llms.txt

Organizations

Multi-tenant workspaces — OrganizationService, membership, signup mechanisms, domain-based auto-join, and organization-scoped permissions.

Overview

Organizations are the top-level grouping for teams working together in Bosca. Each Organization has its own members, permissions, and content. Organizations extend PermissibleEntity, so all standard permission checks apply.

Organization Model

kotlin
Every Organization has an associated Profile (profileId) that serves as its public identity — name, logo, description, and other attributes.

Membership

Members are Principals linked to an Organization. Membership is stored as a simple join record:

kotlin

Permissions within an Organization are granted to groups, not individual members. Members inherit access through their group memberships.

Signup Mechanisms

Bosca supports three ways to add members to an Organization:

1. Signup Tokens

Time-limited invitation codes that grant membership and assign the new member to a specific group.

kotlin
graphql

2. Signup Emails

Whitelist specific email addresses for auto-approval. When a user signs up with a matching email, they are automatically added to the Organization.

kotlin

3. Domain Auto-Join

Link an email domain (e.g., example.com) to an Organization. Any user who signs up with a matching domain is automatically added.

kotlin
Domain auto-join is useful for enterprise deployments where all employees share a corporate email domain. Combined with OAuth2 SSO, it enables zero-friction onboarding.

Organization Permissions

Permissions are granted at the Organization level to groups. Each permission record maps a group to a PermissionAction:

kotlin

Since Organization extends PermissibleEntity, the standard decision chain applies — public access flags, group checks, and role-based fallbacks all work the same way.

Details & Contacts

Organizations can store structured details and contact information via OrganizationDetails and OrganizationContact. These provide additional metadata beyond what the linked Profile holds.

OrganizationService

kotlin

How It Fits Together

Organizations sit at the intersection of security and social features:

  • Principal (security identity) → is a Member of an Organization
  • Organization → has a linked Profile (public identity)
  • Groups → scoped within the Organization for permission grants
  • Signup mechanisms → control how Principals join the Organization