From 9fdf15c9855ffaa6500c96edc8c23730bed42f5c Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Sun, 18 Dec 2022 16:01:01 +0100
Subject: [PATCH 1/9] 665: Add createAdministrator interface

---
 .../backend/auth/database/Schema.kt           | 12 ++++++
 .../repos/AdministratorsRepository.kt         | 34 +++++++++------
 .../backend/auth/service/Authorizer.kt        | 23 ++++++++++
 .../auth/webservice/authGraphQLParams.kt      |  4 +-
 .../schema/ManageUsersMutationService.kt      | 43 +++++++++++++++++++
 specs/backend-api.graphql                     |  2 +
 6 files changed, 104 insertions(+), 14 deletions(-)
 create mode 100644 backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt

diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/Schema.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/Schema.kt
index d55a03a68..5d3ea798d 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/Schema.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/Schema.kt
@@ -1,12 +1,15 @@
 package app.ehrenamtskarte.backend.auth.database
 
+import app.ehrenamtskarte.backend.auth.webservice.schema.types.Role
 import app.ehrenamtskarte.backend.projects.database.Projects
 import app.ehrenamtskarte.backend.regions.database.Regions
 import org.jetbrains.exposed.dao.IntEntity
 import org.jetbrains.exposed.dao.IntEntityClass
 import org.jetbrains.exposed.dao.id.EntityID
 import org.jetbrains.exposed.dao.id.IntIdTable
+import org.jetbrains.exposed.sql.and
 import org.jetbrains.exposed.sql.javatime.datetime
+import org.jetbrains.exposed.sql.or
 
 object Administrators : IntIdTable() {
     val email = varchar("email", 100).uniqueIndex()
@@ -16,6 +19,15 @@ object Administrators : IntIdTable() {
     val passwordHash = binary("passwordHash").nullable()
     val passwordResetKey = varchar("passwordResetKey", 100).nullable()
     val passwordResetKeyExpiry = datetime("passwordResetKeyExpiry").nullable()
+
+    init {
+        val noRegionCompatibleRoles = listOf(Role.PROJECT_ADMIN, Role.NO_RIGHTS)
+        val regionCompatibleRoles = listOf(Role.REGION_MANAGER, Role.REGION_ADMIN, Role.NO_RIGHTS)
+        check("roleRegionCombinationConstraint") {
+            regionId.isNull().and(role.inList(noRegionCompatibleRoles.map { it.db_value })) or
+                regionId.isNotNull().and(role.inList(regionCompatibleRoles.map { it.db_value }))
+        }
+    }
 }
 
 class AdministratorEntity(id: EntityID<Int>) : IntEntity(id) {
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
index 0eedfad5b..ebfe9c999 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
@@ -10,8 +10,7 @@ import app.ehrenamtskarte.backend.auth.webservice.schema.types.Role
 import app.ehrenamtskarte.backend.common.database.sortByKeys
 import app.ehrenamtskarte.backend.projects.database.ProjectEntity
 import app.ehrenamtskarte.backend.projects.database.Projects
-import app.ehrenamtskarte.backend.regions.database.Regions
-import org.jetbrains.exposed.dao.id.EntityID
+import app.ehrenamtskarte.backend.regions.database.RegionEntity
 import org.jetbrains.exposed.sql.SqlExpressionBuilder.eq
 import org.jetbrains.exposed.sql.and
 import org.jetbrains.exposed.sql.select
@@ -42,26 +41,35 @@ object AdministratorsRepository {
         }
     }
 
-    fun insert(project: String, email: String, password: String, role: Role, regionId: Int? = null) {
-        val projectId = ProjectEntity.find { Projects.project eq project }.firstOrNull()?.id
+    fun insert(project: String, email: String, password: String?, role: Role, regionId: Int? = null) {
+        val projectEntity = ProjectEntity.find { Projects.project eq project }.firstOrNull()
             ?: throw IllegalArgumentException("Project does not exist.")
 
-        if (role in setOf(Role.REGION_ADMIN, Role.REGION_MANAGER) && regionId == null) {
+        val region = regionId?.let { RegionEntity.findById(regionId) }
+
+        if (region != null && region.projectId != projectEntity.id) {
+            throw IllegalArgumentException("Specified region is not part of specified project.")
+        }
+
+        if (role in setOf(Role.REGION_ADMIN, Role.REGION_MANAGER) && region == null) {
             throw IllegalArgumentException("Role ${role.db_value} needs to have a region assigned.")
-        } else if (role in setOf(Role.PROJECT_ADMIN) && regionId != null) {
-            throw java.lang.IllegalArgumentException("Role ${role.db_value} cannot have a region assigned.")
+        } else if (role in setOf(Role.PROJECT_ADMIN) && region != null) {
+            throw IllegalArgumentException("Role ${role.db_value} cannot have a region assigned.")
         }
 
-        val passwordValidation = PasswordValidator.validatePassword(password)
-        if (passwordValidation != PasswordValidationResult.VALID) {
-            throw InvalidPasswordException(passwordValidation)
+        val passwordHash = password?.let {
+            val passwordValidation = PasswordValidator.validatePassword(it)
+            if (passwordValidation != PasswordValidationResult.VALID) {
+                throw InvalidPasswordException(passwordValidation)
+            }
+            PasswordCrypto.hashPasswort(it)
         }
 
