
+        if (!projectExists) throw new NotFoundException("Project not found", "project");
         List<UserProjectRole> AddedMembers = [];
         List<UserProjectRole> CreatedMembers = [];
         List<UserProjectRole> ExistingMembers = [];
diff --git a/backend/LexBoxApi/GraphQL/UserMutations.cs b/backend/LexBoxApi/GraphQL/UserMutations.cs
index 634138d03..7cb290a6a 100644
--- a/backend/LexBoxApi/GraphQL/UserMutations.cs
+++ b/backend/LexBoxApi/GraphQL/UserMutations.cs
@@ -34,7 +34,8 @@ public record CreateGuestUserByAdminInput(
         string? Username,
         string Locale,
         string PasswordHash,
-        int PasswordStrength);
+        int PasswordStrength,
+        Guid? ProjectId);
 
     [Error<NotFoundException>]
     [Error<DbError>]
@@ -105,7 +106,7 @@ IEmailService emailService
     )
     {
         using var createGuestUserActivity = LexBoxActivitySource.Get().StartActivity("CreateGuestUser");
-        permissionService.AssertCanCreateGuestUserInAnyProject();
+        permissionService.AssertCanCreateGuestUserInProject(input.ProjectId);
 
         var hasExistingUser = input.Email is null && input.Username is null
             ? throw new RequiredException("Guest users must have either an email or a username")
diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
index 656b773dd..48cfec733 100644
--- a/backend/LexBoxApi/Services/PermissionService.cs
+++ b/backend/LexBoxApi/Services/PermissionService.cs
@@ -141,30 +141,20 @@ public async ValueTask AssertCanManageProjectMemberRole(Guid projectId, Guid use
             throw new UnauthorizedAccessException("Not allowed to change own project role.");
     }
 
-    public async ValueTask<bool> CanCreateGuestUserInProject(Guid projectId)
+    public async ValueTask<bool> CanCreateGuestUserInProject(Guid? projectId)
     {
         if (User is null) return false;
         if (User.Role == UserRole.admin) return true;
-        return await ManagesOrgThatOwnsProject(projectId);
+        // Site admins can create guest users even with no project, anyone else (like org admins) must specify a project ID
+        if (projectId is null) return false;
+        return await ManagesOrgThatOwnsProject(projectId.Value);
     }
 
-    public async ValueTask AssertCanCreateGuestUserInProject(Guid projectId)
+    public async ValueTask AssertCanCreateGuestUserInProject(Guid? projectId)
     {
         if (!await CanCreateGuestUserInProject(projectId)) throw new UnauthorizedAccessException();
     }
 
