User CRUD

Without user management, organizations cannot onboard peer mentors or coordinators into the platform, making every other feature inaccessible. The invite-based flow removes the need for users to self-register, which is critical for a platform where org admins control who participates and in what role. This directly supports the multi-tenant model where each organization manages its own user base in isolation. Soft deactivation preserves historical data for Bufdir reporting and audit requirements - a hard delete would create referential gaps in activity and expense records. The feature also reduces coordinator overhead by giving org admins a single pane of glass for all user lifecycle operations, from invite through offboarding.

Built as a Next.js admin portal page with server-side rendering. The invite endpoint generates a time-limited signed token (JWT, 48h expiry) stored in the database and sent via email. The token links to the authentication module's onboarding flow where the user sets their password. User records are stored in the shared PostgreSQL `users` table; deactivation sets a `deactivated_at` timestamp rather than deleting rows. The users list page uses server-side pagination and filtering (by role, status, organization). All mutations go through the REST API (`/api/v1/admin/users`) with org-scoped authorization - org admins can only see and modify users within their own organization. Global admins can query across organizations. Role assignment is delegated to the Role Assignment feature to keep concerns separated.