         AdministratorEntity.new {
             this.email = email
-            this.projectId = projectId
-            this.regionId = if (regionId != null) EntityID(regionId, Regions) else null
-            this.passwordHash = PasswordCrypto.hashPasswort(password)
+            this.projectId = projectEntity.id
+            this.regionId = region?.id
+            this.passwordHash = passwordHash
             this.role = role.db_value
         }
     }
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
index 375f84348..6cc2101b5 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
@@ -39,4 +39,27 @@ object Authorizer {
         return (user?.role == Role.REGION_ADMIN.db_value && user.regionId == region.id) ||
             mayViewUsersInProject(user, region.projectId.value)
     }
+
+    fun mayCreateAdministrator(
+        actingAdmin: AdministratorEntity,
+        newAdminProjectId: Int,
+        newAdminRole: Role,
+        newAdminRegion: RegionEntity?
+    ): Boolean {
+        if (actingAdmin.projectId.value != newAdminProjectId) {
+            return false
+        } else if (newAdminRole == Role.NO_RIGHTS) {
+            return false
+        }
+
+        if (actingAdmin.role == Role.PROJECT_ADMIN.db_value) {
+            return true
+        } else if (
+            actingAdmin.role == Role.REGION_ADMIN.db_value &&
+            newAdminRegion != null && actingAdmin.regionId == newAdminRegion.id
+        ) {
+            return true
+        }
+        return false
+    }
 }
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/authGraphQLParams.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/authGraphQLParams.kt
index 068c87c44..ed468ca2a 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/authGraphQLParams.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/authGraphQLParams.kt
@@ -3,6 +3,7 @@ package app.ehrenamtskarte.backend.auth.webservice
 import app.ehrenamtskarte.backend.auth.webservice.dataloader.ADMINISTRATOR_LOADER_NAME
 import app.ehrenamtskarte.backend.auth.webservice.dataloader.administratorLoader
 import app.ehrenamtskarte.backend.auth.webservice.schema.ChangePasswordMutationService
+import app.ehrenamtskarte.backend.auth.webservice.schema.ManageUsersMutationService
 import app.ehrenamtskarte.backend.auth.webservice.schema.ResetPasswordMutationService
 import app.ehrenamtskarte.backend.auth.webservice.schema.SignInMutationService
 import app.ehrenamtskarte.backend.auth.webservice.schema.ViewAdministratorsQueryService
@@ -23,7 +24,8 @@ val authGraphQlParams = GraphQLParams(
     mutations = listOf(
         TopLevelObject(SignInMutationService()),
         TopLevelObject(ChangePasswordMutationService()),
-        TopLevelObject(ResetPasswordMutationService())
+        TopLevelObject(ResetPasswordMutationService()),
+        TopLevelObject(ManageUsersMutationService())
     ),
     queries = listOf(
         TopLevelObject(ViewAdministratorsQueryService())
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
new file mode 100644
index 000000000..3dcdc5d94
--- /dev/null
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
@@ -0,0 +1,43 @@
+package app.ehrenamtskarte.backend.auth.webservice.schema
+
+import app.ehrenamtskarte.backend.auth.database.AdministratorEntity
+import app.ehrenamtskarte.backend.auth.database.repos.AdministratorsRepository
+import app.ehrenamtskarte.backend.auth.service.Authorizer
+import app.ehrenamtskarte.backend.auth.webservice.schema.types.Role
+import app.ehrenamtskarte.backend.common.webservice.GraphQLContext
+import app.ehrenamtskarte.backend.common.webservice.UnauthorizedException
+import app.ehrenamtskarte.backend.projects.database.ProjectEntity
+import app.ehrenamtskarte.backend.projects.database.Projects
+import app.ehrenamtskarte.backend.regions.database.RegionEntity
+import com.expediagroup.graphql.generator.annotations.GraphQLDescription
+import graphql.schema.DataFetchingEnvironment
+import org.jetbrains.exposed.sql.transactions.transaction
+
+@Suppress("unused")
+class ManageUsersMutationService {
+
+    @GraphQLDescription("Creates a new administrator")
+    fun createAdministrator(
+        project: String,
+        email: String,
+        role: Role,
+        regionId: Int?,
+        dfe: DataFetchingEnvironment
+    ): Boolean {
+        val context = dfe.getContext<GraphQLContext>()
+        val jwtPayload = context.enforceSignedIn()
+        transaction {
+            val actingAdmin = AdministratorEntity.findById(jwtPayload.userId) ?: throw UnauthorizedException()
+
+            val projectEntity = ProjectEntity.find { Projects.project eq project }.first()
+            val region = regionId?.let { RegionEntity.findById(it) }
+
+            if (!Authorizer.mayCreateAdministrator(actingAdmin, projectEntity.id.value, role, region)) {
+                throw UnauthorizedException()
+            }
+
+            AdministratorsRepository.insert(project, email, null, role, regionId)
+        }
+        return true
+    }
+}
diff --git a/specs/backend-api.graphql b/specs/backend-api.graphql
index 2a09da921..498e6dbe1 100644
--- a/specs/backend-api.graphql
+++ b/specs/backend-api.graphql
@@ -86,6 +86,8 @@ type Mutation {
   addGoldenEakApplication(application: GoldenCardApplicationInput!, regionId: Int!): Boolean!
   "Changes an administrator's password"
   changePassword(currentPassword: String!, email: String!, newPassword: String!, project: String!): Boolean!
+  "Creates a new administrator"
+  createAdministrator(email: String!, project: String!, regionId: Int, role: Role!): Boolean!
   "Deletes the application with specified id"
   deleteApplication(applicationId: Int!): Boolean!
   "Reset the administrator's password"

From 509b8533624d765d55383c1cfdefc9b1c835b75d Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Sun, 18 Dec 2022 19:46:46 +0100
Subject: [PATCH 2/9] 665: Add createAdministrator dialog

---
 .../src/components/RegionSelector.tsx         |  62 +++++++---
 .../auth/ForgotPasswordController.tsx         |   2 +-
 .../auth/ResetPasswordController.tsx          |   2 +-
 .../src/components/users/CreateUserDialog.tsx | 113 ++++++++++++++++++
 .../users/ManageUsersController.tsx           |   4 +-
 .../src/components/users/RoleHelpButton.tsx   |  42 +++++++
 .../src/components/users/UsersTable.tsx       |  16 ++-
 .../graphql/users/createAdministrator.graphql |   3 +
 8 files changed, 218 insertions(+), 26 deletions(-)
 create mode 100644 administration/src/components/users/CreateUserDialog.tsx
 create mode 100644 administration/src/components/users/RoleHelpButton.tsx
 create mode 100644 administration/src/graphql/users/createAdministrator.graphql

diff --git a/administration/src/components/RegionSelector.tsx b/administration/src/components/RegionSelector.tsx
index edeab5c65..7a9bb170c 100644
--- a/administration/src/components/RegionSelector.tsx
+++ b/administration/src/components/RegionSelector.tsx
@@ -1,6 +1,6 @@
-import React, { useContext } from 'react'
-import { Button, Menu, MenuItem, Spinner } from '@blueprintjs/core'
-import { ItemListRenderer, ItemRenderer, Select } from '@blueprintjs/select'
+import React, { useContext, useMemo } from 'react'
+import { Button, Menu, Spinner } from '@blueprintjs/core'
+import { Classes, ItemListRenderer, ItemRenderer, Select } from '@blueprintjs/select'
 import { Region, useGetRegionsQuery } from '../generated/graphql'
 import { ProjectConfigContext } from '../project-configs/ProjectConfigContext'
 
