bitwarden_organizations/lib.rs
1#![doc = include_str!("../README.md")]
2
3#[cfg(feature = "uniffi")]
4uniffi::setup_scaffolding!();
5#[cfg(feature = "uniffi")]
6mod uniffi_support;
7
8use chrono::{DateTime, Utc};
9use serde::{Deserialize, Serialize};
10use serde_repr::{Deserialize_repr, Serialize_repr};
11use uuid::Uuid;
12
13/// The membership status of a user within an organization.
14#[derive(PartialEq, Serialize_repr, Deserialize_repr, Debug, Clone)]
15#[cfg_attr(feature = "uniffi", derive(uniffi::Enum))]
16#[repr(i8)]
17pub enum OrganizationUserStatusType {
18 /// The user's access has been revoked. This may occur at any time from any other status.
19 Revoked = -1,
20 /// The user has been invited but has not yet accepted.
21 Invited = 0,
22 /// The user has accepted the invitation but has not yet been confirmed by an admin.
23 Accepted = 1,
24 /// The user has been confirmed by an admin and has full access.
25 Confirmed = 2,
26}
27
28/// The role of a user within an organization.
29#[derive(PartialEq, Serialize_repr, Deserialize_repr, Debug, Clone)]
30#[cfg_attr(feature = "uniffi", derive(uniffi::Enum))]
31#[repr(u8)]
32pub enum OrganizationUserType {
33 /// Full administrative control over the organization.
34 Owner = 0,
35 /// Administrative access with most management capabilities.
36 Admin = 1,
37 /// Standard organization member.
38 User = 2,
39 // 3 was Manager, which has been permanently deleted
40 /// User with a customized set of permissions as indicated by
41 /// [`ProfileOrganization::permissions`].
42 Custom = 4,
43}
44
45/// The type of provider.
46#[derive(Serialize_repr, Deserialize_repr, Debug, Clone)]
47#[cfg_attr(feature = "uniffi", derive(uniffi::Enum))]
48#[repr(u8)]
49pub enum ProviderType {
50 /// Managed Service Provider - sells and manages its clients' Bitwarden organizations.
51 Msp = 0,
52 /// Reseller partner - sells Bitwarden to its clients but does not have any administrative
53 /// access.
54 Reseller = 1,
55 /// Business unit provider - used to manage multiple organizations which form part of a single
56 /// large enterprise.
57 BusinessUnit = 2,
58}
59
60/// The method used to decrypt organization member data.
61#[derive(Serialize_repr, Deserialize_repr, Debug, Clone)]
62#[cfg_attr(feature = "uniffi", derive(uniffi::Enum))]
63#[repr(u8)]
64pub enum MemberDecryptionType {
65 /// Decryption using the user's master password.
66 MasterPassword = 0,
67 /// Decryption via Key Connector.
68 KeyConnector = 1,
69 /// Decryption via Trusted Device Encryption.
70 TrustedDeviceEncryption = 2,
71}
72
73/// The subscription tier of an organization.
74#[derive(Serialize_repr, Deserialize_repr, Debug, Clone)]
75#[cfg_attr(feature = "uniffi", derive(uniffi::Enum))]
76#[repr(u8)]
77pub enum ProductTierType {
78 /// Free tier with limited features.
79 Free = 0,
80 /// Families plan for personal use.
81 Families = 1,
82 /// Teams plan for small organizations.
83 Teams = 2,
84 /// Enterprise plan with full features.
85 Enterprise = 3,
86 /// Starter tier for small teams.
87 TeamsStarter = 4,
88}
89
90/// Custom administrative permissions for an organization member with the
91/// [`OrganizationUserType::Custom`] role.
92#[derive(Default, Serialize, Deserialize, Debug, Clone)]
93#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
94#[serde(rename_all = "camelCase", default)]
95pub struct Permissions {
96 /// Can view the organization's event logs.
97 pub access_event_logs: bool,
98 /// Can import and export organization vault data.
99 pub access_import_export: bool,
100 /// Can access organization reports.
101 pub access_reports: bool,
102 /// Can create new collections.
103 pub create_new_collections: bool,
104 /// Can edit any collection, including those they are not assigned to.
105 pub edit_any_collection: bool,
106 /// Can delete any collection, including those they are not assigned to.
107 pub delete_any_collection: bool,
108 /// Can manage groups within the organization.
109 pub manage_groups: bool,
110 /// Can manage SSO configuration.
111 pub manage_sso: bool,
112 /// Can manage organization policies.
113 pub manage_policies: bool,
114 /// Can manage organization members.
115 pub manage_users: bool,
116 /// Can manage the account recovery (password reset) feature.
