feat: made organization role api available for identity and external use

[akhilmhdh]

Context

This PR is part of implementing terraform resource for organization role.

Main changes

1. Enabled identity based usage over organization role and added descriptions
2. Before making it public, I removed the organisation ID explicitly from the URL parameters. Organisation ID usage is a remnant of an old pattern and we’ve long since moved away from passing it in the URL. Instead we use token-scoped IDs.
3. Respective changes in frontend hooks and i am still passing organization id in frontend because on org change this will invalidate the cache.

Screenshots

• Organization role page continues to work as it.

Steps to verify the change

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR refactors organization role APIs to support identity-based authentication and removes the legacy pattern of passing organizationId in URL paths. The API now uses token-scoped organization IDs from authentication context instead.

Key Changes:

• Removed organizationId from all URL paths (e.g., /api/v1/organization/:organizationId/roles → /api/v1/organization/roles)
• Added AuthMode.IDENTITY_ACCESS_TOKEN support to all organization role endpoints
• Added comprehensive API documentation metadata (descriptions, security schemas, tags)
• Added new endpoint: GET /api/v1/organization/roles/slug/:roleSlug for fetching roles by slug
• Updated response schema structure for list endpoint (changed from nested data.roles to roles)
• Frontend maintains orgId in query keys for proper cache invalidation on organization changes

Breaking Change Note:
This is a breaking API change for external consumers (Terraform, API users) as all URL paths have changed. The old /api/v1/organization/:organizationId/roles/* endpoints are being replaced with /api/v1/organization/roles/* endpoints that derive organization context from the authentication token.

Confidence Score: 4/5

• This PR is safe to merge with one minor cleanup needed in frontend.
• The refactoring is well-executed and follows established patterns in the codebase. Security is maintained through token-scoped organization access. One point deducted for: (1) breaking API changes that affect external consumers, and (2) minor inefficiency in frontend delete method passing unused orgId parameter.
• Pay attention to frontend/src/hooks/api/roles/mutation.tsx which has an unused parameter in the delete method.

Important Files Changed

Filename	Overview
backend/src/ee/routes/v1/org-role-router.ts	Removed organizationId from URL paths, enabled identity auth, added API docs metadata. Clean refactor following token-scoped pattern.
frontend/src/hooks/api/roles/mutation.tsx	Updated API URLs to remove organizationId from path. Delete method still sends unused orgId in body.
frontend/src/hooks/api/roles/queries.tsx	Updated API URLs and response structure. Maintains orgId in query keys for cache invalidation as intended.

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[victorvhs017]

All endpoints tested and documentation reviewed.

LGTM!