I've been trying to share access (read/edit) to a Sharepoint list using the API, but I can't seem to find a way to do it specifically for a list.
Somehow the API does not treat lists are files and you can't call them to provide permissions.
I've tried this for both a OneDrive list and Sharepoint Site list.
Is this something which is simply not supported?
If i am not wrong you are trying to provide read and write access for the shared folder .
As per the doc The most common type of permissions are sharing links. Sharing links provide a unique URL that includes both the resource being shared and an authentication token that provides access to the resource. Users don't need to sign-in to access the content shared with a sharing link. An edit link provides read and write access to an item.
POST /shares/{encoded-sharing-url}/permission/grant
{
"id": "2",
"roles": ["write"],
"link": {
"type": "edit",
"webUrl": "https://onedrive.live.com/redir?resid=5D33DD65C6932946!70859&authkey=!AL7N1QAfSWcjNU8&ithint=folder%2cgif",
"application": { "id": "1234", "displayName": "Sample Application" }
},
"shareId": "!LKj1lkdlals90j1nlkascl",
"expirationDateTime": "0001-01-01T00:00:00Z"
}
Hope this helps
Thanks
Related
I've been trying to use this link to create a template that holds a file:
https://www.twilio.com/docs/content-api/twilio-media
when i try to create the same template as the example i get this error:
{"code": 20404, "message": "The requested resource /Content was not found", "more_info": "https://www.twilio.com/docs/errors/20404", "status": 404}
i made sure my account's details that i was passing to the api were correct but still the error shows
i need the template to be created when i make the request using the api provided
Is your account allowed to use the Content API?! Before using the Content API, you need to fill out a form for Twilio Team to allow it to your account. You can see it on the init of this page.
When your account is allowed to use the API you will be able to create Content Templates by API.
I hope that it can help you! :D
Using Flow I am trying to create a Team and then a Planner to add to the Team as a Tab.
I'm trying to create a new Planner in Flow with the Group ID generated from creating a Team.
Following the MS Graph API I've tried using an HTTP in Flow to make a POST to
POST https://graph.microsoft.com/v1.0/planner/plans
with body
{
"owner": "GROUP ID HERE",
"title": "Planner"
}
But I get an error of Unauthorised. Can anyone please advise what I'm doing wrong?
Below is what my permissions on Azure Active Directory looks like to authenticate my API calls:
While I can create a planner through the Microsoft Graph API:
Request ID
Timestamp
I can't do the same thing on Flow using HTTP:
Almost every time, the issue with not having authorization to create a plan in a newly created group is because the calling user is not a member in the group. By default, when a group is created, the creator is an owner, but not a member. You'll need to add the user to the members.
If this isn't addressing your issue, you'll need to provide a bit more information on the error. The request id and the timestamp from the failed requests would allow us to directly diagnose the problem.
In Chapter 11.4.4 'Image upload in production' of Michael Hartl' Rails Tutorial it is suggested to use Amazon Web Services S3 as a cloud storage service. In a note at the bottom of the page, the author himself defines this section of the book as "challenging" and also suggests that it "can be skipped without loss of continuity".
Indeed one of the most challenging parts of this section is to find a suitable IAM policy that can be attached to the IAM user at AWS in order to grant to the IAM user read and write permissions on the S3 bucket.
I found that this at Stackoverflow is a common issue: see for instance 'Trying to set up Amazon's S3 bucket: 403 Forbidden error & setting permissions'.
In effect, Amazon Web Services's solution for applications that need read and write permissions on a single S3 bucket does not work, and the user who tries to upload images receives a 403 forbidden status from the AWS server at Heroku.
The predefined 'AmazonS3FullAccess' policy works indeed, however it should not be considered as a definitive solution, because granting too many permissions to the IAM user, and therefore to the application, is not required and also, I suppose, can be a security bug.
What then is the correct IAM policy?
If the 'AmazonS3FullAccess' policy works, there should definitely be some action in it that is essential for the working of the application.
Apart from the ListBucket, PutObject, GetObject and DeleteObject actions whose presence seems logical, I found that PutObjectAcl is also necessary.
From the AWS's Access Control List (ACL) Overview:
"Amazon S3 Access Control Lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify the requester has the necessary access permissions. When you create a bucket or an object, Amazon S3 creates a default ACL that grants the resource owner full control over the resource"
Moreover, from the documentation on 'PutObjectAcl':
"This implementation of the PUT operation uses the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket... The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object."