117 pub manage_reset_password: bool,
118 /// Can manage SCIM (System for Cross-domain Identity Management) configuration.
119 pub manage_scim: bool,
120}
121
122/// Organization membership details from the user's profile sync.
123///
124/// Contains the full set of entitlements, plan features, and metadata for a single
125/// organization that the current user belongs to.
126#[derive(Serialize, Deserialize, Debug, Clone)]
127#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
128#[serde(rename_all = "camelCase")]
129pub struct ProfileOrganization {
130 /// Unique identifier for the organization.
131 pub id: Uuid,
132 /// Display name of the organization.
133 pub name: String,
134 /// The user's membership status in the organization.
135 pub status: OrganizationUserStatusType,
136 /// The user's role in the organization.
137 pub r#type: OrganizationUserType,
138 /// Whether the organization is currently enabled.
139 pub enabled: bool,
140 /// Whether the organization has access to policies features.
141 pub use_policies: bool,
142 /// Whether the organization has access to groups features.
143 pub use_groups: bool,
144 /// Whether the organization has access to directory sync features.
145 pub use_directory: bool,
146 /// Whether the organization has access to event logging features.
147 pub use_events: bool,
148 /// Whether the organization can enforce TOTP for members.
149 pub use_totp: bool,
150 /// Whether the organization has access to two-factor authentication features.
151 pub use_2fa: bool,
152 /// Whether the organization has access to the Bitwarden Public API.
153 pub use_api: bool,
154 /// Whether the organization has access to SSO features.
155 pub use_sso: bool,
156 /// Whether the organization can manage verified domains.
157 pub use_organization_domains: bool,
158 /// Whether the organization uses Key Connector for decryption.
159 pub use_key_connector: bool,
160 /// Whether the organization has access to SCIM provisioning.
161 pub use_scim: bool,
162 /// Whether the organization can use the [`OrganizationUserType::Custom`] role.
163 pub use_custom_permissions: bool,
164 /// Whether the organization has access to the account recovery (admin password reset) feature.
165 pub use_reset_password: bool,
166 /// Whether the organization has access to Secrets Manager.
167 pub use_secrets_manager: bool,
168 /// Whether the organization has access to Password Manager.
169 pub use_password_manager: bool,
170 /// Whether the organization can use the activate autofill policy.
171 pub use_activate_autofill_policy: bool,
172 /// Whether the organization can automatically confirm new members without manual admin
173 /// approval.
174 pub use_automatic_user_confirmation: bool,
175 /// Whether the organization can create a license file for a self-hosted instance.
176 pub self_host: bool,
177 /// Whether organization members receive premium features.
178 pub users_get_premium: bool,
179 /// The number of licensed seats for the organization.
180 pub seats: u32,
181 /// The maximum number of collections the organization can create.
182 pub max_collections: u32,
183 /// The maximum encrypted storage in gigabytes, if limited.
184 pub max_storage_gb: Option<u32>,
185 /// Whether the current user's account is bound to this organization via SSO.
186 pub sso_bound: bool,
187 /// The organization's SSO identifier.
188 pub identifier: Option<String>,
189 /// The current user's custom permissions, relevant when [`OrganizationUserType::Custom`] is
190 /// the user's `type`.
191 pub permissions: Permissions,
192 /// Whether the current user is enrolled in account recovery for this organization.
193 pub reset_password_enrolled: bool,
194 /// The current user's personal user ID.
195 pub user_id: Option<Uuid>,
196 /// The current user's organization membership ID.
197 pub organization_user_id: Option<Uuid>,
198 /// Whether the organization has both a public and private key configured.
199 pub has_public_and_private_keys: bool,
200 /// The ID of the provider managing this organization, if any.
201 pub provider_id: Option<Uuid>,
202 /// The name of the provider managing this organization, if any.
203 pub provider_name: Option<String>,
204 /// The type of provider managing this organization, if any.
205 pub provider_type: Option<ProviderType>,
206 /// Whether the current user accesses this organization through a provider.
207 pub is_provider_user: bool,
208 /// Whether the current user is a direct member of this organization (as opposed to
209 /// provider-only access).
210 pub is_member: bool,
211 /// The friendly name of a pending families sponsorship, if any.
212 pub family_sponsorship_friendly_name: Option<String>,
213 /// Whether the organization can sponsor a families plan for the current user.
214 pub family_sponsorship_available: bool,
215 /// The subscription tier of the organization.
216 pub product_tier_type: ProductTierType,
217 /// Whether Key Connector is enabled for this organization.
218 pub key_connector_enabled: bool,
219 /// The URL of the Key Connector service, if enabled.
220 pub key_connector_url: Option<String>,
221 /// The date the families sponsorship was last synced, if applicable.
