feat: add client-side RemoveMultipleOrgUsersMutation

[tianrunhe]

Description

Following up #10675, this PR is the client-side mutation

Final checklist

• I checked the code review guidelines
• I have added Metrics Representative as reviewer(s) if my PR invovles metrics/data/analytics related changes
• I have performed a self-review of my code, the same way I'd do it for any other team member
• I have tested all cases I listed in the testing scenarios and I haven't found any issues or regressions
• Whenever I took a non-obvious choice I added a comment explaining why I did it this way
• I added the label Skip Maintainer Review Indicating the PR only requires reviewer review and can be merged right after it's approved if the PR introduces only minor changes, does not contain any architectural changes or does not introduce any new patterns and I think one review is sufficient'
• PR title is human readable and could be used in changelog

[Dschoordsch]

Did not test

[Dschoordsch]

Wow, that's quite convoluted. From reviewing this I get the impression that removeOrgUser should be half-broken currently.

[Dschoordsch]

-1 organization is currently unused. It also might not be able to resolve all fields for kicked out users as they're not a member anymore. As we need this for the kicked out users for their updates, add an organizationId field.

[Dschoordsch]

-1 if we handle refreshing the auth token correctly, this update should not reach the kicked out users. Instead all the updates for the kicked should be done in the notification subscription.

[Dschoordsch]

-1 This will be empty for the kicked out use because they are not a team member anymore:

parabol/packages/server/graphql/types/Team.ts

Line 218 in 73c64d6

if (!isTeamMember(authToken, teamId)) return []

I think it would be better to have a flat kickOutNotifications object with just constant fields and no nested objects.

[Dschoordsch]

-1 This should not reach the kicked out user anymore

[tianrunhe]

Hey @Dschoordsch , thanks so much for taking time to review this. I agree it's quite complicated and it also makes me wonder if removeOrgUser ever worked correctly. Here's my ongoing plan:

1. For this PR, I'd be focusing on making RemoveMultipleOrgUsersMutation work perfectly. I'll leave RemoveOrgUserMutation as-is.
2. When this PR is merged, I'd open a new PR to rename removeMultipleOrgUsers to removeOrgUsers
3. Finally, I'll remove removeOrgUser and replace all the client side call with the plural version removeOrgUsers

Sounds good?

[tianrunhe]

@Dschoordsch now with regards to this PR specifically, I have a doubt on this statement you made:

With the new auth token the kicked off users will need to update their subscriptions and then won't receive TEAM and ORGANIZATION updates for teams and orgs they're not a part of anymore

The unsubscribe operation comes with 1 second delay. In my test, the removed users would still get all the updates from the team/org they were removed from?