Refactor: [Web] get team invitation handling to support role filtering and use single request

[NdekoCode]

Refactor Get team invitation API handling to support role filtering and use single request

Previously we made 2 parallel requests to get all team invitations due to a Gauzy API bug that excluded EMPLOYEE roles by default. The backend bug is now fixed.

invitation-request.mp4

Solution

• Updated ITeamInvitationsRequest to accept roles?: ERoleName[] instead of role?: ERoleName
• Modified getTeamInvitationsRequest() to handle role arrays
• Simplified getAllTeamInvitationsRequest() to use single API call
• Updated client-side getTeamInvitations() to use single request
• Removed dual request workaround logic

Benefits

• Better performance (1 request instead of 2)
• Cleaner code without workaround logic
• Support for filtering multiple specific roles

No breaking changes. All existing functionality preserved.

Summary by CodeRabbit

• New Features
  • Multi-role filtering for team invitations — view invitations across multiple roles at once.
• Bug Fixes
  • Invitations list now reliably includes all roles, removing gaps from the previous workaround.
• Refactor
  • Invitations retrieval simplified to a single request for improved reliability and performance.
• Chores
  • Updated internal comments and docs to reflect the new all-roles behavior.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Switches invitation fetching from a two-request workaround to a single-request flow with optional multi-role filtering. Updates server requests, client service, and invite types accordingly. API route comments reflect the all-roles retrieval. Validation and error handling are aligned to the new single-call response.

Changes

Cohort / File(s)	Summary
API route comments apps/web/app/api/invite/route.ts, apps/web/app/api/roles/options/route.ts	Updated comments to state retrieval of all team invitations across roles; no functional changes.
Server invite requests apps/web/core/services/server/requests/invite.ts	Replaced role?: ERoleName with roles?: ERoleName[]; query building updated to support single or multiple roles; getAllTeamInvitationsRequest simplified to a single call (removed parallel requests + dedup); widened query param typing and updated docstrings and error logs.
Client invite service apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts	Replaced dual-call merge with single GET using optional roles filter; dynamic baseQuery construction; direct validation of response data; updated logs and docs.
Types/interfaces apps/web/core/types/interfaces/user/invite.ts	IGetInvitationRequest changed from role?: string to roles?: string[].

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant UI as API Route (UI)
  participant S as Server Request Layer
  participant INV as Invite API
  participant VAL as Validation

  rect rgba(200,220,255,0.25)
  note over UI,S: New flow — single request with optional multi-role filtering
  UI->>S: getAllTeamInvitationsRequest({ teamId, tenantId, organizationId })
  S->>INV: GET /invite?where[teamId]=...&where[role][name][i]=... (optional)
  INV-->>S: 200 OK { data, total, ... }
  S->>VAL: validatePaginationResponse(data)
  VAL-->>S: Validated result
  S-->>UI: Paginated invitations
  end

Loading

sequenceDiagram
  autonumber
  participant S as Server Request Layer
  participant INV as Invite API
  participant M as Merge/Dedup
  participant VAL as Validation

  rect rgba(255,240,200,0.25)
  note over S,VAL: Previous flow (replaced)
  par EMPLOYEE
    S->>INV: GET /invite?where[role][name]=EMPLOYEE
    INV-->>S: Page A
  and non-EMPLOYEE
    S->>INV: GET /invite?where[role][name][0..n]=others
    INV-->>S: Page B
  end
  S->>M: Combine + dedup
  M-->>S: Merged page
  S->>VAL: validatePaginationResponse(merged)
  VAL-->>S: Result
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• [Fix bug] Show pending invitations even when the team has only one member #3958 — Modifies invitation-related code and the invite interface shape (role handling), overlapping with the roles → roles[] change.
• [Feature] Show rejected expired and other non accepted invitations in the pending list with clear status indicators #3959 — Updates team-invitations API surface and client service signatures, overlapping request/query construction changes.
• Etp 84 web bug team invitations role filter inconsistency between frontend and backend #3994 — Touches invite request APIs and role-based fetching, related to the single-call multi-role approach.

Suggested labels

WEB, refactoring, optimization

Suggested reviewers

• evereq
• CREDO23

Poem

Thump-thump! I hop through code so bright,
One call now fetches invites in sight.
Roles in a row, no more duplicate chase,
Logs and validators in tidy place.
🥕✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 072e1a9 and 16bfee4.

📒 Files selected for processing (1)

• apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: deploy
• GitHub Check: Codacy Static Code Analysis

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/invitation-api-single-request

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ Unused code detected in the following changed files:

• apps/web/core/services/server/requests/invite.ts
• apps/web/core/types/interfaces/user/invite.ts

Please review these files and clean up the unused code.

[greptile-apps]

Greptile Summary

This PR refactors the team invitation API handling to eliminate a workaround that was necessary due to a backend Gauzy API bug. Previously, the API excluded EMPLOYEE roles by default, requiring the frontend to make two parallel requests (one for EMPLOYEE roles explicitly, one for non-EMPLOYEE roles) and then merge and deduplicate the results.

The main changes include:

Interface Updates: The ITeamInvitationsRequest type is updated to accept roles?: ERoleName[] instead of role?: ERoleName, enabling multiple role filtering in a single request. Similarly, IGetInvitationRequest is updated to use roles?: string[].

API Request Logic: The getTeamInvitationsRequest() function now handles role arrays with proper query parameter formatting - using single role format for one role and indexed array format for multiple roles. The getAllTeamInvitationsRequest() function is dramatically simplified from complex parallel request logic to a single API call.

