There was recently a fix for 2.3 related to how GET_ORGANIZATION permission works: #1139

The summary of the issue is that if you are a member of an environment team or dataset team then you will not have GET_ORGANIZATION permission and that will cause multiple issues in data.all UI:

• You will not be able to list environments in the environment UI and get an error saying that you do not have a GET_ORGANIZATION permission
• You will see organizations in the Organizations list but if you try to view an organization you will not be able to view it (there won't even be a UI error and graphql response will contain an error. This should also be fixed).

The PR above partially fixes this issue by adding a new organization resolver which does not require a GET_ORGANIZATION permission. This means that anyone can view some basic information about any organization.

I argue that this fix is ultimately not the best one and the way it should work is this:

If you are a member of an environment team or any dataset team on that environment then you should be granted GET_ORGANIZATION permission on that organization implicitly even if your team is not directly invited into an organization. Logically this makes sense:

1. You can only create environments with a specific environment team if that environment is invited to the organization (if that is not the case today then this should be fixed)
2. We do not invite dataset teams into organizations because the only reason to invite teams into organizations is to let them create environments.

To summarize:

1. Require that creating an environment in an organization with a team requires that that team is invited into the organization. This will ensure that this team will always have the GET_ORGANIZATION permission.
2. Any dataset team when it is invited to an environment should also be at the same time given the GET_ORGANIZATION permission on the organization. It should be removed if the dataset team is removed from the environment.

Additionally we should add tests to check that dataset teams can view organizations or that they are granted GET_ORGANIZATION permission upon invitation. Also to make sure we test this for environment teams when they are invited to organizations.