Show invitation summary when removing a user or revoking admin permissions

[sgiehl]

User Story:

As a Super User, I want to see a summary of a user’s already accepted and still pending invitations before I remove that user or change their permissions so that I can make an informed decision and improve security oversight.

Scope:

• When initiating an action that removes a user or removes the user’s Admin permission, display a summary of invitations that the affected user has sent (both pending and accepted).

• The summary includes enough detail to understand impact (for example counts and the list of invited email addresses or usernames, plus invitation status).

Out of Scope:

• Blocking invited users from accepting invitations when the inviter no longer exists or no longer has Admin permissions.

• Adding new invitation management actions (revoke, resend, transfer ownership) as part of this change.

Acceptance Criteria:

• Given a Super User is about to remove a user, when they open the removal confirmation flow, then they see an invitation summary for invitations sent by that user, split into Pending and Accepted (or clearly labeled statuses).

• Given a Super User is about to remove Admin permission from a user, when they open the permission change confirmation flow, then they see the same invitation summary for invitations sent by that user.

• Given the user has not sent any invitations, when the Super User performs either action, then the UI clearly states that there are no invitations associated with that user.

Risks:

• Privacy exposure: showing invited email addresses or identifiers in an admin-facing confirmation screen could reveal personal data, so the displayed fields must be appropriate and access-controlled.

• Performance and UX: fetching invitation data during critical flows (removal / permission change) could slow down confirmation dialogs or add complexity, especially if the user sent many invitations.