@@ -8,8 +8,8 @@ const RegionSelect = Select.ofType<Region>()
 
 const getTitle = (region: Region) => `${region.prefix} ${region.name}`
 
-const renderMenu: ItemListRenderer<Region> = ({ items, itemsParentRef, renderItem }) => {
-  const renderedItems = items.map(renderItem).filter(item => item != null)
+const renderMenu: ItemListRenderer<Region> = ({ itemsParentRef, renderItem, filteredItems }) => {
+  const renderedItems = filteredItems.map(renderItem).filter(item => item != null)
   return (
     <Menu ulRef={itemsParentRef} style={{ maxHeight: 500, overflow: 'auto' }}>
       {renderedItems}
@@ -19,36 +19,60 @@ const renderMenu: ItemListRenderer<Region> = ({ items, itemsParentRef, renderIte
 
 const itemRenderer: ItemRenderer<Region> = (region, { handleClick, modifiers }) => {
   return (
-    <MenuItem
-      active={modifiers.active}
-      disabled={modifiers.disabled}
+    <Button
+      style={{ display: 'block' }}
+      fill
       key={region.id}
+      minimal
       onClick={handleClick}
-      text={getTitle(region)}
-    />
+      active={modifiers.active}
+      disabled={modifiers.disabled}>
+      {getTitle(region)}
+    </Button>
   )
 }
 
-const RegionSelector = (props: { onRegionSelect: (region: Region) => void; activeRegionId: number }) => {
+const RegionSelector = (props: { onSelect: (region: Region) => void; selectedId: number | null }) => {
   const projectId = useContext(ProjectConfigContext).projectId
   const { loading, error, data, refetch } = useGetRegionsQuery({
     variables: { project: projectId },
   })
+  const regions = useMemo(() => (data ? [...data.regions].sort((a, b) => a.name.localeCompare(b.name)) : null), [data])
   if (loading) return <Spinner />
-  if (error || !data) return <Button icon='repeat' onClick={() => refetch()} />
-  const regions = data.regions
-  const activeItem = regions.find((other: Region) => props.activeRegionId === other.id)
+  if (error || regions === null) return <Button icon='repeat' onClick={() => refetch()} />
+  const activeItem = regions.find((other: Region) => props.selectedId === other.id)
   return (
     <RegionSelect
       activeItem={activeItem}
       items={regions}
       itemRenderer={itemRenderer}
-      filterable={false}
+      filterable={true}
+      itemListPredicate={(filter, items) =>
+        items.filter(region => region.name.toLowerCase().includes(filter.toLowerCase()))
+      }
+      fill
       itemListRenderer={renderMenu}
-      onItemSelect={props.onRegionSelect}>
-      <span>
-        Region: <Button text={activeItem ? getTitle(activeItem) : 'Auswählen...'} rightIcon='double-caret-vertical' />
-      </span>
+      onItemSelect={props.onSelect}>
+      <div style={{ position: 'relative' }}>
+        {/* Make the browser think there is an actual select element to make it validate the form. */}
+        <select
+          style={{ height: '30px', opacity: 0, pointerEvents: 'none', position: 'absolute' }}
+          value={activeItem?.id ?? ''}
+          onChange={() => {}}
+          required
+          tabIndex={-1}>
+          <option value={activeItem?.id ?? ''} disabled>
+            {activeItem ? getTitle(activeItem) : 'Auswählen...'}
+          </option>
+        </select>
+        <Button
+          className={Classes.SELECT}
+          style={{ justifyContent: 'space-between', padding: '0 10px' }}
+          fill
+          rightIcon='double-caret-vertical'>
+          {activeItem ? getTitle(activeItem) : 'Auswählen...'}
+        </Button>
+      </div>
     </RegionSelect>
   )
 }
diff --git a/administration/src/components/auth/ForgotPasswordController.tsx b/administration/src/components/auth/ForgotPasswordController.tsx
index fba5d62ca..00a7bc936 100644
--- a/administration/src/components/auth/ForgotPasswordController.tsx
+++ b/administration/src/components/auth/ForgotPasswordController.tsx
@@ -54,7 +54,7 @@ const ForgotPasswordController = () => {
                 e.preventDefault()
                 submit()
               }}>
-              <FormGroup label='E-Mail Adresse'>
+              <FormGroup label='Email-Adresse'>
                 <InputGroup
                   value={email}
                   onChange={e => setEmail(e.target.value)}
diff --git a/administration/src/components/auth/ResetPasswordController.tsx b/administration/src/components/auth/ResetPasswordController.tsx
index 9d1f55a36..f07bece6a 100644
--- a/administration/src/components/auth/ResetPasswordController.tsx
+++ b/administration/src/components/auth/ResetPasswordController.tsx
@@ -57,7 +57,7 @@ const ResetPasswordController = () => {
             e.preventDefault()
             submit()
           }}>
-          <FormGroup label='E-Mail Adresse'>
+          <FormGroup label='Email-Adresse'>
             <InputGroup
               value={email}
               onChange={e => setEmail(e.target.value)}
diff --git a/administration/src/components/users/CreateUserDialog.tsx b/administration/src/components/users/CreateUserDialog.tsx
new file mode 100644
index 000000000..d42b4b5f4
--- /dev/null
+++ b/administration/src/components/users/CreateUserDialog.tsx
@@ -0,0 +1,113 @@
+import { Button, Classes, Dialog, FormGroup, HTMLSelect, InputGroup } from '@blueprintjs/core'
+import { useContext, useState } from 'react'
+import styled from 'styled-components'
+import { Role, useCreateAdministratorMutation } from '../../generated/graphql'
+import { useAppToaster } from '../AppToaster'
+import RoleHelpButton from './RoleHelpButton'
+import { roleToText } from './UsersTable'
+import { ProjectConfigContext } from '../../project-configs/ProjectConfigContext'
+import RegionSelector from '../RegionSelector'
+
+const RoleFormGroupLabel = styled.span`
+  & span {
+    display: inline-block !important;
+  }
+`
+
+const RoleSelector = ({ role, onChange }: { role: Role | null; onChange: (role: Role | null) => void }) => {
+  return (
+    <HTMLSelect fill onChange={e => onChange((e.target.value as Role | null) ?? null)} value={role ?? ''} required>
+      <option value='' disabled>
+        Auswählen...
+      </option>
+      <option value={Role.ProjectAdmin}>{roleToText(Role.ProjectAdmin)}</option>
+      <option value={Role.RegionAdmin}>{roleToText(Role.RegionAdmin)}</option>
+      <option value={Role.RegionManager}>{roleToText(Role.RegionManager)}</option>
+    </HTMLSelect>
+  )
+}
+
+const CreateUserDialog = ({
+  isOpen,
+  onClose,
+  onSuccess,
+}: {
+  isOpen: boolean
+  onClose: () => void
+  onSuccess: () => void
+}) => {
+  const appToaster = useAppToaster()
+  const [email, setEmail] = useState('')
+  const [role, setRole] = useState<Role | null>(null)
+  const [regionId, setRegionId] = useState<number | null>(null)
+  const project = useContext(ProjectConfigContext).projectId
+  const rolesWithRegion = [Role.RegionManager, Role.RegionAdmin]
+
+  const [createAdministrator, { loading }] = useCreateAdministratorMutation({
+    onError: error => {
+      console.error(error)
+      appToaster?.show({ intent: 'danger', message: 'Es ist etwas schief gelaufen.' })
+    },
+    onCompleted: () => {
+      appToaster?.show({ intent: 'success', message: 'Verwalter erfolgreich erstellt.' })
+      onClose()
+      onSuccess()
+      // Reset State
+      setEmail('')
+      setRole(null)
+      setRegionId(null)
+    },
+  })
+
+  return (
+    <Dialog title='Verwalter hinzufügen' isOpen={isOpen} onClose={onClose}>
+      <form
+        onSubmit={e => {
+          e.preventDefault()
+          createAdministrator({
+            variables: {
+              project,
+              email,
+              role: role as Role,
+              regionId: role !== null && rolesWithRegion.includes(role) ? regionId : null,
+            },
+          })
+        }}>
+        <div className={Classes.DIALOG_BODY}>
+          <FormGroup label='Email-Adresse'>
+            <InputGroup
+              value={email}
+              required
+              onChange={e => setEmail(e.target.value)}
+              type='email'
+              placeholder='erika.musterfrau@example.org'
+            />
+          </FormGroup>
+          <FormGroup
+            label={
+              <RoleFormGroupLabel>
+                Rolle <RoleHelpButton />
+              </RoleFormGroupLabel>
+            }>
+            <RoleSelector role={role} onChange={setRole} />
+          </FormGroup>
+          {role === null || !rolesWithRegion.includes(role) ? null : (
+            <div className={Classes.FORM_GROUP}>
+              <div className={Classes.LABEL}>Region</div>
+              <div className={Classes.FORM_CONTENT}>
+                <RegionSelector onSelect={region => setRegionId(region.id)} selectedId={regionId} />
+              </div>
+            </div>
+          )}
+        </div>
+        <div className={Classes.DIALOG_FOOTER}>
+          <div className={Classes.DIALOG_FOOTER_ACTIONS}>
+            <Button type='submit' intent='primary' text='Verwalter hinzufügen' loading={loading} />
+          </div>
+        </div>
+      </form>
+    </Dialog>
+  )
+}
+
+export default CreateUserDialog
diff --git a/administration/src/components/users/ManageUsersController.tsx b/administration/src/components/users/ManageUsersController.tsx
index 8f07b1b7b..8f5473bee 100644
--- a/administration/src/components/users/ManageUsersController.tsx
+++ b/administration/src/components/users/ManageUsersController.tsx
@@ -53,7 +53,7 @@ const ManageProjectUsers = () => {
 
