Add init link.

API/ROLAC.API/Controllers/InvitationsController.cs

@@ -0,0 +1,39 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using ROLAC.API.Authorization;
+using ROLAC.API.DTOs.Invitations;
+using ROLAC.API.Services;
+
+namespace ROLAC.API.Controllers;
+
+/// <summary>
+/// Admin endpoints for generating and e-mailing first-login invitation links.
+/// The public consume/validate endpoints live on <see cref="AuthController"/> so they can set the
+/// refresh-token cookie and stay anonymous.
+/// </summary>
+[ApiController]
+[Route("api/invitations")]
+[Authorize]
+public class InvitationsController : ControllerBase
+{
+    private readonly IInvitationService _invitations;
+    public InvitationsController(IInvitationService invitations) => _invitations = invitations;
+
+    /// <summary>POST /api/invitations — generate a link for a member; returns { token, expiresAt }.</summary>
+    [HttpPost]
+    [HasPermission(Modules.Users, PermissionActions.Write)]
+    public async Task<IActionResult> Create([FromBody] CreateInvitationRequest request)
+    {
+        try   { return Ok(await _invitations.CreateAsync(request)); }
+        catch (InvalidOperationException ex) { return BadRequest(new { message = ex.Message }); }
+    }
+
+    /// <summary>POST /api/invitations/send — e-mail an already-generated link to the member.</summary>
+    [HttpPost("send")]
+    [HasPermission(Modules.Users, PermissionActions.Write)]
+    public async Task<IActionResult> Send([FromBody] SendInvitationRequest request)
+    {
+        try   { await _invitations.SendEmailAsync(request.MemberId, request.Link); return NoContent(); }
+        catch (InvalidOperationException ex) { return BadRequest(new { message = ex.Message }); }
+    }
+}