Access denied using F# CSVProvider - f#

I'm sure this is some sort of security issue.
In the second row I get the error System.UnauthorizedAccessException: 'Access to the path 'c:\csv\prices.csv' is denied.' It's just a console app - how can I give my program access to that file? I have tried adding "everyone" to the security on that folder with write access.
let saveCSV = new PriceItemType(priceRows) //prices.Append([p1])
saveCSV.Save("c:\\csv\\prices.csv")

Related

How to set the scope using Google Operators in Airflow

I have a task using the GCSToGoogleSheetsOperator in Airflow where Im trying to add data to a sheet.
I have added the service credential email to the sheet I want to edit with editor privileges, and received this error:
googleapiclient.errors.HttpError:
<HttpError 403 when requesting
https://sheets.googleapis.com/v4/spreadsheets/<SHEET_ID>/values/Sheet1?valueInputOption=RAW&includeValuesInResponse=false&responseValueRenderOption=FORMATTED_VALUE&responseDateTimeRenderOption=SERIAL_NUMBER&alt=json
returned "Request had insufficient authentication scopes.".
Details: "[{
'#type': 'type.googleapis.com/google.rpc.ErrorInfo',
'reason': 'ACCESS_TOKEN_SCOPE_INSUFFICIENT',
'domain': 'googleapis.com',
'metadata': {
'service': 'sheets.googleapis.com',
'method': 'google.apps.sheets.v4.SpreadsheetsService.UpdateValues'}
}]>
I cant update the sheet, but the GCS and BigQuery operators work fine.
My connection configuration looks like the following:
AIRFLOW_CONN_GOOGLE_CLOUD=google-cloud-platform://?extra__google_cloud_platform__key_path=%2Fopt%2Fairflow%2Fcredentials%2Fgoogle_credential.json
I tried following the instructions to add the scope https://www.googleapis.com/auth/spreadsheets.
Which URL encoded looks like:
AIRFLOW_CONN_GOOGLE_CLOUD=google-cloud-platform://?extra__google_cloud_platform__key_path=%2Fopt%2Fairflow%2Fcredentials%2Fgoogle_credential.json&extra__google_cloud_platform__scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fspreadsheets
Now, operators which previously worked error out like this:
google.api_core.exceptions.Forbidden: 403 POST https://bigquery.googleapis.com/bigquery/v2/projects/my-project/jobs?prettyPrint=false: Request had insufficient authentication scopes.
And the GCSToGoogleSheetsOperator operator still error out like this:
google.api_core.exceptions.Forbidden: 403 GET https://storage.googleapis.com/download/storage/v1/b/my-bucket/o/folder%2Fobject.csv?alt=media: Insufficient Permission: ('Request failed with status code', 403, 'Expected one of', <HTTPStatus.OK: 200>, <HTTPStatus.PARTIAL_CONTENT: 206>)
How can I set the permissions correctly to use both BigQuery, GCS and Sheets operators?
Adding a scope seems to ignore the IAM roles, so its either one or the other.
The service account had roles needed to access GCS and BigQuery, but by adding the scope https://www.googleapis.com/auth/spreadsheets, the service would ignore the privileges granted by the roles and look only at the ones specified by the scopes.
So, to recover it, you must add both the spreadsheet and cloud-platform scopes (or more strict scopes). cloud-platform will provide access to GCS and BigQuery and spreadsheets to Google Sheets API.
If you set your connection using environment variables, you have to URL encode the arguments, so to create a GOOGLE_CLOUD connection, you will have to do something like this, which is not encoded...
AIRFLOW_CONN_GOOGLE_CLOUD=google-cloud-platform://?extra__google_cloud_platform__key_path=/abs/path_to_file/credential.json&extra__google_cloud_platform__scope=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/spreadsheets
To encode, which is the version you have to use, replace /, , and ::
AIRFLOW_CONN_GOOGLE_CLOUD=google-cloud-platform://?extra__google_cloud_platform__key_path=%2Fabs%2Fpath_to_file%2Fcredentials%2Fgoshare-driver-c08e0904285b.json&extra__google_cloud_platform__scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fspreadsheets

How to get file content on O365 sharepoint folder using graph API

Using Python and the adal and requests packages I'm attempting to use the MS graph API to find files on sharepoint (when providing a sharepoint site name, folder name where the file is expected to be, and name of file.
Using various calls I can manage to do the following
Get an authentication token (using user auth to an app which has full permission to use users credentials and do all read/write on files being accessed)
establish a valid session
search sites and obtain details on my current site
microsoft_info = SESSION.get('https://graph.microsoft.com/v1.0/sites?search=nameOfSite')
Obtain drive information associated with the site
for site in microsoft_info['value']:
if site['displayName'] == siteDisplayNameInput:
siteId = site['id']
drives = SESSION.get("https://graph.microsoft.com/v1.0/sites/"+siteId+"/drives")
drives = drives.json()
Obtain file information from drive of interest
for drive in drives['value']:
if(drive['name']) == folderNameInput:
driveId = drive['id']
files = SESSION.get("https://graph.microsoft.com/v1.0/drives/" + driveId +"/root/search(q='')")
files = files.json()
And then at point 6 everything falls apart and I get 404 errors returned saying that resource is not found - despite using the identifiers provided by the API which are clearly indicating the presence of a resource.
if file['name'] == 'Pipeline Pilot Forms.pptx':
print("List of properties on file")
for x in file:
print(x+" "+str(file[x]))
fileId = file['id']
print(fileId)
callToDLFile = SESSION.get("https://graph.microsoft.com/v1.0/drives/"+driveId+"/items/"+fileId+"/content"
appears to be the code that should work for this (indentation appears to have failed copying things into this, but it is all good) but it returns 404 errors - any help would be greatly appreciated on this, I don't see (in a reasonably lengthy search) anything which matches this issue exactly out there.