   return (
     <UsersTableContainer title={`Alle Benutzer von '${projectName} - Verwaltung'`}>
-      <UsersTable users={users} regions={regions} showRegion={true} />
+      <UsersTable users={users} regions={regions} showRegion={true} refetch={usersQuery.refetch} />
     </UsersTableContainer>
   )
 }
@@ -76,7 +76,7 @@ const ManageRegionUsers = ({ region }: { region: Region }) => {
 
   return (
     <UsersTableContainer title={`Alle Verwalter der Region '${region.name}'`}>
-      <UsersTable users={users} regions={regions} showRegion={false} />
+      <UsersTable users={users} regions={regions} showRegion={false} refetch={usersQuery.refetch} />
     </UsersTableContainer>
   )
 }
diff --git a/administration/src/components/users/RoleHelpButton.tsx b/administration/src/components/users/RoleHelpButton.tsx
new file mode 100644
index 000000000..abba1ed9d
--- /dev/null
+++ b/administration/src/components/users/RoleHelpButton.tsx
@@ -0,0 +1,42 @@
+import { Button, H4 } from '@blueprintjs/core'
+import { Popover2 } from '@blueprintjs/popover2'
+import { Role } from '../../generated/graphql'
+import { roleToText } from './UsersTable'
+
+const RoleHelpButton = () => {
+  return (
+    <Popover2
+      content={
+        <div style={{ padding: '10px' }}>
+          <H4 style={{ textAlign: 'center' }}>Welche Rollen haben welche Berechtigungen?</H4>
+          <ul>
+            <li>
+              <b>{roleToText(Role.ProjectAdmin)}:</b>
+              <ul>
+                <li>Kann verwaltende Benutzer in allen Regionen verwalten.</li>
+              </ul>
+            </li>
+            <li>
+              <b>{roleToText(Role.RegionAdmin)}:</b>
+              <ul>
+                <li>Kann verwaltende Benutzer in seiner Region verwalten.</li>
+                <li>Kann digitale Karten in seiner Region erstellen.</li>
+                <li>Kann Anträge in seiner Region verwalten.</li>
+              </ul>
+            </li>
+            <li>
+              <b>{roleToText(Role.RegionManager)}:</b>
+              <ul>
+                <li>Kann digitale Karten in seiner Region erstellen.</li>
+                <li>Kann Anträge in seiner Region verwalten.</li>
+              </ul>
+            </li>
+          </ul>
+        </div>
+      }>
+      <Button icon='help' minimal />
+    </Popover2>
+  )
+}
+
+export default RoleHelpButton
diff --git a/administration/src/components/users/UsersTable.tsx b/administration/src/components/users/UsersTable.tsx
index 06a77191a..26355c10d 100644
--- a/administration/src/components/users/UsersTable.tsx
+++ b/administration/src/components/users/UsersTable.tsx
@@ -1,8 +1,10 @@
 import { Button, ButtonGroup, H4 } from '@blueprintjs/core'
 import { Popover2 } from '@blueprintjs/popover2'
+import { useState } from 'react'
 import styled from 'styled-components'
 import { Administrator, Region, Role } from '../../generated/graphql'
 import { useAppToaster } from '../AppToaster'
+import CreateUserDialog from './CreateUserDialog'
 
 const StyledTable = styled.table`
   border-spacing: 0;
@@ -58,12 +60,15 @@ const UsersTable = ({
   users,
   regions,
   showRegion,
+  refetch,
 }: {
   users: Administrator[]
   regions: Region[]
   showRegion: boolean
+  refetch: () => void
 }) => {
   const appToaster = useAppToaster()
+  const [createUserDialogOpen, setCreateUserDialogOpen] = useState(false)
 
   const showNotImplementedToast = () =>
     appToaster?.show({
@@ -76,7 +81,7 @@ const UsersTable = ({
       <StyledTable>
         <thead>
           <tr>
-            <th>E-Mail Adresse</th>
+            <th>Email-Adresse</th>
             {showRegion ? <th>Region</th> : null}
             <th>
               Rolle <RoleHelpButton />
@@ -102,13 +107,18 @@ const UsersTable = ({
         </tbody>
       </StyledTable>
       <div style={{ padding: '16px', textAlign: 'center' }}>
-        <Button intent='success' text='Benutzer hinzufügen' icon='add' onClick={showNotImplementedToast} />
+        <Button intent='success' text='Benutzer hinzufügen' icon='add' onClick={() => setCreateUserDialogOpen(true)} />
+        <CreateUserDialog
+          isOpen={createUserDialogOpen}
+          onClose={() => setCreateUserDialogOpen(false)}
+          onSuccess={refetch}
+        />
       </div>
     </>
   )
 }
 
