From 463dc1232d8097ac17b328259697c85c4a9fa038 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Date: Thu, 12 Jun 2025 10:47:41 +1000
Subject: [PATCH] Add xmldoc for OrganizationUser (#5949)
---
.../AdminConsole/Entities/OrganizationUser.cs | 55 ++++++++++++++++++-
.../Enums/OrganizationUserStatusType.cs | 27 ++++++++-
2 files changed, 80 insertions(+), 2 deletions(-)
diff --git a/src/Core/AdminConsole/Entities/OrganizationUser.cs b/src/Core/AdminConsole/Entities/OrganizationUser.cs
index 9828482a7e..3166ebf3a8 100644
--- a/src/Core/AdminConsole/Entities/OrganizationUser.cs
+++ b/src/Core/AdminConsole/Entities/OrganizationUser.cs
@@ -1,4 +1,5 @@
using System.ComponentModel.DataAnnotations;
+using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.Interfaces;
using Bit.Core.Enums;
using Bit.Core.Models;
@@ -9,23 +10,75 @@ using Bit.Core.Utilities;
namespace Bit.Core.Entities;
+///
+/// An association table between one and one , representing that user's
+/// membership in the organization. "Member" refers to the OrganizationUser object.
+///
public class OrganizationUser : ITableObject, IExternal, IOrganizationUser
{
+ ///
+ /// A unique random identifier.
+ ///
public Guid Id { get; set; }
+ ///
+ /// The ID of the Organization that the user is a member of.
+ ///
public Guid OrganizationId { get; set; }
+ ///
+ /// The ID of the User that is the member. This is NULL if the Status is Invited (or Invited and then Revoked), because
+ /// it is not linked to a specific User yet.
+ ///
public Guid? UserId { get; set; }
+ ///
+ /// The email address of the user invited to the organization. This is NULL if the Status is not Invited (or
+ /// Invited and then Revoked), because in that case the OrganizationUser is linked to a User
+ /// and the email is stored on the User object.
+ ///
[MaxLength(256)]
public string? Email { get; set; }
+ ///
+ /// The Organization symmetric key encrypted with the User's public key. NULL if the user is not in a Confirmed
+ /// (or Confirmed and then Revoked) status.
+ ///
public string? Key { get; set; }
+ ///
+ /// The User's symmetric key encrypted with the Organization's public key. NULL if the OrganizationUser
+ /// is not enrolled in account recovery.
+ ///
public string? ResetPasswordKey { get; set; }
+ ///
public OrganizationUserStatusType Status { get; set; }
+ ///
+ /// The User's role in the Organization.
+ ///
public OrganizationUserType Type { get; set; }
-
+ ///
+ /// An ID used to identify the OrganizationUser with an external directory service. Used by Directory Connector
+ /// and SCIM.
+ ///
[MaxLength(300)]
public string? ExternalId { get; set; }
+ ///
+ /// The date the OrganizationUser was created, i.e. when the User was first invited to the Organization.
+ ///
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
+ ///
+ /// The last date the OrganizationUser entry was updated.
+ ///
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
+ ///
+ /// A json blob representing the of the OrganizationUser if they
+ /// are a Custom user role (i.e. the is Custom). MAY be NULL if they are not
+ /// a custom user, but this is not guaranteed; do not use this to determine their role.
+ ///
+ ///
+ /// Avoid using this property directly - instead use the and
+ /// helper methods.
+ ///
public string? Permissions { get; set; }
+ ///
+ /// True if the User has access to Secrets Manager for this Organization, false otherwise.
+ ///
public bool AccessSecretsManager { get; set; }
public void SetNewId()
diff --git a/src/Core/AdminConsole/Enums/OrganizationUserStatusType.cs b/src/Core/AdminConsole/Enums/OrganizationUserStatusType.cs
index 576e98ea74..3b4098715d 100644
--- a/src/Core/AdminConsole/Enums/OrganizationUserStatusType.cs
+++ b/src/Core/AdminConsole/Enums/OrganizationUserStatusType.cs
@@ -1,9 +1,34 @@
-namespace Bit.Core.Enums;
+using Bit.Core.Entities;
+namespace Bit.Core.Enums;
+
+///
+/// Represents the different stages of a member's lifecycle in an organization.
+/// The object is populated differently depending on their Status.
+///
public enum OrganizationUserStatusType : short
{
+ ///
+ /// The OrganizationUser entry only represents an invitation to join the organization. It is not linked to a
+ /// specific User yet.
+ ///
Invited = 0,
+ ///
+ /// The User has accepted the invitation and linked their User account to the OrganizationUser entry.
+ ///
Accepted = 1,
+ ///
+ /// An administrator has granted the User access to the organization. This is the final step in the User becoming
+ /// a "full" member of the organization, including a key exchange so that they can decrypt organization data.
+ ///
Confirmed = 2,
+ ///
+ /// The OrganizationUser has been revoked from the organization and cannot access organization data while in this state.
+ ///
+ ///
+ /// An OrganizationUser may move into this status from any other status, and will move back to their original status
+ /// if restored. This allows an administrator to easily suspend and restore access without going through the
+ /// Invite flow again.
+ ///
Revoked = -1,
}