Allow org admin to create teams on UI (#8407)

* fix(client_initialization_utils.py): handle custom llm provider set with valid value not from model name

* fix(handle_jwt.py): handle groups not existing in jwt token

if user not in group, this won't exist

* fix(handle_jwt.py): add new `enforce_team_based_model_access` flag to jwt auth

allows proxy admin to enforce user can only call model if team has access

* feat(navbar.tsx): expose new dropdown in navbar - allow org admin to create teams within org context

* fix(navbar.tsx): remove non-functional cogicon

* fix(proxy/utils.py): include user-org memberships in `/user/info` response

return orgs user is a member of and the user role within org

* feat(organization_endpoints.py): allow internal user to query `/organizations/list` and get all orgs they belong to

enables org admin to select org they belong to, to create teams

* fix(navbar.tsx): show change in ui when org switcher clicked

* feat(page.tsx): update user role based on org they're in

allows org admin to create teams in the org context

* feat(teams.tsx): working e2e flow for allowing org admin to add new teams

* style(navbar.tsx): clarify switching orgs on UI is in BETA

* fix(organization_endpoints.py): handle getting but not setting members

* test: fix test

* fix(client_initialization_utils.py): revert custom llm provider handling fix - causing unintended issues

* docs(token_auth.md): cleanup docs

litellm/proxy/management_endpoints/organization_endpoints.py

@@ -160,6 +160,7 @@ async def new_organization(
                         "error": f"User not allowed to give access to model={m}. Models you have access to = {user_api_key_dict.models}"
                     },
                 )
+
     organization_row = LiteLLM_OrganizationTable(
         **data.json(exclude_none=True),
         created_by=user_api_key_dict.user_id or litellm_proxy_admin_name,
@@ -201,6 +202,7 @@ async def delete_organization():
     "/organization/list",
     tags=["organization management"],
     dependencies=[Depends(user_api_key_auth)],
+    response_model=List[LiteLLM_OrganizationTableWithMembers],
 )
 async def list_organization(
     user_api_key_dict: UserAPIKeyAuth = Depends(user_api_key_auth),
@@ -216,24 +218,34 @@ async def list_organization(
     if prisma_client is None:
         raise HTTPException(status_code=500, detail={"error": "No db connected"})
 
-    if (
-        user_api_key_dict.user_role is None
-        or user_api_key_dict.user_role != LitellmUserRoles.PROXY_ADMIN
-    ):
-        raise HTTPException(
-            status_code=401,
-            detail={
-                "error": f"Only admins can list orgs. Your role is = {user_api_key_dict.user_role}"
-            },
-        )
     if prisma_client is None:
         raise HTTPException(
             status_code=400,
             detail={"error": CommonProxyErrors.db_not_connected_error.value},
         )
-    response = await prisma_client.db.litellm_organizationtable.find_many(
-        include={"members": True}
-    )
+
+    # if proxy admin - get all orgs
+    if user_api_key_dict.user_role == LitellmUserRoles.PROXY_ADMIN:
+        response = await prisma_client.db.litellm_organizationtable.find_many(
+            include={"members": True}
+        )
+    # if internal user - get orgs they are a member of
+    else:
+        org_memberships = (
+            await prisma_client.db.litellm_organizationmembership.find_many(
+                where={"user_id": user_api_key_dict.user_id}
+            )
+        )
+        org_objects = await prisma_client.db.litellm_organizationtable.find_many(
+            where={
+                "organization_id": {
+                    "in": [membership.organization_id for membership in org_memberships]
+                }
+            },
+            include={"members": True},
+        )
+
+        response = org_objects
 
     return response