I could not find explanations in my request of support from the Amazon forums on why PutObjectAcl is necessary, but from my understanding probably the operation of creating the ACL of an object is made the first time the object is uploaded in the bucket and should be explicitly requested by the application (or IAM user) that makes the upload. You can find a copy of my policy in the above Amazon Forums discussion and below:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>"
},
{
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>/*"
}
]
}
Consider also Heroku's suggestions on the choice of your bucket name: avoid for instance punctuations.
At the end of Chapter 11 of The Rails Tutorial by Michael Hartl I successfully managed to enable user uploads to Amazons S3 service by creating a bucket, using IAM to set a user and granting the user an AmazonS3FullAccess policy. It feels dirty and very insecure to allow an unknown user on my website to have full access to a bucket for image upload on my website and I'm not sure if I should feel this way. I created a custom policy at
http://awspolicygen.s3.amazonaws.com/policygen.html
Which is the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1445501067518",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
I am not confident in my solution and could not find any answers googling for the best way to go about this. I am using carrierwave (with intentions of using carrierwave_direct for my own project), fog, and mini_magick gems.
The best and probably the most secure way of allowing users to upload files to your site (ie. S3) is to use Browser-Based Post Uploads.
This lets users upload directly to S3 without having to go through your servers. On your servers you simply create a request signature using your access keys.
You can read more about it here:
Browser Based Uploads Using Post
I'm not familiar with carrierwave myself but you may find this useful:
Uploading directly to S3 in rails
I am working with Apps Script on a Google Site and I am trying to use Oauth to authenticate the gadget as the active user to show the active users documents list. I have found several Google group discussions asking about this with no answers, was hoping I could get an answer on here. Here is my code:
var oauthConfig = UrlFetchApp.addOAuthService("gDocs");
oauthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
oauthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope=https://docs.google.com/feeds/");
oauthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
oauthConfig.setConsumerKey("myDomainName");
oauthConfig.setConsumerSecret("myCosumerSeceret");
var options =
{
"method": "GET",
"headers": { "GData-Version": "3.0" },
"oAuthServiceName" : "gDocs",
"oAuthUseToken" : "always"
};
var results = UrlFetchApp.fetch("https://docs.google.com/feeds/default", options);
At this point the code does not run and the page with the gadget displays:
Authorization is required to perform that action.
Any assistance would be greatly appreciated.
Thank you,
James Krimm
In order to perform authorization using 3-legged OAuth, you have to use 'anonymous' as ConsumerKey and ConsumerSecret:
oauthConfig.setConsumerKey("anonymous");
oauthConfig.setConsumerSecret("anonymous");
Also, please note that the correct feed url is https://docs.google.com/feeds/default/private/full.
However, if your goal is to get the list of documents for the active user, why don't you just use the DocsList Services provided by Apps Script? They will also take care of parsing the results for you.
https://developers.google.com/apps-script/service_docslist
It's not possible to access the active user data. A published Apps Script, as on a site, runs under the account of the script owner, called effective user. And, as a security concern, the script owner does not have permission to access any data of the active user.
So, what #claudio suggests (of using builtin DocsList) is not possible.
Unless we're talking about a Google Apps domain (and not regular consumer accounts) and the script owner is the domain administrator. In which case he can use the Google Docs List Data API to impersonate any user on his domain.
Either way, the consumer key and secret should always be "anonymous", regardless this scenario.
I have a Google Script OAuth library https://sites.google.com/site/scriptsexamples/custom-methods/google-oauth that will make the OAuth part less painful.
And some source code for a currently being developed DriveSrevice Library that will hit the points that are missing in Google Script.
https://sites.google.com/site/scriptsexamples/custom-methods/driveservice
This particular error is probably not related to OAuth but related to adding DocsList to the app.
See: https://developers.google.com/apps-script/troubleshooting#common_errors
Authorization is required to perform that action.
This error indicates that the script is lacking the authorization
needed to run. When a script is run in the Script Editor or from a
custom menu item an authorization dialog is presented to the user.
However, when a script is run as a service, embedded with a Google
Sites page, or run from a trigger the dialog cannot be presented and
this error is shown. To authorize the script, open the Script Editor
and run any function. To avoid this error, remember to run the script
once in the Script Editor after adding new services or capabilities to your script.
The answers here are not correct. You CAN do what you need, but not using Oauth directly. Instead, publish the Apps Script with the option to "run as the current user" instead of the script owner. Then use DocsList of DriveApp to get at the users files. The key here is to publish the service to "run as the user accessing the app".