This is my scenario:
I have an app that needs a shared folder for user A and user B. So when the app starts, user A create an App Folder (user has only "Files.ReadWrite.AppFolder" permisions). In this folder I create a new drive item and set the permissions via invite for user B.
Now user B wants to access this drive item, but I get an access denied. Only when I set the scope to "Files.Read" it's working (this is the minimum permissions according to the docs), but I don't want to access all the files of the users drive.
Does anybody know if this scenario is even possible with the graph api or is there an other approach to accomplish this?
According to your description, I assume you want to share some files to someone who is not in your organization.
I think we can create a sharelink for a file when we create it by using the following API:
/sites/{siteId}/drive/items/{itemId}/createLink
In the body, we can set the scope property to organization. Then the User B will get the shared file only.
According to this document, we can create an sharelink to someone including he outside of your organization.
Related
When sending on behalf of a Outlook365 group's delegated email, the draft id from Office-js can not be used to lookup for the draft with the signed in user's on graph api.
This will interrupt our flow for delegated email sending with Office365Groups, as there are no other way of obtaining the draft from graph api's groups resource.
Version: Outlook on Mac Version 16.46(21021202)
Steps to replicate
Successful Case
Open OWA
Change "From" address to office365group#yourgroup.ca
Observe the draft, it gets put inside the user's draft folder, which could be found with signed in user since it's placed in the user's draft folder
Failed Case
Open Outlook and navigate to Preferences -> Accounts -> Advanced -> Delegates -> "Open these additional mailboxes"
Add ie: office365group#domain.com as a delegate
Change the send from to the just added group
Observe the draft, it gets put inside the group's office365group#domain.com draft folder, the draft is inaccessible using graph's service with the signed in user since it is placed in the group's draft folder.
In my iOS app, i have done AWS Cognito user authentication. Authenticated users are able to upload images to protected folder ie under protected / {cognito user_identitiy_id}. Authenticated users can access objects only saved under their user_identity_id folder. How one user can access objects from others. S3 document says:-
Public: Accessible by all users of your app. Files are stored under the public/ path in your S3 bucket.
Protected: Readable by all users, but writable only by the creating user. Files are stored under protected/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.
Private: Only accessible for the individual user. Files are stored under private/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.
If you're using Amplify, then using Protected. The owner has write permissions while others can only read files.
Pls help make sure:
Your S3 bucket policy is something like this for "Protected" folder to restrict user access: https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.html
on iOS, assume you're using Amplify, pls follow this: https://aws-amplify.github.io/docs/ios/storage. Keep in mind, you have to authenticate and exchange to Credential first before using Storage API.
Another user that wants to read the file can specify the user that created it:
let options = StorageDownloadDataRequest.Options(accessLevel:.protected, targetIdentityId: "OtherUserId")
Is it possible to get a list of users (or user ids) who shared their calendars with the person logged in?
I want to have a list of calendars where I can call as I do with
https://graph.microsoft.com/v1.0/users('user shared the calendar')/calendars
There's a way you can take it one step closer to what you want using the beta endpoint: do a GET /calendars for the signed-in user, and for each calendar, check the isSharedWithMe property. If that property is true, the owner property would show the display name and SMTP address of the user who shared the calendar.
Other than the user ID, you can use the SMTP address to index into the users collection in a tenant as well.
You can see a description of the calendar properties in the Graph documentation.
Please be aware that isSharedWithMe, and in general, APIs in the beta endpoint, are subject to change without notice. For that reason, production apps should not take a dependency on such APIs.
I'm working on a family sharing app, using a Syned Realm, where there will be 1 admin and other members created by the admin.
Admin will be able to set the roles & permissions of other members. Each member can have View/Edit/Add permission tied to them. The admin when signing-up for the app will send out invitations to the email-id's that he wants to invite and will set the necessary permissions for them.
I'd like to know if there is a way to completely handle this from the client side using Realm. From what I've read, the admin should know the User-ID's to be able to set the permission and the other members should know the Admin User-ID to access/edit the shared realm.
Initial thought was to create all the member users by the admin using SyncUser.logIn(). But that causes a problem as SyncUser.logIn() asynchronously log them in to the Realm Object Server which will cause the admin user to logout.
What would be the best approach to do this? Is there a way for the admin to create users without actually logging-in them?
Thanks a lot in advance.
I use Delphis ForceDirectories() function to create folders.
Normally, everything works Ok.
Sometimes (randomly, not reproducable), when using the Administrator account, the Folder is created, but not assigned to a User - so I can't access it.
Also, when I try to display the permissions, I get an "Unable to display current owner" message.
Regaining Access by taking the ownership with the administrators account doesn't work.