I'm observing a change in functionality in Microsoft Graph. When requesting a list of drives from a SharePoint site, I used to see a driveItem attribute that no longer seems to be present as of Nov 14.
The site documentation mentions the relationship to the drives collection.
The drive documentation describes the driveType attribute as:
Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only.
Here is an example call:
https://graph.microsoft.com/v1.0/sites/{site-id}/drives
Response:
client-request-id →d822c749-baf6-4857-abd9-6d80f70823d9
request-id →d822c749-baf6-4857-abd9-6d80f70823d9
x-ms-ags-diagnostic →{"ServerInfo":{"DataCenter":"EastUS","Slice":"SliceB","Ring":"NA","ScaleUnit":"003","Host":"AGSFE_IN_28","ADSiteName":"EST"}}
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives",
"value": [
{
"createdBy": {
"user": {
"displayName": "System Account"
}
},
"createdDateTime": "2015-05-22T17:21:01Z",
"description": "This system library was created by the PointPublishing feature to store application pages.",
"id": "b!a4YqXM4QKkOPmOj73xfdss5bbYPr7MlFlXKVhtK0Dpjf4OJPyoBFQo2-YK5095t1",
"lastModifiedDateTime": "2015-05-22T17:21:03Z",
"name": "AppPages",
"webUrl": "https://mysharepoint.sharepoint.com/portals/hub/AppPages",
"quota": {
"deleted": 0,
"remaining": 0,
"total": 0,
"used": 0
}
}
<snipped a few values>
]
}
Is the change in functionality I am seeing here by design or non-intended?
Edit: When attempting the call:
https://graph.microsoft.com/v1.0/sites/root/drives?$select=id,driveType,Name
The driveType is returned
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives(id,driveType,name)",
"value": [
{
"id": "fakeId",
"name": "Documents",
"driveType": "documentLibrary"
}
]
}
When requesting drives for a site based on the site-id (/sites/{site-id}/drives) we see different attributes returned.
Just closing the loop on this. As Brad mentioned, an issue has been identified. A fix is currently in the pipeline and should be rolling out soon.
Related
I've been trying to search within a specific DriveItem folder but I've been having some troubles. First of all, despite the API stating that "You can search within a folder hierarchy, a whole drive, or files shared with the current user.", I haven't found any documentation supporting this. I have found this stackoverflow reply that describes how to do it. Unfortunately, it doesn't to be working very well.
Since I don't know how sensitive IDs are, I'll be redacting them in my examples.
https://graph.microsoft.com/v1.0/me/drive/items/<id_parent_folder>/children?select=name
This request returns all files inside the folder I want to search and it does list everything inside the folder. The response is something like:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('<id_user>')/drive/items('<id_parent_folder>')/children(name)",
"value": [
{
"#odata.etag": "\"{redacted1},1\"",
"name": "automation_csv.csv"
},
{
"#odata.etag": "\"{redacted2},1\"",
"name": "HOSPITAIS_PT.cpg"
},
{
"#odata.etag": "\"{redacted3},1\"",
"name": "HOSPITAIS_PT.dbf"
},
{
"#odata.etag": "\"{redacted4},1\"",
"name": "HOSPITAIS_PT.prj"
},
{
"#odata.etag": "\"{redacted5},1\"",
"name": "HOSPITAIS_PT.qpj"
},
{
"#odata.etag": "\"{redacted6},1\"",
"name": "HOSPITAIS_PT.shp"
},
{
"#odata.etag": "\"{redacted7},1\"",
"name": "HOSPITAIS_PT.shx"
}
]
}
However, when searching inside the folder I only get the CSV file....
https://graph.microsoft.com/v1.0/me/drive/items/<id_parent_folder>/search(q='')?select=name
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(driveItem)",
"value": [
{
"#odata.type": "#microsoft.graph.driveItem",
"name": "<name_parent_folder>"
},
{
"#odata.type": "#microsoft.graph.driveItem",
"name": "automation_csv.csv"
}
]
}
Searching for any other file name produces no results.
Is this a bug or a feature? Is there another endpoint that allows me to search all files inside a folder?
EDIT: changed the "beta" endpoint to "v1.0", though they produce the same results. Just don't want to create the assumption that it only happens in the beta endpoint.
Use the Microsoft Query API to search instead of using q search parameter.
See https://learn.microsoft.com/en-us/graph/api/resources/search-api-overview?view=graph-rest-beta
So I've been trying to get email addresses of people that have access to certain files in a Sharepoint document library of a site through the use of the Microsoft Graph API. Below is an example of how my permission object looks like, which is retrieved from https://graph.microsoft.com/v1.0/sites/<site id>/drives/<drive id>/items/<item id>/permissions.
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('...')/drives('...')/items('...')/permissions",
"value": [
{
"id": "...",
"roles": ["owner"],
"grantedTo": { "user": { "displayName": "testsite - Eigenaars" } },
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["read"],
"grantedTo": { "user": {"displayName": "testsite - Bezoekers"} },
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["write"],
"grantedTo": { "user": { "displayName": "testsite - Leden" } },
"inheritedFrom": {}
},
{
"id": "...",
"roles": [
"write"
],
"grantedToV2": {
"siteGroup": {
"displayName": "Developers",
"id": "120",
"loginName": "Developers"
}
},
"grantedTo": {
"user": {
"displayName": "Developers"
}
},
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["owner"],
"grantedTo": {
"user": {
"email": "testsite#mysharepoint",
"id": "uuid",
"displayName": "testsite - Eigenaars"
}
},
"inheritedFrom": {}
}
]
}
I assume the testsite in the displayName property is a group name (probably the group that belongs to the site the file resides in), but I have seen cases where I can't find this group name in the groups retrieved from the /groups endpoint in the Graph API.