-    public bool CanCreateGuestUserInAnyProject()
-    {
-        if (User is null) return false;
-        if (User.Role == UserRole.admin) return true;
-        return User.Orgs.Any(o => o.Role == OrgRole.Admin);
-    }
-
-    public void AssertCanCreateGuestUserInAnyProject()
-    {
-        if (!CanCreateGuestUserInAnyProject()) throw new UnauthorizedAccessException();
-    }
-
     public async ValueTask<bool> CanAskToJoinProject(Guid projectId)
     {
         if (User is null) return false;
diff --git a/backend/LexCore/ServiceInterfaces/IPermissionService.cs b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
index f7e486382..97233f5a5 100644
--- a/backend/LexCore/ServiceInterfaces/IPermissionService.cs
+++ b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
@@ -20,10 +20,8 @@ public interface IPermissionService
     ValueTask AssertCanManageProject(Guid projectId);
     ValueTask AssertCanManageProject(string projectCode);
     ValueTask AssertCanManageProjectMemberRole(Guid projectId, Guid userId);
-    ValueTask<bool> CanCreateGuestUserInProject(Guid projectId);
-    ValueTask AssertCanCreateGuestUserInProject(Guid projectId);
-    bool CanCreateGuestUserInAnyProject();
-    void AssertCanCreateGuestUserInAnyProject();
+    ValueTask<bool> CanCreateGuestUserInProject(Guid? projectId);
+    ValueTask AssertCanCreateGuestUserInProject(Guid? projectId);
     ValueTask<bool> CanAskToJoinProject(Guid projectId);
     ValueTask<bool> CanAskToJoinProject(string projectCode);
     ValueTask AssertCanAskToJoinProject(Guid projectId);
diff --git a/frontend/schema.graphql b/frontend/schema.graphql
index 3ee3ef5e3..4fc2500ce 100644
--- a/frontend/schema.graphql
+++ b/frontend/schema.graphql
@@ -254,7 +254,7 @@ type Mutation {
   changeOrgName(input: ChangeOrgNameInput!): ChangeOrgNamePayload! @cost(weight: "10")
   createProject(input: CreateProjectInput!): CreateProjectPayload! @authorize(policy: "VerifiedEmailRequiredPolicy") @cost(weight: "10")
   addProjectMember(input: AddProjectMemberInput!): AddProjectMemberPayload! @cost(weight: "10")
-  bulkAddProjectMembers(input: BulkAddProjectMembersInput!): BulkAddProjectMembersPayload! @authorize(policy: "AdminRequiredPolicy") @cost(weight: "10")
+  bulkAddProjectMembers(input: BulkAddProjectMembersInput!): BulkAddProjectMembersPayload! @cost(weight: "10")
   changeProjectMemberRole(input: ChangeProjectMemberRoleInput!): ChangeProjectMemberRolePayload! @cost(weight: "10")
   askToJoinProject(input: AskToJoinProjectInput!): AskToJoinProjectPayload! @cost(weight: "10")
   changeProjectName(input: ChangeProjectNameInput!): ChangeProjectNamePayload! @cost(weight: "10")
@@ -273,7 +273,7 @@ type Mutation {
   changeUserAccountBySelf(input: ChangeUserAccountBySelfInput!): ChangeUserAccountBySelfPayload! @cost(weight: "10")
   changeUserAccountByAdmin(input: ChangeUserAccountByAdminInput!): ChangeUserAccountByAdminPayload! @authorize(policy: "AdminRequiredPolicy") @cost(weight: "10")
   sendNewVerificationEmailByAdmin(input: SendNewVerificationEmailByAdminInput!): SendNewVerificationEmailByAdminPayload! @authorize(policy: "AdminRequiredPolicy") @cost(weight: "10")
-  createGuestUserByAdmin(input: CreateGuestUserByAdminInput!): CreateGuestUserByAdminPayload! @authorize(policy: "AdminRequiredPolicy") @cost(weight: "10")
+  createGuestUserByAdmin(input: CreateGuestUserByAdminInput!): CreateGuestUserByAdminPayload! @cost(weight: "10")
   deleteUserByAdminOrSelf(input: DeleteUserByAdminOrSelfInput!): DeleteUserByAdminOrSelfPayload! @cost(weight: "10")
   setUserLocked(input: SetUserLockedInput!): SetUserLockedPayload! @authorize(policy: "AdminRequiredPolicy") @cost(weight: "10")
 }
@@ -441,10 +441,8 @@ type Query {
   projectsInMyOrg(input: ProjectsInMyOrgInput! where: ProjectFilterInput @cost(weight: "10") orderBy: [ProjectSortInput!] @cost(weight: "10")): [Project!]! @cost(weight: "10")
   projectById(projectId: UUID!): Project @cost(weight: "10")
   projectByCode(code: String!): Project @cost(weight: "10")
-  draftProjectByCode(code: String!): DraftProject @authorize(policy: "AdminRequiredPolicy") @cost(weight: "10")
   orgs(where: OrganizationFilterInput @cost(weight: "10") orderBy: [OrganizationSortInput!] @cost(weight: "10")): [Organization!]! @cost(weight: "10")
   myOrgs(where: OrganizationFilterInput @cost(weight: "10") orderBy: [OrganizationSortInput!] @cost(weight: "10")): [Organization!]! @cost(weight: "10")
-  usersInMyOrg(skip: Int take: Int where: UserFilterInput @cost(weight: "10") orderBy: [UserSortInput!] @cost(weight: "10")): UsersInMyOrgCollectionSegment @listSize(assumedSize: 1000, slicingArguments: [ "take" ], sizedFields: [ "items" ]) @cost(weight: "10")
   usersICanSee(skip: Int take: Int where: UserFilterInput @cost(weight: "10") orderBy: [UserSortInput!] @cost(weight: "10")): UsersICanSeeCollectionSegment @listSize(assumedSize: 1000, slicingArguments: [ "take" ], sizedFields: [ "items" ]) @cost(weight: "10")
   orgById(orgId: UUID!): OrgById @cost(weight: "10")
   users(skip: Int take: Int where: UserFilterInput @cost(weight: "10") orderBy: [UserSortInput!] @cost(weight: "10")): UsersCollectionSegment @authorize(policy: "AdminRequiredPolicy") @listSize(assumedSize: 1000, slicingArguments: [ "take" ], sizedFields: [ "items" ]) @cost(weight: "10")
@@ -575,15 +573,6 @@ type UsersICanSeeCollectionSegment {
   totalCount: Int! @cost(weight: "10")
 }
 
