refactor(FR-3019): migrate Purge/Update user modals to UserV2 fragment

[ironAiken2]

Resolves #7669 (FR-3019)

Builds on FR-3016 (#7666, merged), which moved the super-admin user list to adminUsersV2.

Summary

This PR migrates all modals used by AdminUserManagement — together with the shared TOTP / profile / forced-2FA flows — onto the v2 GraphQL surface, and removes the legacy v1 fallbacks now that the WebUI targets manager >= 26.4.3 only. Modals receive their data via UserV2 Relay fragments and drive the admin*V2 mutations, replacing the { id, email }[] props / v1 user(email:) queries / modify_user-style mutations. User creation (single and bulk) also moves to v2 now that the v2 create payload exposes the generated keypair.

Changes

Fragment-driven data (UserV2)

• PurgeUsersModal / UpdateUsersModal: plural UserV2 fragments (@relay(plural: true)) read with useFragment, replacing the plain { id, email }[] prop.
• UserInfoModal: replaced its own v1 user(email:) query with a UserV2 fragment. AdminUserManagement spreads ...UserInfoModalFragment on the list query's edges and looks up the selected node in the already-loaded adminUsersV2.edges — no second query, no limit: 1 filter.
• UserSettingModal (edit): same fragment-on-list-query pattern via ...UserSettingModalFragment on adminUsersV2.edges; create / bulk-create render the modal with no fragment.

Shared TOTP modal on a single UserV2 fragment

• TOTPActivateModalFragment lives on UserV2 (basicInfo.email, security.totpActivated) and is the single source of data for the modal across all consumers: admin (UserSettingModal, via adminUsersV2) and self / profile / login (UserProfileSettingModal, ForceTOTPChecker).
• The self / profile / login flows now read the current user via the myUserV2 root field — it returns a UserV2 and is not superadmin-gated — instead of the v1 user(email:) query. UserDropdownMenu and ForceTOTPChecker query myUserV2. Because both adminUsersV2 and myUserV2 yield UserV2 nodes, one colocated on UserV2 fragment serves every caller (no scalar prop bridge, no broken colocation).

Removed all update-user-v2 v1 fallbacks (manager >= 26.4.3 only)

• Dropped every supports('update-user-v2') branch and its legacy modify_user path, so the v2 mutations always run:
  • UpdateUsersModal (bulk): adminBulkUpdateUsersV2.
  • UserSettingModal (edit): adminUpdateUserV2.
  • AdminUserManagement (activate/deactivate toggle): adminUpdateUserV2.
  • UserProfileSettingModal (full-name / password): updateUserV2.
• Purge (adminBulkPurgeUsersV2) was already v2; the legacy purge_user loop and supports('bulk-purge-users') gate are now removed too.

User creation on v2 (keypair reveal)

• Single create now runs adminCreateUserV2: its CreateUserV2Payload returns the user together with the generated keypair (one-time secretKey).
• Bulk create runs adminBulkCreateUsersWithKeypairV2, which replaces the now-deprecated adminBulkCreateUsersV2 and returns each created user's keypair — so bulk create now reveals the generated keypairs too (previously it did not). Keypairs are surfaced on both full-success and partial-failure so one-time secret keys are never silently lost.
• GeneratedKeypairListModal reads a CreateKeypairPayload fragment (secretKey, keypair.accessKey, keypair.user.basicInfo.email) instead of the v1 KeyPair fragment. It is used by UserSettingModal and BulkCreateUserFromCSVModal (FR-1818, merged on main during review); the CSV flow was migrated to adminBulkCreateUsersWithKeypairV2 accordingly, dropping its per-email keypairs(email:) re-fetch.

Notable decisions

• User creation now runs on v2 (revised). Create was initially left on v1 create_user because adminCreateUserV2's payload returned only user (no keypair), which would have dropped the "reveal generated keypair (secret key, shown once)" flow. The schema has since added keypair (with the one-time secret key) to CreateUserV2Payload, and adminBulkCreateUsersWithKeypairV2 superseded the deprecated adminBulkCreateUsersV2. Both single and bulk create therefore now run on v2 while preserving — and, for bulk, newly adding — the keypair-reveal flow.
• TOTP activation is self-service (baiClient.initialize_totp / activate_totp act on the session user), so a single UserV2 fragment fed from either adminUsersV2 (admin) or myUserV2 (self) is sufficient — the modal keeps its colocated fragment rather than receiving plain scalars.
• Form values are mapped to the camelCase UpdateUserV2Input / CreateUserV2Input with status / role enum conversion, and project node ids are converted to UUIDs (toLocalId) for group_ids.

Review feedback (post-rebase)

• UserInfoModal / UpdateUsersModal bodies are split into same-file *Contents components that throw when user data is unavailable; the modal shell catches via ErrorBoundary and renders the error alert inside the still-open modal (same pattern as ResourcePresetSettingModal).
• UserProfileSettingModalFragment is inlined into UserProfileSettingModal (separate fragment file removed).

Review feedback (agatha197 pass)

• BulkCreateUserFromCSVModal: keypairs are now surfaced on partial-failure as well (one-time secret keys must never be silently dropped).
• PurgeUsersModal: removed the v1 purge_user fallback and supports('bulk-purge-users') gate; adminBulkPurgeUsersV2 is unconditional.
• UpdateUsersModal: fixed _.isEmpty predicate that was erroneously stripping numeric fields (containerUid, containerMainGid).
• UserSettingModal, TOTPActivateModal, TOTPActivateForm, GeneratedKeypairListModal: added missing 'use memo' directives.

