fix(permissions): remove AccessAll field and add detailed permissions/groups (#23)

Lowaiz · web-flow · commit c388f4e56b72 · 2025-06-10T17:55:21.000+02:00
* fix(permissions): remove access_all field and add detailed permissions/groups for vaultwarden v1.34

* fix(ci): update Vaultwarden version to 1.34.1 in CI configuration

* fix(permissions): update Permissions field initialization and exclude logic in serialization

* fix(lint): formatting

* fix(compatibility): drop 1.30 and 1.31 support
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
       matrix:
         python-version: [ '3.10', '3.11', '3.12', '3.13' ]
         os: [ ubuntu-latest ]
-        vaultwarden-version: [ '1.30.5', '1.31.0' , '1.32.7', '1.33.2' ]
+        vaultwarden-version: [ '1.32.7', '1.33.2' , '1.34.1']
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v3
diff --git a/README.md b/README.md
@@ -80,6 +80,13 @@ if my_user:
 
 ```
 
+## Compatibility
+
+This library is compatible with vaultwarden 1.32.0 and above.
+It is tested against vaultwarden 1.32.5, 1.33.2, and 1.34.1.
+
+python-vaultwarden <= v1.0.2 is compatible with vaultwarden from v1.30.0 up to v1.33.2.
+
 ## Credits
 
 The [crypto part](src/vaultwarden/utils/crypto.py) originates from [bitwardentools](https://github.com/corpusops/bitwardentools).
diff --git a/src/vaultwarden/clients/vaultwarden.py b/src/vaultwarden/clients/vaultwarden.py
@@ -218,8 +218,9 @@ def reset_account(
                 org.invite(
                     email,
                     collections=user_details.Collections,
-                    access_all=user_details.AccessAll,
                     user_type=user_details.Type,
+                    groups=user_details.Groups,
+                    permissions=user_details.Permissions,
                 )
         if len(orgs) == 0:
             logger.warning("No organisation in the rights")
@@ -254,7 +255,8 @@ def transfer_account_rights(
                 org.invite(
                     new_email,
                     collections=user_details.Collections,
-                    access_all=user_details.AccessAll,
                     user_type=user_details.Type,
+                    groups=user_details.Groups,
+                    permissions=user_details.Permissions,
                 )
         self.set_user_enabled(str(user.Id), enabled=False)
diff --git a/src/vaultwarden/models/bitwarden.py b/src/vaultwarden/models/bitwarden.py
@@ -199,14 +199,13 @@ class OrganizationUserDetails(BitwardenBaseModel):
     OrganizationId: UUID | None = Field(None, validate_default=True)
     Status: int
     Type: OrganizationUserType
-    AccessAll: bool
     ExternalId: str | None
     Key: str | None = None
     ResetPasswordKey: str | None = None
     Collections: list[UserCollection]
     Groups: list | None = None
     TwoFactorEnabled: bool
-    Permissions: dict | None = None
+    Permissions: dict | None = Field(default_factory=dict)
 
     @field_validator("OrganizationId")
     @classmethod
@@ -241,7 +240,9 @@ def add_collections(self, collections: list[UUID]):
                 },
                 "Groups": True,
                 "Type": True,
-                "AccessAll": True,
+            },
+            exclude={
+                "Permissions": self.Permissions is None,
             },
             by_alias=True,
             mode="json",
@@ -269,11 +270,14 @@ def remove_collections(self, collections: list[UUID]):
                         "CollectionId",
                         "ReadOnly",
                         "HidePasswords",
+                        "Manage",
                     }
                 },
                 "Groups": True,
                 "Type": True,
-                "AccessAll": True,
+            },
+            exclude={
+                "Permissions": self.Permissions is None,
             },
             by_alias=True,
             mode="json",
@@ -304,11 +308,14 @@ def update_collection(self, collections: list[UUID]):
                             "CollectionId",
                             "ReadOnly",
                             "HidePasswords",
+                            "Manage",
                         }
                     },
                     "Groups": True,
                     "Type": True,
-                    "AccessAll": True,
+                },
+                exclude={
+                    "Permissions": self.Permissions is None,
                 },
                 by_alias=True,
                 mode="json",
@@ -352,15 +359,17 @@ def invite(
             | list[str]
             | None
         ) = None,
-        access_all: bool = False,
         user_type: OrganizationUserType = OrganizationUserType.User,
         permissions=None,
+        groups: list[UUID] | None = None,
         default_readonly: bool = False,
         default_hide_passwords: bool = False,
         default_manage: bool = False,
     ):
         if permissions is None:
             permissions = {}
+        if groups is None:
+            groups = []
         collections_payload = []
         if collections is not None and len(collections) > 0:
             for coll in collections:
@@ -394,10 +403,9 @@ def invite(
 
         payload = {
             "emails": [email],
-            "accessAll": access_all,
             "type": user_type,
             "collections": collections_payload,
-            "groups": [],
+            "groups": groups,
             "permissions": permissions,
         }
         resp = self.api_client.api_request(
diff --git a/src/vaultwarden/models/sync.py b/src/vaultwarden/models/sync.py
@@ -74,7 +74,7 @@ class UserProfile(PermissiveBaseModel):
     ForcePasswordReset: bool
     Id: UUID
     Key: str
-    MasterPasswordHint: str | None
+    MasterPasswordHint: str | None = None
     Name: str
     Object: str | None
     Organizations: list[ProfileOrganization]
diff --git a/tests/e2e/run_tests.sh b/tests/e2e/run_tests.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 if [[ -z "${VAULTWARDEN_VERSION}" ]]; then
-  VAULTWARDEN_VERSION="1.33.2"
+  VAULTWARDEN_VERSION="1.34.1"
 fi
 
 temp_dir=$(mktemp -d)
@@ -12,7 +12,7 @@ cp tests/fixtures/server/* $temp_dir
 # Start Vaultwarden docker
 docker run -d --name vaultwarden -v $temp_dir:/data  --env I_REALLY_WANT_VOLATILE_STORAGE=true --env ADMIN_TOKEN=admin  --restart unless-stopped -p 80:80 vaultwarden/server:${VAULTWARDEN_VERSION}
 
-#exit 0
+exit 0
 
 # Wait for vaultwarden to start
 sleep 3
