User CRUD

Without the ability to manage users, no organization can onboard peer mentors or coordinators into the platform, making this feature a hard prerequisite for all operational value the platform delivers. Organization administrators currently rely on manual spreadsheets and email threads to track who is active, which role they hold, and whether they are still affiliated - a process that is error-prone and time-consuming. Replacing this with a structured admin interface directly reduces administrative overhead and ensures that access rights are always current and auditable. From a compliance and data governance perspective, maintaining accurate user records with role and organization context is essential for GDPR accountability and Bufdir reporting integrity. The ability to deactivate rather than delete users preserves the audit trail required for grant compliance, protecting the organization from liability during external reviews.

The user list and detail pages are implemented as Next.js server-rendered pages consuming the shared REST API at `/api/v1/users`. Server-side rendering ensures that sensitive user data is never exposed in client-side bundles. Invitation flow sends a tokenized email link via the notification infrastructure; the token is single-use and expires after 72 hours. Deactivation sets an `is_active` flag and invalidates all active sessions for that user via the sessions table. Multi-tenancy enforcement is applied at the API middleware layer - every request is scoped to the authenticated admin's `organization_id`, preventing cross-tenant data access regardless of query parameters. Global admin access uses a separate elevated-privilege token with explicit audit logging of every read. Pagination, search, and filtering are implemented server-side with indexed PostgreSQL queries on `users` and `user_roles` tables to support large organizations.