Verification

bash scripts/verify.sh → === ALL PASS === (Relay, Lint, Format, TypeScript, Vite warmup).

🤖 Generated with Claude Code

[ironAiken2]

• refactor(FR-3019): migrate Purge/Update user modals to UserV2 fragment #7673 👈 (View in Graphite)
• refactor(FR-3016): migrate super-admin user list to adminUsersV2 query #7666
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• flow:merge-queue - adds this PR to the back of the merge queue
• flow:hotfix - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has required the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Coverage Report for react-coverage (./react)

Status	Category	Percentage	Covered / Total
🔵	Lines	6.46%	1875 / 29004
🔵	Statements	5.29%	2116 / 39977
🔵	Functions	5.34%	305 / 5707
🔵	Branches	3.56%	1342 / 37608

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
react/src/components/AdminUserManagement.tsx	0%	0%	0%	0%	63-662
react/src/components/BulkCreateUserFromCSVModal.tsx	0%	0%	0%	0%	90-1475
react/src/components/ForceTOTPChecker.tsx	0%	0%	0%	0%	13-55
react/src/components/GeneratedKeypairListModal.tsx	0%	0%	0%	0%	37-141
react/src/components/PurgeUsersModal.tsx	0%	0%	0%	0%	33-146
react/src/components/TOTPActivateModal.tsx	0%	0%	0%	0%	32-139
react/src/components/UpdateUsersModal.tsx	0%	0%	0%	0%	45-387
react/src/components/UserDropdownMenu.tsx	0%	0%	0%	0%	46-262
react/src/components/UserInfoModal.tsx	0%	0%	0%	0%	27-163
react/src/components/UserProfileSettingModal.tsx	0%	0%	0%	0%	50-320
react/src/components/UserSettingModal.tsx	0%	0%	0%	0%	62-1173

Generated in workflow #2149 for commit b126dff by the Vitest Coverage Report Action

[Copilot]

Pull request overview

This PR completes the FR-3019 follow-up by migrating the super-admin Purge Users and Update Users modals to consume v2 UserV2 data via Relay plural fragments, now that AdminUserManagement is already using the v2 adminUsersV2 query (from the stacked FR-3016 work).

Changes:

• Updated PurgeUsersModal and UpdateUsersModal to accept usersFrgmt (plural UserV2 fragment refs) and read { id, basicInfo.email } via useFragment.
• Updated AdminUserManagement to spread the new modal fragments on adminUsersV2.edges.node and pass fragment refs directly (removing the old {id,email} mapping).
• Added Relay generated fragment artifacts for the two new modal fragments and updated the query artifact accordingly.

Reviewed changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
react/src/components/UpdateUsersModal.tsx	Replaces {id,email}[] prop with plural UserV2 fragment refs and reads basicInfo.email via useFragment.
react/src/components/PurgeUsersModal.tsx	Replaces {id,email}[] prop with plural UserV2 fragment refs and uses fragment data for both legacy and bulk purge paths.
react/src/components/AdminUserManagement.tsx	Spreads new modal fragments on adminUsersV2 nodes and passes node fragment refs to the modals (removes local {id,email} mapper).
react/src/generated/UpdateUsersModalFragment.graphql.ts	New generated Relay fragment artifact for UpdateUsersModal (plural UserV2).
react/src/generated/PurgeUsersModalFragment.graphql.ts	New generated Relay fragment artifact for PurgeUsersModal (plural UserV2).
react/src/generated/AdminUserManagementQuery.graphql.ts	Updates generated query artifact to include the two new fragment spreads.

Files not reviewed (3)

• react/src/generated/AdminUserManagementQuery.graphql.ts: Language not supported
• react/src/generated/PurgeUsersModalFragment.graphql.ts: Language not supported
• react/src/generated/UpdateUsersModalFragment.graphql.ts: Language not supported

[yomybaby]

Please resolve merg conflicts

[ironAiken2]

@yomybaby Rebased this branch onto the latest main via gt sync — the branch is now up to date with main (0 commits behind) and merges cleanly, so the merge conflict is resolved. PTAL when you have a chance.

[agatha197]

Workflow review — FR-3019 UserV2 fragment migration

The v2 fragment migration is well-structured in its core design: detail/edit modals are fed from fragments spread on the list query (sidestepping the first+offset pagination footgun), PurgeUsersModal correctly uses the type-to-confirm BAIDeleteConfirmModal, and the create paths surface the one-time secret keys from the mutation payload.

There are two blockers to resolve before merge:

1. [HIGH] BulkCreateUserFromCSVModal silently discards the one-time secret keys of successfully-created users on a partial-failure batch (unrecoverable). Diverges from UserSettingModal, which reveals them.
2. [HIGH] UserDropdownMenu removes the @skipOnClient version gate on myClientIp and can replace the entire header with an error UI on managers < 26.4.2 — the "manager >= 26.4.3 only" assumption is not enforced anywhere.

One [MEDIUM]: PurgeUsersModal still ships a dead v1 purge_user fallback (with wrong 26.3.0 version comments) that this "remove all v1 fallbacks" refactor should have deleted.

The remaining items are low-severity nits / a PR-description fix — see inline comments.

Generated by a multi-agent workflow review (5 dimensions → adversarial verification → synthesis); the two HIGH findings were additionally hand-verified against the checked-out branch.