222 pub family_sponsorship_last_sync_date: Option<DateTime<Utc>>,
223 /// The date the families sponsorship expires, if applicable.
224 pub family_sponsorship_valid_until: Option<DateTime<Utc>>,
225 /// Whether the families sponsorship is scheduled for deletion.
226 pub family_sponsorship_to_delete: Option<bool>,
227 /// Whether the current user has access to Secrets Manager for this organization.
228 pub access_secrets_manager: bool,
229 /// Whether collection creation is restricted to owners and admins only.
230 ///
231 /// When `false`, any member can create collections and automatically receives manage
232 /// permissions over collections they create.
233 pub limit_collection_creation: bool,
234 /// Whether collection deletion is restricted to owners and admins only.
235 ///
236 /// When `true`, regular users cannot delete collections that they manage.
237 pub limit_collection_deletion: bool,
238 /// Whether item deletion is restricted to members with the Manage collection permission.
239 ///
240 /// When `false`, members with Edit permission can also delete items within their collections.
241 pub limit_item_deletion: bool,
242 /// Whether owners and admins have implicit manage permissions over all collections.
243 ///
244 /// When `true`, owners and admins can alter items, groups, and permissions across all
245 /// collections without requiring explicit collection assignments.
246 /// When `false`, admins can only access collections where they have been explicitly assigned.
247 pub allow_admin_access_to_all_collection_items: bool,
248 /// Whether the current user's account is managed by this organization.
249 pub user_is_managed_by_organization: bool,
250 /// Whether the organization has access to Access Intelligence features.
251 pub use_access_intelligence: bool,
252 /// Whether the organization can sponsor families plans for members (Families For Enterprises).
253 pub use_admin_sponsored_families: bool,
254 /// Whether Secrets Manager ads are disabled for users.
255 pub use_disable_sm_ads_for_users: bool,
256 /// Whether the organization's Families For Enterprises sponsorship was initiated by an admin.
257 pub is_admin_initiated: bool,
258 /// Whether SSO login is currently enabled for this organization.
259 pub sso_enabled: bool,
260 /// The decryption type used for SSO members, if SSO is enabled.
261 pub sso_member_decryption_type: Option<MemberDecryptionType>,
262 /// Whether the organization has access to phishing blocker features.
263 pub use_phishing_blocker: bool,
264 /// Whether the organization has access to the My Items collection feature.
265 /// This allows users to store personal items in the organization vault
266 /// if the Centralize Organization Ownership policy is enabled.
267 pub use_my_items: bool,
268}
269
270impl Default for ProfileOrganization {
271 fn default() -> Self {
272 ProfileOrganization {
273 id: Uuid::nil(),
274 name: String::new(),
275 status: OrganizationUserStatusType::Confirmed,
276 r#type: OrganizationUserType::User,
277 enabled: true,
278 use_policies: false,
279 use_groups: false,
280 use_directory: false,
281 use_events: false,
282 use_totp: false,
283 use_2fa: false,
284 use_api: false,
285 use_sso: false,
286 use_organization_domains: false,
287 use_key_connector: false,
288 use_scim: false,
289 use_custom_permissions: false,
290 use_reset_password: false,
291 use_secrets_manager: false,
292 use_password_manager: false,
293 use_activate_autofill_policy: false,
294 use_automatic_user_confirmation: false,
295 self_host: false,
296 users_get_premium: false,
297 seats: 0,
298 max_collections: 0,
299 max_storage_gb: None,
300 sso_bound: false,
301 identifier: None,
302 permissions: Permissions::default(),
303 reset_password_enrolled: false,
304 user_id: None,
305 organization_user_id: None,
306 has_public_and_private_keys: false,
307 provider_id: None,
308 provider_name: None,
309 provider_type: None,
310 is_provider_user: false,
311 is_member: true,
312 family_sponsorship_friendly_name: None,
313 family_sponsorship_available: false,
314 product_tier_type: ProductTierType::Free,
315 key_connector_enabled: false,
316 key_connector_url: None,
317 family_sponsorship_last_sync_date: None,
318 family_sponsorship_valid_until: None,
319 family_sponsorship_to_delete: None,
320 access_secrets_manager: false,
321 limit_collection_creation: false,
322 limit_collection_deletion: false,
323 limit_item_deletion: false,
324 allow_admin_access_to_all_collection_items: false,
325 user_is_managed_by_organization: false,
326 use_access_intelligence: false,
327 use_admin_sponsored_families: false,
328 use_disable_sm_ads_for_users: false,
329 is_admin_initiated: false,
330 sso_enabled: false,
331 sso_member_decryption_type: None,
332 use_phishing_blocker: false,
333 use_my_items: false,
334 }
335 }
336}