Organization API / Controller Support

[nairaj2]

❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.

Overview

Implement backend API and controller support for the new Organization and OrganizationRole models introduced in #5962. This enables organizations, membership, roles and invitation workflows to be managed

Complexity: Medium
Target branch: feature_organization_model

Context

Issue #5962 introduces the Organization and OrganizationRole models. Additional backend work is needed to support creating, updating, and managing organizations and memberships.

The Change

Add API and controller layer support for organizations and roles:

• Implement REST API endpoints for:

  • Organization CRUD (create, read, update, delete)
  • Organization membership listing
  • Role assignment and updates

• Ensure only authorized users can modify organization data

• Add pagination/filtering where appropriate

• Add API tests for all endpoints

• Add permission checks based on OrganizationRole.permissions

The following role permissions should be enforced:

• Organization Admin (ORGANIZATION_ADMIN)

  • Manage organization settings and metadata
  • Manage organization membership
  • Assign and update organization roles
  • Create, update, and delete organization-owned channels

• Organization Editor (ORGANIZATION_EDITOR)

  • Create and update organization-owned channels and content
  • View organization membership
  • Cannot manage organization membership
  • Cannot assign roles
  • Cannot modify organization settings

• Organization Viewer (ORGANIZATION_VIEWER)

  • Read-only access to organization resources
  • Cannot modify channels, content, membership, roles, or settings

Out of Scope

• Frontend user interface changes
• Changes to the Organization and OrganizationRole data models introduced in Add Organization and OrganizationRole models to studio #5962

Acceptance Criteria

• Organization management functionality
• Organization membership management functionality
• Organization roles can be assigned and updated
• Organization admin role permissions are enforced
• Organization editor role permissions are enforced
• Organization viewer role permissions are enforced
• Pagination and Filtering are available where appropriate

Testing

• Automated tests cover organization management functionality
• Automated tests verify permission enforcement
• Automated tests cover membership and role management scenarios

AI usage

Used AI to create an initial draft, then edited and reviewed carefully focusing on expected behavior

[marcellamaki]

Hi @nairaj2 - thanks for opening an issue for this. Can you at a little bit more detail (even if it seems obvious 🙂 ), including about what the

Organization role permissions

actually are? Which roles will have which permissions?

Also just noting that I added this comment about invitations to #5953 which will impact the timeline of as it's prerequisite:

Invitation-related workflows are supported where applicable

Relatedly, please reuse the existing invitation mechanism in the work related to this PR. If you need support on how to do that, you're welcome to ask questions here in the comments/share ideas you have and ask for feedback, and members of the team can weigh in. Thanks!!