-const roleToText = (role: Role): String => {
+export const roleToText = (role: Role): String => {
   switch (role) {
     case Role.NoRights:
       return 'Keine'
diff --git a/administration/src/graphql/users/createAdministrator.graphql b/administration/src/graphql/users/createAdministrator.graphql
new file mode 100644
index 000000000..35a6859b5
--- /dev/null
+++ b/administration/src/graphql/users/createAdministrator.graphql
@@ -0,0 +1,3 @@
+mutation createAdministrator($project: String!, $email: String!, $regionId: Int, $role: Role!) {
+  result: createAdministrator(project: $project, email: $email, regionId: $regionId, role: $role)
+}

From f5d04c6f4c859c171133f80c9945947df784c20a Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 19 Dec 2022 00:26:19 +0100
Subject: [PATCH 3/9] 665: Send welcome mail and add error when mail already
 exists

---
 .../repos/AdministratorsRepository.kt         | 10 +++-
 .../schema/ManageUsersMutationService.kt      | 52 ++++++++++++++++++-
 specs/backend-api.graphql                     |  2 +-
 3 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
index ebfe9c999..43e6c84a6 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
@@ -41,7 +41,13 @@ object AdministratorsRepository {
         }
     }
 
-    fun insert(project: String, email: String, password: String?, role: Role, regionId: Int? = null) {
+    fun insert(
+        project: String,
+        email: String,
+        password: String?,
+        role: Role,
+        regionId: Int? = null
+    ): AdministratorEntity {
         val projectEntity = ProjectEntity.find { Projects.project eq project }.firstOrNull()
             ?: throw IllegalArgumentException("Project does not exist.")
 
@@ -65,7 +71,7 @@ object AdministratorsRepository {
             PasswordCrypto.hashPasswort(it)
         }
 
-        AdministratorEntity.new {
+        return AdministratorEntity.new {
             this.email = email
             this.projectId = projectEntity.id
             this.regionId = region?.id
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
index 3dcdc5d94..2e5761a06 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
@@ -1,18 +1,29 @@
 package app.ehrenamtskarte.backend.auth.webservice.schema
 
 import app.ehrenamtskarte.backend.auth.database.AdministratorEntity
+import app.ehrenamtskarte.backend.auth.database.Administrators
 import app.ehrenamtskarte.backend.auth.database.repos.AdministratorsRepository
 import app.ehrenamtskarte.backend.auth.service.Authorizer
 import app.ehrenamtskarte.backend.auth.webservice.schema.types.Role
 import app.ehrenamtskarte.backend.common.webservice.GraphQLContext
 import app.ehrenamtskarte.backend.common.webservice.UnauthorizedException
+import app.ehrenamtskarte.backend.mail.sendMail
 import app.ehrenamtskarte.backend.projects.database.ProjectEntity
 import app.ehrenamtskarte.backend.projects.database.Projects
 import app.ehrenamtskarte.backend.regions.database.RegionEntity
 import com.expediagroup.graphql.generator.annotations.GraphQLDescription
+import graphql.GraphqlErrorException
 import graphql.schema.DataFetchingEnvironment
 import org.jetbrains.exposed.sql.transactions.transaction
 
+class EmailAlreadyExistsException() : GraphqlErrorException(
+    newErrorException().extensions(
+        mapOf(
+            Pair("code", "EMAIL_ALREADY_EXISTS")
+        )
+    )
+)
+
 @Suppress("unused")
 class ManageUsersMutationService {
 
@@ -22,10 +33,13 @@ class ManageUsersMutationService {
         email: String,
         role: Role,
         regionId: Int?,
+        sendWelcomeMail: Boolean,
         dfe: DataFetchingEnvironment
     ): Boolean {
         val context = dfe.getContext<GraphQLContext>()
         val jwtPayload = context.enforceSignedIn()
+        val projectConfig = context.backendConfiguration.projects.first { it.id == project }
+
         transaction {
             val actingAdmin = AdministratorEntity.findById(jwtPayload.userId) ?: throw UnauthorizedException()
 
@@ -36,8 +50,44 @@ class ManageUsersMutationService {
                 throw UnauthorizedException()
             }
 
-            AdministratorsRepository.insert(project, email, null, role, regionId)
+            if (!AdministratorEntity.find { Administrators.email eq email }.empty()) {
+                throw EmailAlreadyExistsException()
+            }
+
+            val newUser = AdministratorsRepository.insert(project, email, null, role, regionId)
+
+            if (sendWelcomeMail) {
+                val key = AdministratorsRepository.setNewPasswordResetKey(newUser)
+                sendMail(
+                    email,
+                    "Accounterstellung",
+                    generateWelcomeMailMessage(
+                        key,
+                        projectConfig.administrationName,
+                        projectConfig.administrationBaseUrl
+                    )
+                )
+            }
         }
         return true
     }
+
+    private fun generateWelcomeMailMessage(
+        key: String,
+        administrationName: String,
+        administrationBaseUrl: String
+    ): String {
+        return """
+            Guten Tag,
+            
+            für Sie wurde ein Account für $administrationName erstellt.
+            Sie können Ihr Passwort unter dem folgenden Link setzen:
+            $administrationBaseUrl/reset-password/$key
+            
+            Dieser Link ist 24 Stunden gültig.
+            
+            Mit freundlichen Grüßen,
+            Ihr Digitalfabrik Team
+        """.trimIndent()
+    }
 }
diff --git a/specs/backend-api.graphql b/specs/backend-api.graphql
index 498e6dbe1..4fc403530 100644
--- a/specs/backend-api.graphql
+++ b/specs/backend-api.graphql
@@ -87,7 +87,7 @@ type Mutation {
   "Changes an administrator's password"
   changePassword(currentPassword: String!, email: String!, newPassword: String!, project: String!): Boolean!
   "Creates a new administrator"
-  createAdministrator(email: String!, project: String!, regionId: Int, role: Role!): Boolean!
+  createAdministrator(email: String!, project: String!, regionId: Int, role: Role!, sendWelcomeMail: Boolean!): Boolean!
   "Deletes the application with specified id"
   deleteApplication(applicationId: Int!): Boolean!
   "Reset the administrator's password"

From b7244cf0753616a44083800445b960d968aecc7d Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 19 Dec 2022 00:27:15 +0100
Subject: [PATCH 4/9] 665: Improve CreateUserDialog for Region Admins

