Scope invitations by organization when organization scoped

tim mccarthyrequested to merge
tim.mccarthy/update-modal-invite-dialog-to-be-org-scoped into master

What does this MR do and why?

When within the scope of an organization, we want to limit who can get invited to a project / group to only members from the same organization.

In a nutshell, these things need to happen:

  1. Only show potential invitees that are scoped to the current organization (by path)
  2. Show an error if we try to invite someone from another organization (by email or manually passing the user_id)

References

Related #570390

Screenshots or screen recordings

Before After
Monosnap_screencast_2025-10-30_16-46-47 Monosnap_screencast_2025-10-30_16-44-24

Modal showing error message:
Monosnap_Image_2025-10-30_16-49-35

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Example:

  1. In rails console enable the feature flag

    Feature.enable :organization_switching
Feature.enable :ui_for_organizations
Feature.enable :organization_scoped_paths

  2. In the browser, navigate to http://127.0.0.1:3000 and login as an instance admin.

  3. Click 'New Organization' on the plus drop down in the top left corner:
    image

  4. Create a new organization with the name new-org-1

  5. Repeat steps 3-4 and create another organization called new-org-2

  6. Navigate to http://127.0.0.1:3000/admin/users/new and create a new user with the following properties name: new-user-1 username: new-user-1 organization: new-org-1 email: new-user-1@gitlab.com

  7. Repeat step 6 and create a user with the following properties: name: new-user-2 username: new-user-2 organization: new-org-2 email: new-user-2@gitlab.com

  8. Navigate to http://127.0.0.1:3000/o/new-org-1/groups/new#create-group-pane and create a new group

  9. After the group was successfully created, navigate to Manage -> Members:
    Monosnap_Monosnap_2025-10-30_17-03-24

  10. Click on Invite Members on the top right corner:
    Monosnap_Image_2025-10-30_17-05-25
    You should see the invitation modal pop up.

  11. Type new and only new-user-1 should show up. Select that user:
    Monosnap_Image_2025-10-30_17-07-16

  12. Type new-user-2@gitlab.com and click Invite by email:
    last_image

  13. You should see the following error:
    Monosnap_Image_2025-10-30_17-08-34
    Remove the faulty email address and try to invite again - it should be successful.

Repeat steps 8-13 again, except with step 8 navigate to http://127.0.0.1:3000/o/new-org-1/projects/new and create a new project instead of a new namespace.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by tim mccarthy

Merge request reports