credential_exchange_format/extensions/
shared.rs

1use serde::{Deserialize, Serialize};
2
3use crate::B64Url;
4#[cfg(doc)]
5use crate::{Account, Collection, Item};
6
7/// Defines entity sharing between user accounts
8///
9/// Entities are shared by applying the [`SharedExtension`] extension to them.
10/// This extensions MUST only be applied to [`Collection`] and [`Item`].
11///
12/// Entities that are shared MUST only be included in the exports for accounts that are credential
13/// owners or admins of the entity.
14#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)]
15pub struct SharedExtension {
16    /// A list of [`SharingAccessor`] objects that represents users or groups
17    /// and their permissions with respect to access on the entity to which the [`SharedExtension`]
18    /// is applied.
19    pub accessors: Vec<SharingAccessor>,
20}
21
22/// A SharingAccessor represents a user or group and their access permissions with respect to an
23/// entity.
24#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)]
25#[serde(rename_all = "camelCase")]
26pub struct SharingAccessor {
27    /// Indicates the type of accessor for which permissions are defined.
28    /// Importers must ignore any SharingAccessor entries when this value is
29    /// [`SharingAccessorType::Unknown`].
30    #[serde(rename = "type")]
31    pub ty: SharingAccessorType,
32    /// This member specifies the [`Account`], identified by its [`Account::id`],
33    /// that has been given access to the shared entity by the current exporting Account.
34    pub account_id: B64Url,
35    /// This contains the accessor’s account name.
36    /// If [`Self::ty`] has the value [`SharingAccessorType::User`] this SHOULD be set to the
37    /// [`Account::username`]. If [`Self::ty`] has the value [`SharingAccessorType::Group`]
38    /// this SHOULD be set to the group’s name.
39    pub name: String,
40    /// The list of permissions that [`Account`] defined by [`Self::account_id`] has with respect
41    /// to access on the shared entity. Importers MUST ignore entries with value of
42    /// [`SharingAccessorPermission::Unknown`]. Importers MUST ignore any [`SharingAccessors=]
43    /// that have an empty permissions list, whether it’s been exported as empty or when it’s
44    /// empty as a result of ignoring all unknown entries.
45    pub permissions: Vec<SharingAccessorPermission>,
46}
47
48/// A SharingAccessorType indicates the type of accessor for which a [`SharingAccessor`] defines
49/// access permissions to the respective entity.
50#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)]
51#[serde(rename_all = "lowercase")]
52#[non_exhaustive]
53pub enum SharingAccessorType {
54    /// Indicates the respective [`SharingAccessor`] is describing a specific user’s [`Account`]'s
55    /// permissions on the shared entity.
56    User,
57    /// Indicates the respective [`SharingAccessor`] is describing a group of user’s permissions on
58    /// the shared entity.
59    Group,
60    /// An unknown [`SharingAccessorType`], this is meant for future compatibility.
61    #[serde(untagged)]
62    Unknown(String),
63}
64
65/// The SharingAccessorPermission encodes the level of access the accessing [`Account`] is given to
66/// the respective entity.
67#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)]
68#[serde(rename_all = "camelCase")]
69#[non_exhaustive]
70pub enum SharingAccessorPermission {
71    /// Indicates that the respective [`SharingAccessor`] has read permissions on the associated
72    /// entity, excluding its secrets. This generally means that the client prevents the user
73    /// from revealing the secret (e.g., a password) in its interface. However, the user is
74    /// often still allowed to use the secrets in an autofill context.
75    Read,
76    /// Indicates that the respective [`SharingAccessor`] has read permissions on the associated
77    /// entity, including its secrets.
78    ReadSecret,
79    /// Indicates that the respective [`SharingAccessor`] has update permissions on the associated
80    /// entity.
81    Update,
82    /// Indicates that the respective [`SharingAccessor`] has the permission to create sub-entities
83    /// for the associated entity, if applicable.
84    Create,
85    /// Indicates that the respective [`SharingAccessor`] has the permission to delete any of the
86    /// associated entity’s sub-entities, if applicable.
87    Delete,
88    /// Indicates that the respective [`SharingAccessor`] can share any of the associated entity’s
89    /// sub-entities with users or groups, if applicable.
90    Share,
91    /// Indicates that the respective [`SharingAccessor`] can manage the associated entity,
92    /// meaning they can edit the entity’s attributes, share it with others, etc.
93    Manage,
94    /// An unknown permission, this is meant for future compatibility.
95    #[serde(untagged)]
96    Unknown(String),
97}