Skip to content

User search on manage members#616

Open
eyeseast wants to merge 32 commits intomasterfrom
474-user-search
Open

User search on manage members#616
eyeseast wants to merge 32 commits intomasterfrom
474-user-search

Conversation

@eyeseast
Copy link
Copy Markdown
Collaborator

@eyeseast eyeseast commented Mar 10, 2026
edited by duckduckgrayduck
Loading

Closes #474

Summary

  • Add three-state user privacy (public / private / hidden) with signals to
    auto-unhide users on email verification or payment
  • Expose privacy toggle in user profile settings
  • Add user search API endpoint (GET /fe_api/users/?search=) with visibility filtering
  • Build UserSelect Svelte component (Svelecte-based, supports both user search
    and raw email entry) and wire it into the org invite-members form
  • Progressive enhancement: form falls back to plain email input without JS

Test plan

  • Verify hidden users don't appear in search results for non-staff
  • Verify private users appear only to org-mates
  • Verify staff sees all users
  • Test email verification signal flips hidden=False
  • Test UserSelect component: search, select user, type email, remove chip
  • Test invitation POST sends email for both user-type and email-type selections
  • Test no-JS fallback still works via Django form POST

@allanlasser allanlasser temporarily deployed to squarelet-pi-474-user-s-shxsaf March 10, 2026 17:43 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 10, 2026 18:10 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 10, 2026 18:49 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 10, 2026 18:50 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 10, 2026 19:26 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 10, 2026 21:03 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 11, 2026 13:47 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 11, 2026 15:13 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 11, 2026 20:29 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 12, 2026 01:03 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 12, 2026 01:36 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 12, 2026 13:07 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 16, 2026 15:11 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 16, 2026 15:13 Inactive
@eyeseast eyeseast marked this pull request as ready for review March 16, 2026 15:32
@eyeseast eyeseast requested review from allanlasser and duckduckgrayduck and removed request for allanlasser March 16, 2026 15:32
allanlasser
allanlasser reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@allanlasser allanlasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dropping some notes on backend before moving into frontend review. There's some critical decisions in migration 0060 we should discuss.

Comment thread squarelet/users/tests/test_signals.py Outdated
Comment thread squarelet/users/tests/test_signals.py Outdated
Comment thread squarelet/users/signals.py Outdated
Comment thread squarelet/users/fe_api/viewsets.py
vector = SearchVector("username", "name")
query = SearchQuery(f"{search}:*", search_type="raw")
qs = qs.annotate(search=vector).filter(search=query)
return qs
Copy link
Copy Markdown
Member

@allanlasser allanlasser Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is currently in our private frontend API, but this feels like a strong candidate for inclusion in the public accounts API. For our efforts to align our permissions and sharing model across products, a single endpoint for consistently searching accounts feels extemely useful. I'm going to flag this in that project as a backreference.

Comment thread squarelet/users/fe_api/test_user_viewsets.py
Comment thread squarelet/organizations/migrations/0060_populate_hidden.py Outdated
Comment thread squarelet/organizations/migrations/0060_populate_hidden.py
Comment thread squarelet/organizations/migrations/0060_populate_hidden.py Outdated
Comment thread plans/474-user-search.md
@@ -0,0 +1,459 @@
# Issue 474: Search Existing Users When Creating Org Membership Invitations
Copy link
Copy Markdown
Member

@allanlasser allanlasser Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flagging for deletion

Comment thread squarelet/organizations/fe_api/viewsets.py Outdated
allanlasser
allanlasser requested changes Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@allanlasser allanlasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, done with frontend review. Contributing a commit with some style tweaks on the input. Going to flag this as changes requested due to comments on backend files.

Comment thread frontend/views/organization_managemembers.svelte.ts Outdated
Comment thread frontend/components/UserSelect.svelte Outdated
@allanlasser allanlasser temporarily deployed to squarelet-pi-474-user-s-shxsaf March 20, 2026 18:58 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 12:37 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 12:38 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 15:50 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 16:18 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 16:31 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 18:40 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 18:44 Inactive
@eyeseast eyeseast temporarily deployed to squarelet-pi-474-user-s-shxsaf March 24, 2026 19:59 Inactive
eyeseast and others added 29 commits April 14, 2026 13:24
@eyeseast
User search endpoint. Signals to update hidden field.
7b4f3bd
@eyeseast
format
54a2065
@eyeseast
data migration for existing users
26897ac
@eyeseast
Add private field to user form
0bb6d74
@eyeseast
Moved perform_create hook from serializer to viewset. All backend wor…
f430fa9 
…k is done.
@eyeseast
Basic user search, plus a backend hook to look up emails by username
42baef6
@eyeseast
Working user search
8ee4bf7
@eyeseast
Update e2e tests with new search input. Handle adding existing members.
9768f0e
@eyeseast
e2e fixes
414a3e4
@eyeseast
createHandler not createTransform
cfb86ed
@eyeseast
Cleanup and update plan
3b09d03
@eyeseast
form styles
f9d2ff0
@eyeseast
Set valueField
af6b11c
@eyeseast
fix a test
119ee4c
@allanlasser @eyeseast
Styling tweaks for UserSelect input
6d80648
@eyeseast @allanlasser
Update squarelet/organizations/migrations/0060_populate_hidden.py
4f38749 
Don't make everyone public yet

Co-authored-by: Allan Lasser <lasser.allan@gmail.com>
@eyeseast @allanlasser
Simpler check in squarelet/organizations/migrations/0060_populate_hid…
9edbed3 
…den.py

Co-authored-by: Allan Lasser <lasser.allan@gmail.com>
@eyeseast
Remove primary-only restriction from email_confirmed signal and migra…
c902918 
…tion

Fix migration to actually set private=False on existing individual orgs
Move charge_created signal handler from users to organizations app
Inline perform_create in InvitationViewSet
@eyeseast
Submit the user invite form without js
023cdd1
@eyeseast
fix tests
d51a8d6
@eyeseast
Remove unused uuid field
56f93e1
@eyeseast
search by email
b19aa9f
@eyeseast
merge migrations
9b3ec95
@eyeseast
update fe test
c86bcdb
@eyeseast
Unhide for both groups and individuals when charges happen
e2fc734
@eyeseast
Update the plan
0c94534
@eyeseast
Only show emails in UserSelect when verified_journalist() is True
fa9f2a2
@eyeseast
Fix two tests
4ad5081
@eyeseast
format
4adfd5c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@allanlasser allanlasser allanlasser approved these changes

@duckduckgrayduck duckduckgrayduck duckduckgrayduck left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Search existing users when creating org membership invitations

3 participants

@eyeseast @duckduckgrayduck @allanlasser