Remove vault permission operations for groups

edif2008 · edif2008 · commit 7276adf7e4e0 · 2025-10-28T13:28:01.000+01:00
Currently, they're not working as expected to be part of a beta release. They will be brought back once they're in a working state.
diff --git a/src/onepassword/client.py b/src/onepassword/client.py
@@ -8,14 +8,12 @@
 from .secrets import Secrets
 from .items import Items
 from .vaults import Vaults
-from .groups import Groups
 
 
 class Client:
     secrets: Secrets
     items: Items
     vaults: Vaults
-    groups: Groups
 
     @classmethod
     async def authenticate(
@@ -39,7 +37,6 @@ async def authenticate(
         authenticated_client.secrets = Secrets(client_id, core)
         authenticated_client.items = Items(client_id, core)
         authenticated_client.vaults = Vaults(client_id, core)
-        authenticated_client.groups = Groups(client_id, core)
 
         authenticated_client._finalizer = weakref.finalize(
             cls, core.release_client, client_id
diff --git a/src/onepassword/groups.py b/src/onepassword/groups.py
diff --git a/src/onepassword/types.py b/src/onepassword/types.py
@@ -140,108 +140,6 @@ class GeneratePasswordResponse(BaseModel):
     """
 
 
-class GroupType(str, Enum):
-    OWNERS = "owners"
-    """
-    The owners group, which gives the following permissions:
-    - Do everything the Admin group can do
-    - See every vault other than the personal vaults
-    - Change people's names
-    - See billing
-    - Change billing
-    - Make other people owners
-    - Delete a person
-    """
-    ADMINISTRATORS = "administrators"
-    """
-    The administrators group, which gives the following permissions:
-    - Perform recovery
-    - Create new vaults
-    - Invite new members
-    - See vault metadata, including the vault name and who has access.
-    - Make other people admins
-    """
-    RECOVERY = "recovery"
-    """
-    The recovery group. It contains recovery keysets, and is added to every vault to allow for recovery.
-    
-    No one is added to this.
-    """
-    EXTERNALACCOUNTMANAGERS = "externalAccountManagers"
-    """
-    The external account managers group or EAM is a mandatory group for managed accounts that has
-    same permissions as the owners.
-    """
-    TEAMMEMBERS = "teamMembers"
-    """
-    Members of a team that a user is on.
-    """
-    USERDEFINED = "userDefined"
-    """
-    A custom, user defined group.
-    """
-    UNSUPPORTED = "unsupported"
-    """
-    Support for new or renamed group types
-    """
-
-
-class GroupState(str, Enum):
-    ACTIVE = "active"
-    """
-    This group is active
-    """
-    DELETED = "deleted"
-    """
-    This group has been deleted
-    """
-    UNSUPPORTED = "unsupported"
-    """
-    This group is in an unknown state
-    """
-
-
-class VaultAccessorType(str, Enum):
-    USER = "user"
-    GROUP = "group"
-
-
-class VaultAccess(BaseModel):
-    """
-    Represents the vault access information.
-    """
-
-    model_config = ConfigDict(populate_by_name=True)
-
-    vault_uuid: str = Field(alias="vaultUuid")
-    """
-    The vault's UUID.
-    """
-    accessor_type: VaultAccessorType = Field(alias="accessorType")
-    """
-    The vault's accessor type.
-    """
-    accessor_uuid: str = Field(alias="accessorUuid")
-    """
-    The vault's accessor UUID.
-    """
-    permissions: int
-    """
-    The permissions granted to this vault
-    """
-
-
-class Group(BaseModel):
-    model_config = ConfigDict(populate_by_name=True)
-
-    id: str
-    title: str
-    description: str
-    group_type: GroupType = Field(alias="groupType")
-    state: GroupState
-    vault_access: Optional[List[VaultAccess]] = Field(alias="vaultAccess", default=None)
-
-
 class GroupAccess(BaseModel):
     """
     Represents a group's access to a 1Password vault.
@@ -258,12 +156,6 @@ class GroupAccess(BaseModel):
     """
 