---
 .../src/components/users/CreateUserDialog.tsx | 76 +++++++++++++----
 .../users/ManageUsersController.tsx           | 10 +--
 .../src/components/users/UsersTable.tsx       | 84 +++++++------------
 .../graphql/users/createAdministrator.graphql | 16 +++-
 4 files changed, 109 insertions(+), 77 deletions(-)

diff --git a/administration/src/components/users/CreateUserDialog.tsx b/administration/src/components/users/CreateUserDialog.tsx
index d42b4b5f4..fbe7db475 100644
--- a/administration/src/components/users/CreateUserDialog.tsx
+++ b/administration/src/components/users/CreateUserDialog.tsx
@@ -1,4 +1,4 @@
-import { Button, Classes, Dialog, FormGroup, HTMLSelect, InputGroup } from '@blueprintjs/core'
+import { Button, Checkbox, Classes, Dialog, FormGroup, HTMLSelect, InputGroup } from '@blueprintjs/core'
 import { useContext, useState } from 'react'
 import styled from 'styled-components'
 import { Role, useCreateAdministratorMutation } from '../../generated/graphql'
@@ -7,6 +7,7 @@ import RoleHelpButton from './RoleHelpButton'
 import { roleToText } from './UsersTable'
 import { ProjectConfigContext } from '../../project-configs/ProjectConfigContext'
 import RegionSelector from '../RegionSelector'
+import { ApolloError } from '@apollo/client'
 
 const RoleFormGroupLabel = styled.span`
   & span {
@@ -14,53 +15,90 @@ const RoleFormGroupLabel = styled.span`
   }
 `
 
-const RoleSelector = ({ role, onChange }: { role: Role | null; onChange: (role: Role | null) => void }) => {
+const RoleSelector = ({
+  role,
+  onChange,
+  hideProjectAdmin,
+}: {
+  role: Role | null
+  onChange: (role: Role | null) => void
+  hideProjectAdmin: boolean
+}) => {
   return (
     <HTMLSelect fill onChange={e => onChange((e.target.value as Role | null) ?? null)} value={role ?? ''} required>
       <option value='' disabled>
         Auswählen...
       </option>
-      <option value={Role.ProjectAdmin}>{roleToText(Role.ProjectAdmin)}</option>
+      {hideProjectAdmin ? null : <option value={Role.ProjectAdmin}>{roleToText(Role.ProjectAdmin)}</option>}
       <option value={Role.RegionAdmin}>{roleToText(Role.RegionAdmin)}</option>
       <option value={Role.RegionManager}>{roleToText(Role.RegionManager)}</option>
     </HTMLSelect>
   )
 }
 
+const getMessageFromApolloError = (error: ApolloError): string => {
+  const defaultMessage = 'Etwas ist schief gelaufen.'
+  if (error.graphQLErrors.length !== 1) {
+    return defaultMessage
+  }
+  const graphQLError = error.graphQLErrors[0]
+  if ('code' in graphQLError.extensions) {
+    switch (graphQLError.extensions['code']) {
+      case 'EMAIL_ALREADY_EXISTS':
+        return 'Die Email-Adresse wird bereits verwendet.'
+    }
+  }
+  return defaultMessage
+}
+
 const CreateUserDialog = ({
   isOpen,
   onClose,
   onSuccess,
+  regionIdOverride,
 }: {
   isOpen: boolean
   onClose: () => void
   onSuccess: () => void
+  // If regionIdOverride is set, the region selector will be hidden, and only RegionAdministrator and RegionManager
+  // roles are selectable.
+  regionIdOverride: number | null
 }) => {
   const appToaster = useAppToaster()
   const [email, setEmail] = useState('')
   const [role, setRole] = useState<Role | null>(null)
   const [regionId, setRegionId] = useState<number | null>(null)
+  const [sendWelcomeMail, setSendWelcomeMail] = useState(true)
   const project = useContext(ProjectConfigContext).projectId
   const rolesWithRegion = [Role.RegionManager, Role.RegionAdmin]
 
   const [createAdministrator, { loading }] = useCreateAdministratorMutation({
     onError: error => {
       console.error(error)
-      appToaster?.show({ intent: 'danger', message: 'Es ist etwas schief gelaufen.' })
+      appToaster?.show({ intent: 'danger', message: 'Fehler: ' + getMessageFromApolloError(error) })
     },
     onCompleted: () => {
-      appToaster?.show({ intent: 'success', message: 'Verwalter erfolgreich erstellt.' })
+      appToaster?.show({ intent: 'success', message: 'Benutzer erfolgreich erstellt.' })
       onClose()
       onSuccess()
       // Reset State
       setEmail('')
       setRole(null)
       setRegionId(null)
+      setSendWelcomeMail(true)
     },
   })
 
+  const getRegionId = () => {
+    if (regionIdOverride !== null) {
+      return regionIdOverride
+    } else {
+      return role !== null && rolesWithRegion.includes(role) ? regionId : null
+    }
+  }
+
   return (
-    <Dialog title='Verwalter hinzufügen' isOpen={isOpen} onClose={onClose}>
+    <Dialog title='Benutzer hinzufügen' isOpen={isOpen} onClose={onClose}>
       <form
         onSubmit={e => {
           e.preventDefault()
@@ -69,7 +107,8 @@ const CreateUserDialog = ({
               project,
               email,
               role: role as Role,
-              regionId: role !== null && rolesWithRegion.includes(role) ? regionId : null,
+              regionId: getRegionId(),
+              sendWelcomeMail,
             },
           })
         }}>
@@ -89,20 +128,25 @@ const CreateUserDialog = ({
                 Rolle <RoleHelpButton />
               </RoleFormGroupLabel>
             }>
-            <RoleSelector role={role} onChange={setRole} />
+            <RoleSelector role={role} onChange={setRole} hideProjectAdmin={regionIdOverride !== null} />
           </FormGroup>
-          {role === null || !rolesWithRegion.includes(role) ? null : (
-            <div className={Classes.FORM_GROUP}>
-              <div className={Classes.LABEL}>Region</div>
-              <div className={Classes.FORM_CONTENT}>
-                <RegionSelector onSelect={region => setRegionId(region.id)} selectedId={regionId} />
-              </div>
-            </div>
+          {regionIdOverride !== null || role === null || !rolesWithRegion.includes(role) ? null : (
+            <FormGroup label='Region'>
+              <RegionSelector onSelect={region => setRegionId(region.id)} selectedId={regionId} />
+            </FormGroup>
           )}
+          <FormGroup>
+            <Checkbox checked={sendWelcomeMail} onChange={e => setSendWelcomeMail(e.currentTarget.checked)}>
+              <b>Sende eine Willkommens-Email.</b>
+              <br />
+              Diese Email enthält einen Link, mit dem das Passwort des Accounts gesetzt werden kann. Der Link ist 24
+              Stunden gültig.
+            </Checkbox>
+          </FormGroup>
         </div>
         <div className={Classes.DIALOG_FOOTER}>
           <div className={Classes.DIALOG_FOOTER_ACTIONS}>
-            <Button type='submit' intent='primary' text='Verwalter hinzufügen' loading={loading} />
+            <Button type='submit' intent='success' text='Benutzer hinzufügen' icon='add' loading={loading} />
           </div>
         </div>
       </form>
diff --git a/administration/src/components/users/ManageUsersController.tsx b/administration/src/components/users/ManageUsersController.tsx
index 8f5473bee..3fd987a9c 100644
--- a/administration/src/components/users/ManageUsersController.tsx
+++ b/administration/src/components/users/ManageUsersController.tsx
@@ -27,8 +27,8 @@ const RefetchCard = (props: { refetch: () => void }) => {
 const UsersTableContainer = ({ children, title }: { children: ReactElement; title: string }) => {
   return (
     <StandaloneCenter>
-      <Card style={{ maxWidth: '800px', margin: '16px' }}>
-        <H3>{title}</H3>
+      <Card style={{ maxWidth: '1200px', margin: '16px' }}>
+        <H3 style={{ textAlign: 'center' }}>{title}</H3>
         {children}
       </Card>
     </StandaloneCenter>
@@ -53,7 +53,7 @@ const ManageProjectUsers = () => {
 