Client Service: The client-side getTeamInvitations() method is refactored to use a single request instead of the previous Promise.all approach that combined two separate API calls and handled result deduplication.

Documentation Updates: Comments across multiple files are updated to remove "WORKAROUND" language and reflect the current single-request approach.

This refactor improves the codebase architecture by removing technical debt, enhances performance by reducing network calls from 2 to 1, and provides more flexible role filtering capabilities while maintaining full backward compatibility.

Confidence score: 4/5

• This PR is safe to merge with minimal risk as it removes workaround logic and simplifies the codebase
• Score reflects well-structured refactoring with proper fallback handling and maintained backward compatibility
• Pay close attention to the role filtering logic in getTeamInvitationsRequest() to ensure query parameter formatting works correctly

_{5 files reviewed, 2 comments}

_{Edit Code Review Bot Settings | Greptile}

[github-actions]

⚠️ Unused code detected in the following changed files:

• apps/web/core/services/server/requests/invite.ts
• apps/web/core/types/interfaces/user/invite.ts

Please review these files and clean up the unused code.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/web/app/api/invite/route.ts (1)

8-10: Unauthorized response lacks 401 status code

This path returns 200 with { error: 'Unauthorized' }, which can break clients and caching layers expecting proper HTTP semantics. Align with other routes (e.g., roles/options) and return 401.

Apply:

-  if (!user) {
-    return NextResponse.json({ error: 'Unauthorized' });
-  }
+  if (!user) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  }

🧹 Nitpick comments (4)

apps/web/core/types/interfaces/user/invite.ts (1)

76-81: Unify single vs multi-role query params (keep BC).

Keep role? for backward-compat, add roles?: ERoleName[] and mark role? deprecated.

 export interface TeamInvitationsQueryParams {
 	tenantId: string;
 	organizationId: string;
-	role?: ERoleName;
+	/** @deprecated use roles instead */
+	role?: ERoleName;
+	roles?: ERoleName[];
 	teamId: string;
 }

apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts (2)

111-122: Fix stray characters in comment + small cleanup.

There are two spurious “˝˝” characters; remove to avoid noise in diffs/search.

-			// Add role filter if roles are specified˝˝
+			// Add role filter if roles are specified

---

99-106: End-to-end enum typing for roles.

IGetInvitationRequest currently exposes roles?: string[]; prefer ERoleName[] to catch typos at compile time (server request already uses ERoleName[]).

Also applies to: 111-122

apps/web/app/api/invite/route.ts (1)

8-10: Normalize error payload shape across routes

This file uses { error: ... } while roles/options uses { errors: ... }. Consider standardizing to one key to simplify client handling.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15bde4c and 072e1a9.

📒 Files selected for processing (5)

• apps/web/app/api/invite/route.ts (1 hunks)
• apps/web/app/api/roles/options/route.ts (1 hunks)
• apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts (2 hunks)
• apps/web/core/services/server/requests/invite.ts (3 hunks)
• apps/web/core/types/interfaces/user/invite.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

apps/web/core/services/server/requests/invite.ts (1)

apps/web/core/types/schemas/user/invite.schema.ts (1)

• TInvite (159-159)

apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts (3)

apps/web/core/types/interfaces/user/invite.ts (1)

• IGetInvitationRequest (83-87)

apps/web/core/types/schemas/user/invite.schema.ts (2)

• TInvite (159-159)
• inviteSchema (39-42)

apps/web/core/types/schemas/utils/validation.ts (1)

• validatePaginationResponse (79-90)

🪛 GitHub Actions: Knip Review - Cleanup Unused Code - WEB

apps/web/core/types/interfaces/user/invite.ts

[error] 1-1: Unused code detected in changed file during unused-code-check step.

apps/web/core/services/server/requests/invite.ts

[error] 1-1: Unused code detected in changed file during unused-code-check step.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: deploy

🔇 Additional comments (7)

apps/web/core/types/interfaces/user/invite.ts (1)

1-88: All exported types/interfaces in invite.ts are referenced; no unused exports found

Likely an incorrect or invalid review comment.

apps/web/core/services/client/api/organizations/teams/invites/invite.service.ts (1)

131-138: Single-call fetch + schema validation — LGTM.

This removes the workaround cleanly and validates the paginated payload.

apps/web/core/services/server/requests/invite.ts (3)

54-60: Multi-role support implementation — LGTM.

Role-array handling and query construction look correct and consistent with client.

Also applies to: 68-100

---

102-120: Simplified “all roles” path — LGTM.

Single request with no role filter is the right fix post-backend change.

---

1-225: Trim unused exports
Remove exports in apps/web/core/services/server/requests/invite.ts that aren’t referenced elsewhere.

apps/web/app/api/roles/options/route.ts (1)

72-80: Add inline note clarifying roles filtering

The updated comment correctly highlights that omitting roles fetches all invitations. Add a brief inline note that passing roles?: ERoleName[] will restrict results to those roles. Manual verification required—placeholder-based curl commands didn’t execute, so please test this behavior in your environment.

apps/web/app/api/invite/route.ts (1)

12-20: Comment accurately documents all-roles retrieval

The note matches the new single-request flow and default behavior when roles is omitted.

[evereq]

@CREDO23 please review PR and let us know if you spot any issues / things to improve etc

[NdekoCode]

@CREDO23 please review PR and let us know if you spot any issues / things to improve etc

@CREDO23 it based on this Slack Conversation https://evereq.slack.com/archives/GL1QGDRD5/p1756140738057259

Let me know if you need more info, take time to review it carefully please