-"A segment of a collection."
-type UsersInMyOrgCollectionSegment {
-  "Information to aid in pagination."
-  pageInfo: CollectionSegmentInfo!
-  "A flattened list of the items."
-  items: [User!]
-  totalCount: Int! @cost(weight: "10")
-}
-
 union AddProjectMemberError = NotFoundError | DbError | ProjectMembersMustBeVerified | ProjectMembersMustBeVerifiedForRole | ProjectMemberInvitedByEmail | InvalidEmailError | AlreadyExistsError
 
 union AddProjectToOrgError = DbError | NotFoundError
@@ -738,6 +727,7 @@ input CreateGuestUserByAdminInput {
   locale: String!
   passwordHash: String!
   passwordStrength: Int!
+  projectId: UUID
 }
 
 input CreateOrganizationInput {

From a1de5f1b5da029e35350c6c23fd64d995baa1673 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Wed, 15 Jan 2025 10:42:10 -0500
Subject: [PATCH 7/7] CreateGuestUser now adds users to orgs

---
 backend/LexBoxApi/GraphQL/UserMutations.cs         |  8 ++++++--
 backend/LexBoxApi/Services/PermissionService.cs    | 14 ++++++++++++++
 .../ServiceInterfaces/IPermissionService.cs        |  2 ++
 frontend/schema.graphql                            |  2 +-
 frontend/src/lib/gql/gql-client.ts                 |  6 ++++++
 frontend/src/lib/user.ts                           |  3 ++-
 .../(authenticated)/org/[org_id]/+page.svelte      |  6 +++++-
 7 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/backend/LexBoxApi/GraphQL/UserMutations.cs b/backend/LexBoxApi/GraphQL/UserMutations.cs
index 7cb290a6a..ad9ce2e71 100644
--- a/backend/LexBoxApi/GraphQL/UserMutations.cs
+++ b/backend/LexBoxApi/GraphQL/UserMutations.cs
@@ -35,7 +35,7 @@ public record CreateGuestUserByAdminInput(
         string Locale,
         string PasswordHash,
         int PasswordStrength,
-        Guid? ProjectId);
+        Guid? OrgId);
 
     [Error<NotFoundException>]
     [Error<DbError>]
@@ -106,7 +106,7 @@ IEmailService emailService
     )
     {
         using var createGuestUserActivity = LexBoxActivitySource.Get().StartActivity("CreateGuestUser");
-        permissionService.AssertCanCreateGuestUserInProject(input.ProjectId);
+        permissionService.AssertCanCreateGuestUserInOrg(input.OrgId);
 
         var hasExistingUser = input.Email is null && input.Username is null
             ? throw new RequiredException("Guest users must have either an email or a username")
@@ -134,6 +134,10 @@ IEmailService emailService
             CanCreateProjects = false
         };
         createGuestUserActivity?.AddTag("app.user.id", userEntity.Id);
+        if (input.OrgId is not null)
+        {
+            userEntity.Organizations.Add(new OrgMember() { OrgId = input.OrgId.Value, Role = OrgRole.User });
+        }
         dbContext.Users.Add(userEntity);
         await dbContext.SaveChangesAsync();
         if (!string.IsNullOrEmpty(input.Email))
diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
index 48cfec733..b4d582234 100644
--- a/backend/LexBoxApi/Services/PermissionService.cs
+++ b/backend/LexBoxApi/Services/PermissionService.cs
@@ -155,6 +155,20 @@ public async ValueTask AssertCanCreateGuestUserInProject(Guid? projectId)
         if (!await CanCreateGuestUserInProject(projectId)) throw new UnauthorizedAccessException();
     }
 
+    public bool CanCreateGuestUserInOrg(Guid? orgId)
+    {
+        if (User is null) return false;
+        if (User.Role == UserRole.admin) return true;
+        // Site admins can create guest users even with no org, anyone else (like org admins) must specify an org ID
+        if (orgId is null) return false;
+        return CanEditOrg(orgId.Value);
+    }
+
+    public void AssertCanCreateGuestUserInOrg(Guid? orgId)
+    {
+        if (!CanCreateGuestUserInOrg(orgId)) throw new UnauthorizedAccessException();
+    }
+
     public async ValueTask<bool> CanAskToJoinProject(Guid projectId)
     {
         if (User is null) return false;
diff --git a/backend/LexCore/ServiceInterfaces/IPermissionService.cs b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
index 97233f5a5..f1e1f1297 100644
--- a/backend/LexCore/ServiceInterfaces/IPermissionService.cs
+++ b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
@@ -22,6 +22,8 @@ public interface IPermissionService
     ValueTask AssertCanManageProjectMemberRole(Guid projectId, Guid userId);
     ValueTask<bool> CanCreateGuestUserInProject(Guid? projectId);
     ValueTask AssertCanCreateGuestUserInProject(Guid? projectId);
+    bool CanCreateGuestUserInOrg(Guid? orgId);
+    void AssertCanCreateGuestUserInOrg(Guid? orgId);
     ValueTask<bool> CanAskToJoinProject(Guid projectId);
     ValueTask<bool> CanAskToJoinProject(string projectCode);
     ValueTask AssertCanAskToJoinProject(Guid projectId);
diff --git a/frontend/schema.graphql b/frontend/schema.graphql
index 4fc2500ce..20ce63e85 100644
--- a/frontend/schema.graphql
+++ b/frontend/schema.graphql
@@ -727,7 +727,7 @@ input CreateGuestUserByAdminInput {
   locale: String!
   passwordHash: String!
   passwordStrength: Int!
-  projectId: UUID
+  orgId: UUID
 }
 