   return (
     <UsersTableContainer title={`Alle Benutzer von '${projectName} - Verwaltung'`}>
-      <UsersTable users={users} regions={regions} showRegion={true} refetch={usersQuery.refetch} />
+      <UsersTable users={users} regions={regions} refetch={usersQuery.refetch} />
     </UsersTableContainer>
   )
 }
@@ -75,8 +75,8 @@ const ManageRegionUsers = ({ region }: { region: Region }) => {
   const users = usersQuery.data!!.users
 
   return (
-    <UsersTableContainer title={`Alle Verwalter der Region '${region.name}'`}>
-      <UsersTable users={users} regions={regions} showRegion={false} refetch={usersQuery.refetch} />
+    <UsersTableContainer title={`Alle Verwalter der Region '${region.prefix} ${region.name}'`}>
+      <UsersTable users={users} regions={regions} selectedRegionId={region.id} refetch={usersQuery.refetch} />
     </UsersTableContainer>
   )
 }
diff --git a/administration/src/components/users/UsersTable.tsx b/administration/src/components/users/UsersTable.tsx
index 26355c10d..b0939c6a5 100644
--- a/administration/src/components/users/UsersTable.tsx
+++ b/administration/src/components/users/UsersTable.tsx
@@ -1,10 +1,10 @@
-import { Button, ButtonGroup, H4 } from '@blueprintjs/core'
-import { Popover2 } from '@blueprintjs/popover2'
+import { Button } from '@blueprintjs/core'
 import { useState } from 'react'
 import styled from 'styled-components'
 import { Administrator, Region, Role } from '../../generated/graphql'
 import { useAppToaster } from '../AppToaster'
 import CreateUserDialog from './CreateUserDialog'
+import RoleHelpButton from './RoleHelpButton'
 
 const StyledTable = styled.table`
   border-spacing: 0;
@@ -17,54 +17,28 @@ const StyledTable = styled.table`
   & th {
     margin: 0;
     padding: 16px;
+    text-align: center;
   }
-`
 
-const RoleHelpButton = () => {
-  return (
-    <Popover2
-      content={
-        <div style={{ padding: '10px' }}>
-          <H4 style={{ textAlign: 'center' }}>Welche Rollen haben welche Berechtigungen?</H4>
-          <ul>
-            <li>
-              <b>Administrator:</b>
-              <ul>
-                <li>Kann verwaltende Benutzer in allen Regionen verwalten.</li>
-              </ul>
-            </li>
-            <li>
-              <b>Regionsadministrator:</b>
-              <ul>
-                <li>Kann verwaltende Benutzer in seiner Region verwalten.</li>
-                <li>Kann digitale Karten in seiner Region erstellen.</li>
-                <li>Kann Anträge in seiner Region verwalten.</li>
-              </ul>
-            </li>
-            <li>
-              <b>Regionsverwalter:</b>
-              <ul>
-                <li>Kann digitale Karten in seiner Region erstellen.</li>
-                <li>Kann Anträge in seiner Region verwalten.</li>
-              </ul>
-            </li>
-          </ul>
-        </div>
-      }>
-      <Button icon='help' minimal />
-    </Popover2>
-  )
-}
+  & th {
+    position: sticky;
+    top: 0px;
+    background: white;
+    border-bottom: 1px solid lightgray;
+  }
+`
 
 const UsersTable = ({
   users,
   regions,
-  showRegion,
+  selectedRegionId = null,
   refetch,
 }: {
   users: Administrator[]
   regions: Region[]
-  showRegion: boolean
+  // If selectedRegionId is given, the users array is assumed to contain all users of that region.
+  // Moreover, the region column of the table is hidden.
+  selectedRegionId?: number | null
   refetch: () => void
 }) => {
   const appToaster = useAppToaster()
@@ -82,28 +56,29 @@ const UsersTable = ({
         <thead>
           <tr>
             <th>Email-Adresse</th>
-            {showRegion ? <th>Region</th> : null}
+            {selectedRegionId !== null ? null : <th>Region</th>}
             <th>
               Rolle <RoleHelpButton />
             </th>
+            <th>{/* Action Buttons */}</th>
           </tr>
         </thead>
         <tbody>
-          {users.map(user => (
-            <tr key={user.id}>
-              <td>{user.email}</td>
-              {showRegion ? (
-                <td>{user.regionId === null ? <i>(Keine)</i> : regions.find(r => r.id === user.regionId)?.name}</td>
-              ) : null}
-              <td>{roleToText(user.role)}</td>
-              <td>
-                <ButtonGroup minimal>
+          {users.map(user => {
+            const region = regions.find(r => r.id === user.regionId)
+            const regionName = region === undefined ? null : `${region.prefix} ${region.name}`
+            return (
+              <tr key={user.id}>
+                <td>{user.email}</td>
+                {selectedRegionId !== null ? null : <td>{regionName === null ? <i>(Keine)</i> : regionName}</td>}
+                <td>{roleToText(user.role)}</td>
+                <td>
                   <Button icon='edit' intent='warning' text='Bearbeiten' minimal onClick={showNotImplementedToast} />
                   <Button icon='trash' intent='danger' text='Entfernen' minimal onClick={showNotImplementedToast} />
-                </ButtonGroup>
-              </td>
-            </tr>
-          ))}
+                </td>
+              </tr>
+            )
+          })}
         </tbody>
       </StyledTable>
       <div style={{ padding: '16px', textAlign: 'center' }}>
@@ -112,6 +87,7 @@ const UsersTable = ({
           isOpen={createUserDialogOpen}
           onClose={() => setCreateUserDialogOpen(false)}
           onSuccess={refetch}
+          regionIdOverride={selectedRegionId}
         />
       </div>
     </>
diff --git a/administration/src/graphql/users/createAdministrator.graphql b/administration/src/graphql/users/createAdministrator.graphql
index 35a6859b5..275aaa3c1 100644
--- a/administration/src/graphql/users/createAdministrator.graphql
+++ b/administration/src/graphql/users/createAdministrator.graphql
@@ -1,3 +1,15 @@
-mutation createAdministrator($project: String!, $email: String!, $regionId: Int, $role: Role!) {
-  result: createAdministrator(project: $project, email: $email, regionId: $regionId, role: $role)
+mutation createAdministrator(
+  $project: String!
+  $email: String!
+  $regionId: Int
+  $role: Role!
+  $sendWelcomeMail: Boolean!
+) {
+  result: createAdministrator(
+    project: $project
+    email: $email
+    regionId: $regionId
+    role: $role
+    sendWelcomeMail: $sendWelcomeMail
+  )
 }