 
-class GroupGetParams(BaseModel):
-    model_config = ConfigDict(populate_by_name=True)
-
-    vault_permissions: Optional[bool] = Field(alias="vaultPermissions", default=None)
-
-
 class GroupVaultAccess(BaseModel):
     """
     Represents a group's access to a 1Password vault.
@@ -1262,6 +1154,36 @@ class VaultType(str, Enum):
     UNSUPPORTED = "unsupported"
 
 
+class VaultAccessorType(str, Enum):
+    USER = "user"
+    GROUP = "group"
+
+
+class VaultAccess(BaseModel):
+    """
+    Represents the vault access information.
+    """
+
+    model_config = ConfigDict(populate_by_name=True)
+
+    vault_uuid: str = Field(alias="vaultUuid")
+    """
+    The vault's UUID.
+    """
+    accessor_type: VaultAccessorType = Field(alias="accessorType")
+    """
+    The vault's accessor type.
+    """
+    accessor_uuid: str = Field(alias="accessorUuid")
+    """
+    The vault's accessor UUID.
+    """
+    permissions: int
+    """
+    The permissions granted to this vault
+    """
+
+
 class Vault(BaseModel):
     """
     Represents regular vault information together with the vault's access information.
@@ -1528,19 +1450,3 @@ class WordListType(str, Enum):
     """
     Three (random) letter "words"
     """
-
-
-ARCHIVE_ITEMS: int = 256
-CREATE_ITEMS: int = 128
-DELETE_ITEMS: int = 512
-EXPORT_ITEMS: int = 4194304
-IMPORT_ITEMS: int = 2097152
-MANAGE_VAULT: int = 2
-NO_ACCESS: int = 0
-PRINT_ITEMS: int = 8388608
-READ_ITEMS: int = 32
-RECOVER_VAULT: int = 1
-REVEAL_ITEM_PASSWORD: int = 16
-SEND_ITEMS: int = 1048576
-UPDATE_ITEMS: int = 64
-UPDATE_ITEM_HISTORY: int = 1024
diff --git a/src/onepassword/vaults.py b/src/onepassword/vaults.py
@@ -4,8 +4,6 @@
 from typing import Optional, List
 from pydantic import TypeAdapter
 from .types import (
-    GroupAccess,
-    GroupVaultAccess,
     Vault,
     VaultGetParams,
     VaultListParams,
@@ -75,63 +73,3 @@ async def get(self, vault_uuid: str, vault_params: VaultGetParams) -> Vault:
 
         response = TypeAdapter(Vault).validate_json(response)
         return response
-
-    async def grant_group_permissions(
-        self, vault_id: str, group_permissions_list: List[GroupAccess]
-    ) -> None:
-        response = await self.core.invoke(
-            {
-                "invocation": {
-                    "clientId": self.client_id,
-                    "parameters": {
-                        "name": "VaultsGrantGroupPermissions",
-                        "parameters": {
-                            "vault_id": vault_id,
-                            "group_permissions_list": [
-                                o.model_dump(by_alias=True)
-                                for o in group_permissions_list
-                            ],
-                        },
-                    },
-                }
-            }
-        )
-
-        return None
-
-    async def update_group_permissions(
-        self, group_permissions_list: List[GroupVaultAccess]
-    ) -> None:
-        response = await self.core.invoke(
-            {
-                "invocation": {
-                    "clientId": self.client_id,
-                    "parameters": {
-                        "name": "VaultsUpdateGroupPermissions",
-                        "parameters": {
-                            "group_permissions_list": [
-                                o.model_dump(by_alias=True)
-                                for o in group_permissions_list
-                            ]
-                        },
-                    },
-                }
-            }
-        )
-
-        return None
-
-    async def revoke_group_permissions(self, vault_id: str, group_id: str) -> None:
-        response = await self.core.invoke(
-            {
-                "invocation": {
-                    "clientId": self.client_id,
-                    "parameters": {
-                        "name": "VaultsRevokeGroupPermissions",
-                        "parameters": {"vault_id": vault_id, "group_id": group_id},
-                    },
-                }
-            }
-        )
-
-        return None
