A react application queries the Microsoft Graph to discover if a user is a member of a particular active directory group. Right now, there's this route:
https://graph.microsoft.com/v1.0/me/memberOf
The above does work in the application. It returns a (fairly sizable) object containing all of the user's groups, so I could iterate through the list, but it would be nice to directly check if the user is a member of a single group.
Given that I can already see the list of all groups, this doesn't seem like it should be difficult, but I'm not finding the route to do so.
Am I missing something obvious?
Thanks.
P.S. It would be nice if I could do this without requiring administrator permission on the application registration.
If you already know the group's ID, you can get the members of that group, and check whether the user is a member. I.e. the inverse of what you are doing now.
Or, if you have both the user's and the group's ID, you can filter like this:
https://graph.microsoft.com/v1.0/users/48d31887-5fad-4d73-a9f5-3c356e68a038/memberOf?$filter=id eq '1e770bc2-3c5f-487f-871f-16fbdf1c8ed8'
The first ID is the user, and the filter's ID is the group.
If it is for the currently signed in user, you can shorten it to
https://graph.microsoft.com/v1.0/me/memberOf?$filter=id eq '1e770bc2-3c5f-487f-871f-16fbdf1c8ed8'.
If the user isn't a member of the given group, you will get a return code Request_ResourceNotFound
Related
I know I can tag a member using <#XXXXXXX> where XXXXX=member id. Is there any way to do the same, but tagging slack groups instead ? (slack groups does not seem to have a member id associated to it...)
Very similar to how you would mention a user, you show us we can do this by doing <#UXXXXXXX>. A public channel would require the use of a # symbol instead of the # symbol. <#CXXXXXXX>.
You can check out the Slack Documentation for more ways to mention users and user groups.
Example:
Why not join <#C024BE7LR>?
Note: the channel needs to be public.
Is it possible to extract from Microsoft Graph to fetch what user has created a specific 365 group? I need to get which user created specific team site.
Best R, Thomas
For non admins users you can use this:
https://graph.microsoft.com/v1.0/groups/{group object id}/createdOnBehalfOf
For every user you can use the List directoryAudits operation with the following query and extract initiatedBy/user/id from each returned record.
https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'GroupManagement' and activityDisplayName eq 'Add group'
I am writing an application and need to read basic Instagram user info such as username, #posts, #followers and etc. This works well for public users but for private users returns:
{
"meta":
{
"code":400,
"error_message":"you cannot view this resource",
"error_type":"APINotAllowedError"
}
}
Let's say I am signed in as user A, and we want to show information from User B which is private to user A (user B also authorized my application to access it's basic info). I am using the following end point to read user B information:
https://api.instagram.com/v1/users/<userB_ID>/?access_token=<myAccessToken>
Am I missing something? or should I use different end point?
Update (Solution #1)
It seems one solution to fix this is to use Query end point. I was trying to manage all my work with Instagram user IDs (not usernames) but it seems I have to use usernames for the query. Is there a way to use query with user ID?
Here is what it looks like:
https://api.instagram.com/v1/users/search?q=<UserB_Username>&client_id=<myClientID>
if <myAccessToken> is to get user A's info, you can't get User B's info with it. If you have a backend to this app, then you can store different access tokens for each user, and make the call with the appropriate access token, and feed the info to the app through your own API.
I recently coded up a 'friend' capability with my website. The way it works is if a user wants to 'friend' another user, sending a request creates a user_connection record with the original user set at the user_id and the requested user set as the contact_id. If the other user accepts the request, then another user_connection record will be made, with the user_id and contact_id reversed. If both user_connections exist, then the two users are considered friends. This currently gives each user access to any buildings shared between the two users.
I was wondering if there was some way I could enforce my user_connection model to make sure that whoever is creating the record gets set as the user_id. Otherwise it seems that someone could spoof the user_connection create request to make themself a contact of whomever they want, and then could spoof building shares using the same methodology. Are there any built in methods to prevent this?
My first thought was to have an initializer that always set the user_id to the current_user's id, but it appears that current_user is outside of the context of the model.
Don't allow user_id to be provided as a parameter, using strong params.
So, you could create the relation like that:
#friendship = current_user.friendships.new(contact_id: other_user.id)
Also make sure you provide the correct condition for current_user.
That's it... user_id is implied but never provided.
I am creating an online survey tool.
As an administrator, i would like to see what the users have answered and also be able to answer on their behalf. The system get's a users answers and other information based on his/her username, when they are logged in, using the built in membership provider.
There are currently three roles: Administrator, Moderator and Respondent
If i would like to show my administrator a list of users,
how would it be possible to create a "backdoor" for the administrator, so that he can "log" in as the user, see the users answers etc ? (Just like the user would be able to if he was logged in to his own account).
When answering and retrieving quyestions, the system is bound to `User.Identity.Name
My suggestion on how to solve this:
Currently, when i want to retrive a users answers i use the following code:
Firma_ID = db.Firma.Single(x => x.CVR_nummer == User.Identity.Name).firma_id;
var answers = db.Tabelform_Answers.Where(x => x.question_id == model.Question_ID && x.respondent == Firma_ID);
This is because i have a table named Firma, that has a column referencing to a users Name, called CVR_Nummer. I then retrieve all the records in the Tabelform_Answers table, that match question_id and Firma_ID (A users answers for a specific question).
Instead of using `Firma_ID = db.Firma.Single(x => x.CVR_nummer == User.Identity.Name).firma_id;
to retrive the Firma_ID of a given user, i could store it in the Session upon Login. When i want to view a specific users Answers as Administrator, i would then just change Firma_ID in the Session. Changing Firma_ID in the Session would only be allowed through a controller which has the following code:
[Authorize(Roles = "Administrator")]
Also, i would set the Session timeout to be the same as the Authentication timeout.
Can somebody tell me which pros and cons of this solution? Are there any other ways of storing a "global" variable for a Session? (Firma_ID)?
Thanks
If you only need to log in as your users, I went for a ticket-method.
I have a special login-page that can take a ticket-id. This ticket is created in the admin-gui when the admin wants to log in as another user. The login-page checks the ticket in the database, logs in the wanted user, and then deletes/marks the ticket as used. As an added security, a ticket is only valid for 10 seconds after creation.
Another option is to make answers from users available from the admin-gui...
also you can do in your log-in script override
so you have at present something like
if user name and password match string then user is logged in and based on this you get user permissions
instead have admin page,
where you can select user and then you can apply permissions of the user instead of admin.