From 917a627f5ee00c3c5a12509fa0d685715e1a7b6c Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 19 Dec 2022 00:29:07 +0100
Subject: [PATCH 5/9] 665: Make Navbar height auto

---
 administration/src/components/Navigation.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/administration/src/components/Navigation.tsx b/administration/src/components/Navigation.tsx
index e8bd91e08..1e2982cc3 100644
--- a/administration/src/components/Navigation.tsx
+++ b/administration/src/components/Navigation.tsx
@@ -16,7 +16,7 @@ const Navigation = (props: Props) => {
   const region = useContext(RegionContext)
   const role = useContext(AuthContext).data?.administrator.role
   return (
-    <Navbar>
+    <Navbar style={{ height: 'auto' }}>
       <Navbar.Group>
         <Navbar.Heading>{config.name} Verwaltung</Navbar.Heading>
         <Navbar.Divider />

From 209b39581d9abd46b7139c6daa4acdf53cf2c4e3 Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 19 Dec 2022 09:39:11 +0100
Subject: [PATCH 6/9] Update administration/src/components/RegionSelector.tsx

---
 administration/src/components/RegionSelector.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/administration/src/components/RegionSelector.tsx b/administration/src/components/RegionSelector.tsx
index 7a9bb170c..1a160cb21 100644
--- a/administration/src/components/RegionSelector.tsx
+++ b/administration/src/components/RegionSelector.tsx
@@ -48,7 +48,7 @@ const RegionSelector = (props: { onSelect: (region: Region) => void; selectedId:
       itemRenderer={itemRenderer}
       filterable={true}
       itemListPredicate={(filter, items) =>
-        items.filter(region => region.name.toLowerCase().includes(filter.toLowerCase()))
+        items.filter(region => getTitle(region).toLowerCase().includes(filter.toLowerCase()))
       }
       fill
       itemListRenderer={renderMenu}

From c4e879c7d49665476f07439cb2188845965ff924 Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 19 Dec 2022 15:27:14 +0100
Subject: [PATCH 7/9] 665: Add check for role

---
 .../app/ehrenamtskarte/backend/auth/service/Authorizer.kt      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
index 6cc2101b5..af8bc8b00 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
@@ -56,7 +56,8 @@ object Authorizer {
             return true
         } else if (
             actingAdmin.role == Role.REGION_ADMIN.db_value &&
-            newAdminRegion != null && actingAdmin.regionId == newAdminRegion.id
+            newAdminRegion != null && actingAdmin.regionId == newAdminRegion.id &&
+            newAdminRole in setOf(Role.REGION_ADMIN, Role.REGION_MANAGER)
         ) {
             return true
         }

From 8414d36479565b18e080d9969da2cdbd2a764f81 Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 19 Dec 2022 15:30:10 +0100
Subject: [PATCH 8/9] 665: Rename authorization function

---
 .../app/ehrenamtskarte/backend/auth/service/Authorizer.kt       | 2 +-
 .../auth/webservice/schema/ManageUsersMutationService.kt        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
index af8bc8b00..733da37a1 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/service/Authorizer.kt
@@ -40,7 +40,7 @@ object Authorizer {
             mayViewUsersInProject(user, region.projectId.value)
     }
 
-    fun mayCreateAdministrator(
+    fun mayCreateUser(
         actingAdmin: AdministratorEntity,
         newAdminProjectId: Int,
         newAdminRole: Role,
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
index 2e5761a06..c5c2a6a8e 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
@@ -46,7 +46,7 @@ class ManageUsersMutationService {
             val projectEntity = ProjectEntity.find { Projects.project eq project }.first()
             val region = regionId?.let { RegionEntity.findById(it) }
 
-            if (!Authorizer.mayCreateAdministrator(actingAdmin, projectEntity.id.value, role, region)) {
+            if (!Authorizer.mayCreateUser(actingAdmin, projectEntity.id.value, role, region)) {
                 throw UnauthorizedException()
             }
 

From 6dc19e074172b5ff9220f4e857d8afad7bdd80c0 Mon Sep 17 00:00:00 2001
From: Michael Markl <marklmichael98@gmail.com>
Date: Mon, 26 Dec 2022 02:51:53 +0100
Subject: [PATCH 9/9] Adjust greeting

---
 .../auth/webservice/schema/ManageUsersMutationService.kt     | 5 +++--
 .../auth/webservice/schema/ResetPasswordMutationService.kt   | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
index c5c2a6a8e..759e924d6 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ManageUsersMutationService.kt
@@ -86,8 +86,9 @@ class ManageUsersMutationService {
             
             Dieser Link ist 24 Stunden gültig.
             
-            Mit freundlichen Grüßen,
-            Ihr Digitalfabrik Team
+            Dies ist eine automatisierte Nachricht. Antworten Sie nicht auf diese Email.
+            
+            - $administrationName
         """.trimIndent()
     }
 }
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ResetPasswordMutationService.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ResetPasswordMutationService.kt
index 796c1c5fa..25885f265 100644
--- a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ResetPasswordMutationService.kt
+++ b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/webservice/schema/ResetPasswordMutationService.kt
@@ -48,8 +48,9 @@ class ResetPasswordMutationService {
             
             Dieser Link ist 24 Stunden gültig.
             
-            Mit freundlichen Grüßen,
-            Ihr Digitalfabrik Team
+            Dies ist eine automatisierte Nachricht. Antworten Sie nicht auf diese Email.
+            
+            - $administrationName
         """.trimIndent()
     }