Azure + ASP.Net + System.UnauthorizedAccessException: Access to the path '/Content/img/CourseImages' is denied

I am trying to upload an file using asp.net on azure (its not VM).
But constantly, i am receiving below error:
System.UnauthorizedAccessException: Access to the path '/Content/img/CourseImages' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj, Boolean checkHost)
at System.IO.Directory.InternalCreateDirectoryHelper(String path, Boolean checkHost)
at System.IO.Directory.CreateDirectory(String path)
Here is my code snippet:
string courseImageFolderPath = ConfigurationManager.AppSettings["CourseImage"];
string courseImageFilePath = Path.Combine(courseImageFolderPath, fileName);
if (!Directory.Exists(courseImageFolderPath))
Directory.CreateDirectory(courseImageFolderPath);
courseImage.SaveAs(System.Web.Hosting.HostingEnvironment.MapPath(courseImageFilePath));
Every Azure Web App has a local directory(D:\local) which is temporary. The content in this folder will be deleted when the run is no longer running on the VM. This directory is a place to store temporary data for the application. It is not recommended to use this folder by your web application.
According to Azure Web App sandbox, I suggest you create a temp folder at the root of your web application folder(D:\home\site\wwwroot) and use it to store the temp data. Or as jayendran said, you could use blob storage to upload your image.
string tempFolder = Server.MapPath("~/TEMP");
if (!Directory.Exists(tempFolder))
{
Directory.CreateDirectory(tempFolder);
}
For more detials, you could refer to this issue.
Also, it seems that the app service do not get access to network resource. So what you would do is impersonate a user that has access on the network resource in order to create the directory. Please refer to this article.

How can I show a custom 404 page when access is denied to a node or method in Neos?

We're making a forum where access is supposed to be denied by unregistered users. I want to show a proper error message - not an exception - for users that are not allowed there. How do I achieve this in Neos 2.0?
Both read and write access should be denied. Maybe it's easier to deny access to the node where the forum is? But wouldn't that need hard-coding of node path?
Current Policy.yaml:
privilegeTargets:
'TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
'My.Package:PostControllerLoggedInActions':
matcher: 'method(My\Package\PostController->(index|new|create)Action(.*))'
roles:
'TYPO3.Flow:Everybody':
privileges:
-
privilegeTarget: 'My.Package:PostControllerLoggedInActions'
permission: DENY
'My.Package:User':
privileges:
-
privilegeTarget: 'My.Package:PostControllerLoggedInActions'
permission: GRANT
Edit: Here are some slides about (among other things) how to create a custom 404 page: https://speakerdeck.com/aertmann/tasty-recipes-for-every-day-neos
Edit 2: Use Flow exception handler?
You can try to set it in your root Configuration/Settings.yaml. You can do it by status code (like in example) or exception class:
TYPO3:
Flow:
# you have already persistence
# and maybe other stuff under flow
# just add it below them but still under TYPO3.Flow
error:
exceptionHandler:
renderingGroups:
accessRestricted:
matchingStatusCodes: [ 401, 403]
options:
templatePathAndFilename: 'resource://TYPO3.Neos/Private/Templates/Error/Index.html'
layoutRootPath: 'resource://TYPO3.Neos/Private/Layouts/'
format: 'html'
variables:
errorTitle: 'Restricted Area'
errorDescription: 'Go home boy.'

Openbravo: generate url to the components

I installed ERP "Openbravo" following the custom approach:
So I followed the steps from the tutorial.I set "localhost" for the parameter "Web URL" in the configuration file. After that I ran the servers, Apache and Tomcat.
When accessing the application via browser using http://localhost/openbravo
The problem I am facing is that,the browser doesn't find some components.
I got this log in console of Google-chrome like this:
Login_F1.html:11 GET http://localhost/openbravo/security/localhost/js/ajax.js 404 (Not Found)
When i try to accede to the previous url in a new tab i got "not found",
but when i change by this URL "http://localhost/openbravo/web/js/utils.js" works well.
My question is that how i can make Openbravo generate "/web/" instead "/security/localhost/".
If you look at Openbravo.properties file
.....
//Static content URL. Use the default value to make it dynamic.
//Don't change this unless you know what you are doing
web.url=#actual_url_context#/web
// Full URL of the context, *only* used by the Web Services installation
and diagnostic task
context.url=http://localhost:8080/openbravo
.....
#actual_url_context# will get replaced by domain name with port number and application context name (for example: mydomain:8989/openbravo)
404 is due to application is not able to locate ajax.js under
../web/ajax.js
1 ==> To fix the issue you can just restore to #actual_url_context# and perform smartbuild.
or do an install.source
2 ==> To add any client side customization or to support static content under web folder you can follow
an example: http://wiki.openbravo.com/wiki/How_to_add_a_button_to_the_toolbar
http://wiki.openbravo.com/wiki/How_to_create_a_Manual_UI_Process

Resources