Organization API / Controller Support

[nairaj2]

❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.

Overview

Implement backend API and controller support for the new Organization and OrganizationRole models introduced in #5962. This enables organizations, membership, roles and invitation workflows to be managed

Complexity: Medium
Target branch: feature_organization_model

Context

Issue #5962 introduces the Organization and OrganizationRole models. Additional backend work is needed to support creating, updating, and managing organizations and memberships.

The Change

Add API and controller layer support for organizations and roles:

• Implement REST API endpoints for:
  - Organization CRUD (create, read, update, delete)
  - Organization membership listing
  - Role assignment and updates
  - Invitation handling (invite, accept, reject if applicable)
• Add permission checks based on OrganizationRole.permissions
• Ensure only authorized users can modify organization data
• Add pagination/filtering where appropriate
• Add API tests for all endpoints

Out of Scope

• Frontend user interface changes
• Changes to the Organization and OrganizationRole data models introduced in Add Organization and OrganizationRole models to studio #5962

Acceptance Criteria

• Organization management functionality
• Organization membership management functionality
• Organization roles can be assigned and updated
• Organization role permissions are enforced
• Invitation-related workflows are supported where applicable

Testing

• Automated tests cover organization management functionality
• Automated tests verify permission enforcement
• Automated tests cover membership and role management scenarios

AI usage

Used AI to create an initial draft, then edited and reviewed carefully focusing on expected behavior

[marcellamaki]

Hi @nairaj2 - thanks for opening an issue for this. Can you at a little bit more detail (even if it seems obvious 🙂 ), including about what the

Organization role permissions

actually are? Which roles will have which permissions?

Also just noting that I added this comment about invitations to #5953 which will impact the timeline of as it's prerequisite:

Invitation-related workflows are supported where applicable

Relatedly, please reuse the existing invitation mechanism in the work related to this PR. If you need support on how to do that, you're welcome to ask questions here in the comments/share ideas you have and ask for feedback, and members of the team can weigh in. Thanks!!