Role Select in user-create form cannot be selected; backend returns 500 on empty role

[marcosst]

Summary

The Role dropdown in the "Create User" form (POST /api/v1/users) renders the two available roles (account_owner, agent) but clicking on an option does not update the form state. The form can still be submitted, sending role: "" in the payload, which the auth-service backend does not handle gracefully — it raises ActiveRecord::RecordNotFound from AgentBuilder#assign_role and returns HTTP 500 instead of a 422 validation error.

Net effect: it is impossible to create a new user from the UI on a fresh Evo CRM Community deployment.

Environment

• Image: evoapicloud/evo-ai-frontend-community:latest (bundle index-C9CH5ekc.js)
• Backend: evoapicloud/evo-auth-service-community:latest
• Deploy: single-tenant (Community), two roles seeded (account_owner, agent)
• Browser: Chromium-based; reproduced with a fresh session (no cache)

Steps to reproduce

1. Log in as account_owner.
2. Go to Agents / Users → "New user".
3. Fill name, email, password, confirmPassword.
4. Try to select a role in the Role dropdown.
5. The two options render, but clicking does not select any — the visible value never changes.
6. Submit the form anyway.

Expected

• The Role dropdown selects the clicked option and sends the corresponding key (account_owner or agent) in the payload.
• If the role is missing/invalid, the backend responds with 422 Unprocessable Entity and a validation error, not 500.

Actual

Frontend

React console warning appears the moment the form is opened:

Select is changing from uncontrolled to controlled.
Components should not switch from controlled to uncontrolled (or vice versa).
Decide between using a controlled or uncontrolled value for the lifetime of the component.

This warning continues after interacting with the Select. The UI renders the options but clicking them does not fire the onChange — the component treats its own value as uncontrolled and ignores user input.

Request payload (from DevTools → Network)

POST /api/v1/users
{
  "name": "Marcos S",
  "email": "...",
  "role": "",
  "availability": "online",
  "password": "...",
  "confirmPassword": "...",
  "user": { "name": "Marcos S", "email": "...", "availability": "online" }
}

Note: "role": "" — no value was captured from the dropdown.

Backend response

HTTP 500 Internal Server Error. Relevant log:

Started POST "/api/v1/users" for ... at ...
Processing by Api::V1::UsersController#create as HTML
  Parameters: {"name"=>"Marcos S", "email"=>"[FILTERED]", "role"=>"", ...}
Permission check for users.create: has_permission=true
Internal Server Error: ActiveRecord::RecordNotFound -
  Couldn't find Role with [WHERE "roles"."key" = $1]
/rails/app/builders/agent_builder.rb:26:in 'AgentBuilder#assign_role'
/rails/app/builders/agent_builder.rb:10:in 'block in AgentBuilder#perform'
/rails/app/controllers/api/v1/users_controller.rb:28:in 'Api::V1::UsersController#create'

Suggested fixes

1. Frontend (primary): fix the Role Select so its value is controlled from the start (e.g. value="" initial state passed to the component) and its onChange correctly updates the form state. The "uncontrolled to controlled" warning is the smoking gun.
2. Backend (defence in depth): have AgentBuilder (or UsersController#create) validate the role param up front. Either rescue ActiveRecord::RecordNotFound or call Role.find_by(key: role) and return 422 with a clear validation error. A missing/invalid role should never produce a 500.

Workaround

Creating users directly via Rails console works:

AgentBuilder.new(
  email: "user@example.com",
  name: "Example",
  role: "agent",
  inviter: current_user,
  availability: "online"
).perform

This confirms the issue is confined to the frontend form + the backend's handling of an empty role — the builder itself is fine when called with valid parameters.