User cant be removed from group

Routhgen · August 13, 2025, 9:19am

No matter how the PUT call to update the group is send. The user to be deleted is still present.

API DOCS are wrong and inconsistent. No matter if you send “_delete”, “delete” or “ deleted” NONE is working.

user_id	required	string
is_admin	boolean
delete	boolean

while

"groups_users": [
{
"user_id": "8bb80df5-700c-48ce-b568-85a60fc3c8f2",
"is_admin": true
},
{
"user_id": "3b9b9757-1ccb-444a-a3cf-4090364fac4f",
"is_admin": false
},
{
"user_id": "8a3c5c4e-e931-4e6b-854a-9b2e9afcd3bc",
"deleted": true
}
],

Sending Full set of groups_users marking user to be deleted → 200 OK, still present
Sending Only User to be deleted → 200 OK, still present

The API functionality seems to be the weak point imho. Could you please provide the way how to remove user from group then?
And of course correct your docs please.

BUG

Regards

gyaresu · August 15, 2025, 6:24am

G’day Zbynek.

You are correct and I created an internal task yesterday for us to update the documentation (PB-44716)
is_adminand deleterequire the GroupsUser id.
Adding a user is by their user_idas you show in your example.

Flow for folks playing along at home:

You need to perform a get on /groups.json to find the group “id”

Then get the users from that group:

https://passbolt_instance/groups/66289922-dd05-4222-9d67-29279f5a55b5.json?contain[users]=1

And the users object contains each user and their id(i.e. 76ddd3fd-9eec…)

{
        "id": "76ddd3fd-9eec-41c6-83e2-50b1ecb730b8",
        "role_id": "605cc4c9-6398-4111-8c31-39826a4d6509",
        "username": "betty@passbolt.com",
        "active": true,
        "deleted": false,
        "disabled": null,
        "last_logged_in": "2025-08-13T23:10:09+00:00",
        "created": "2025-08-07T01:17:28+00:00",
        "modified": "2025-08-11T02:30:04+00:00",
        "_joinData": {
          "id": "c1051206-476a-4a61-a364-c2225ac1fe18",
          "group_id": "66289922-dd05-4222-9d67-29279f5a55b5",
          "user_id": "76ddd3fd-9eec-41c6-83e2-50b1ecb730b8",
          "is_admin": false,
          "created": "2025-08-15T06:19:37+00:00"
        }
}

Sorry for the frustration and time wasting mate.

curl -X PUT "https://your-passbolt-instance/groups/{group-uuid}.json" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer your-auth-token" \
  -d '{
    "groups_users": [
      {
        "id": "groups-users-relationship-uuid",
        "delete": true
      }
    ]
  }'

Happy to help with any questions.
Gareth

Routhgen · August 15, 2025, 10:49am

Hello Gareth,

many thanks for your response. Already updated & it works now.

So like this it shall be fine, right? No need to re-encrypt any resources or permissions.
BTW when updating single user in a group - simple PUT reqeusts with his id from relation is enough? e.g. when changing is_admin?

Kind Regards,
Zbynek

gyaresu · August 16, 2025, 8:23am

No worries. Glad it works now

You shouldn’t need to perform any other actions and the PUT with is_admin or delete only requires the id.

Happy to help.

deepbreathnoob · October 24, 2025, 8:21am

Thank you for example. It help me a lot.

I’m just curious about documentation update status (PB-44716), how is it going?

gyaresu · October 27, 2025, 1:23am

Thanks for the reminder Paweł.
I’ll add it to my sprint this fortnight and update here when it’s complete.
Cheers
Gareth

gyaresu · November 28, 2025, 3:13am

Just a note to say that PB-44716 is merged and closed. API users object docs updated.

Cheers
Gareth