 input CreateOrganizationInput {
diff --git a/frontend/src/lib/gql/gql-client.ts b/frontend/src/lib/gql/gql-client.ts
index caf3f7e05..7e5dd8d82 100644
--- a/frontend/src/lib/gql/gql-client.ts
+++ b/frontend/src/lib/gql/gql-client.ts
@@ -37,6 +37,7 @@ import {
   type MutationBulkAddProjectMembersArgs,
   type MutationChangeOrgMemberRoleArgs,
   type MutationChangeUserAccountBySelfArgs,
+  type MutationCreateGuestUserByAdminArgs,
   type MutationCreateOrganizationArgs,
   type MutationCreateProjectArgs,
   type MutationDeleteDraftProjectArgs,
@@ -99,6 +100,11 @@ function createGqlClient(_gqlEndpoint?: string): Client {
                 cache.invalidate({__typename: 'Project', id: args.input.projectId});
               }
             },
+            createGuestUserByAdmin: (result, args: MutationCreateGuestUserByAdminArgs, cache, _info) => {
+              if (args.input.orgId) {
+                cache.invalidate({__typename: 'OrgById', id: args.input.orgId});
+              }
+            },
             createOrganization: (result: CreateOrgMutation, args: MutationCreateOrganizationArgs, cache, _info) => {
               cache.invalidate('Query', 'myOrgs');
             },
diff --git a/frontend/src/lib/user.ts b/frontend/src/lib/user.ts
index eb7ae5e8c..cbd14a2a8 100644
--- a/frontend/src/lib/user.ts
+++ b/frontend/src/lib/user.ts
@@ -120,13 +120,14 @@ export function register(password: string, passwordStrength: number, name: strin
 export function acceptInvitation(password: string, passwordStrength: number, name: string, email: string, locale: string, turnstileToken: string): Promise<RegisterResponse> {
   return createUser('/api/User/acceptInvitation', password, passwordStrength, name, email, locale, turnstileToken);
 }
-export async function createGuestUserByAdmin(password: string, passwordStrength: number, name: string, email: string, locale: string, _turnstileToken: string): Promise<RegisterResponse> {
+export async function createGuestUserByAdmin(password: string, passwordStrength: number, name: string, email: string, locale: string, _turnstileToken: string, orgId?: string): Promise<RegisterResponse> {
   const passwordHash = await hash(password);
   const gqlInput: CreateGuestUserByAdminInput = {
     passwordHash,
     passwordStrength,
     name,
     locale,
+    orgId,
   };
   if (email.includes('@')) {
     gqlInput.email = email;
diff --git a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
index d474c518e..b6214748f 100644
--- a/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
+++ b/frontend/src/routes/(authenticated)/org/[org_id]/+page.svelte
@@ -120,6 +120,10 @@
     }
   }
 
+  function createGuestUser(password: string, passwordStrength: number, name: string, email: string, locale: string, _turnstileToken: string): ReturnType<typeof createGuestUserByAdmin> {
+    return createGuestUserByAdmin(password, passwordStrength, name, email, locale, _turnstileToken, org.id);
+  }
+
   let createUserModal: CreateUserModal;
   function onUserCreated(user: LexAuthUser): void {
     notifySuccess($t('admin_dashboard.notifications.user_created', { name: user.name }), Duration.Long);
@@ -158,7 +162,7 @@
         </ul>
       </Dropdown>
     </div>
-    <CreateUserModal handleSubmit={createGuestUserByAdmin} on:submitted={(e) => onUserCreated(e.detail)} bind:this={createUserModal}/>
+    <CreateUserModal handleSubmit={createGuestUser} on:submitted={(e) => onUserCreated(e.detail)} bind:this={createUserModal}/>
     <AddOrgMemberModal bind:this={addOrgMemberModal} {org} />
     <BulkAddOrgMembers bind:this={bulkAddMembersModal} orgId={org.id} />
     {/if}