You can also see the group Developers, which I haven't managed to find in the full group list retrieved from /groups.
The documentation around this is quite vague and unclear to me. Somewhere I read that this lack of data could be due to authentication scopes, but I have "god mode" administrator rights in this Sharepoint environment, so that would seem strange to me.
My main goal is to be able to get all users that have access to a specific file.
Thanks in advance!
1. I assume the testsite in the displayName property is a group name, but I have seen cases where I can't find this group name in the groups retrieved from the /groups endpoint in the Graph API.
This is because as per Drive Item Permission >> Identity Set >> Identity resource type Quoting
The identity's display name. Note that this may not always be available or up to date. For example, if a user changes their display name, the API may show the new value in a future response, but the items associated with the user won't show up as having changed when using
This can explain why sometimes you don't see the group name in your groups.
I suggest you use the id.
2. My main goal is to be able to get all users that have access to a specific file.
Do you have any users that appear on the Has Access section of the drive item on sharepoint? For users you should be able to get permissions and use the ids to Get directoryObject using the id values from grantedToIdentitiesV2 or grantedToV2 which will return odate type.
GET https://graph.microsoft.com/v1.0/directoryObjects/{id}?$select=id
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects(id)/$entity",
"#odata.type": "#microsoft.graph.group or user or application",
"id": "id"
}
For groups, the users would be the members of the group.
We're using the client_credentials flow to get access for our application to tenants environments. The application has the correct scopes, and we get an access token that is working for other endpoints like /users but when doing a request like the following we get error messages.
GET https://graph.microsoft.com/beta/me/findRooms
{
"error": {
"code": "ErrorInvalidUser",
"message": "The requested user '{userId}#{tenantId}' is invalid.",
"innerError": {
"request-id": "b72d26a3-d0ad-42eb-a3d3-35951cb42b3d",
"date": "2020-01-21T10:21:28"
}
}
}
I understand that there's no "me" when we're just an application, but how do we access these types of endpoints in that case? Do I have to have a user to act as, as well? That seems to me like it defeats the purpose of a daemon like this. Cannot find any clear documentation on this matter. On this page in the docs on the use a token section they even refer to a /me endpoint, which is incorrect in that case.
I've tried requesting the /users/{id}/findRooms endpoint with all different kinds of ID's I can find in the access token - none of them work.
Other people with the same issue, that have yet to resolve it.
1. Feedback area in docs
2. Github issue
Best regards,
Christopher
Using the /users/{user-id} is the only pattern that will work with client credentials. In your case, this should work, so maybe it's an issue with the id you are using.
To make sure I'm not giving you bad information, I just tested this with an app-only token from the client credentials flow. Parsing that token over at https://jwt.ms, I see the roles claim like so:
"roles": [
"User.Read.All"
]
If first did a GET /users?$select=displayname,id, and this user was included in the response:
{
"displayName": "Adele Vance",
"id": "3103c7b9-cfe6-4cd3-a696-f88909b9a609"
}
This is the id to use in your findRooms call. I did GET /users/3103c7b9-cfe6-4cd3-a696-f88909b9a609/findrooms and got the following response:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.emailAddress)",
"value": [
{
"name": "Conf Room Adams",
"address": "Adams#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Baker",
"address": "Baker#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Crystal",
"address": "Crystal#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Hood",
"address": "Hood#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Rainier",
"address": "Rainier#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Stevens",
"address": "Stevens#M365x330971.onmicrosoft.com"
}
]
}
While posting request to microsoft graph:
POST 'https://graph.microsoft.com/v1.0/me/drive/root:/017_2018-08-12_18.47.27.jpg:/createLink'
content-type': 'application/json
{
"type": "embed"
}
I am only getting
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#permission",
"#odata.type": "#microsoft.graph.permission",
"id": "5o98ENjWYH2pNK8wO5_d7QHUrdk",
"roles": ["read"],
"shareId": "s!AgDP2w-bgvZL****evpaN2yel",
"link": {
"type": "embed",
"webUrl": "https://onedrive.live.com/embed?resid=4B****U"
But according to documentation, I should also get WebHtml with Iframe link not only webUrl, and this is what I am looking for so I can generate links for photos, and put them on website.
Am I doing something wrong or is there any way around so I can get same embed url that I can generate from manualy clicking in onedrive?
I'm using personal one drive account.
Trying this out on the graph explorer does not work on the v1.0 endpoint for me. However using the beta endpoint does indeed return the webHtml property like as follows
Essentially what you would need to do is change the v1.0 segment in the url to beta.
POST 'https://graph.microsoft.com/beta/me/drive/root:/017_2018-08-12_18.47.27.jpg:/createLink'
content-type': 'application/json
{
"type": "embed"
}
And you should get back something like this
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#permission",
"#odata.type": "#microsoft.graph.permission",
"id": "p6z1ZAtRqKFwqHNVfaa6mPFQIyI",
"roles": [
"read"
],
"shareId": "s!AorKRTkoJljsixZbAANWreQhS7gk",
"expirationDateTime": "0001-01-01T00:00:00Z",
"hasPassword": false,
"link": {
"type": "embed",
"webUrl": "https://onedrive.live.com/embed?resid=EC5826283945CA8A%211430&authkey=!AFsAA1at5CFLuCQ",
"webHtml": "<iframe src=\"https://onedrive.live.com/embed?resid=EC5826283945CA8A%211430&authkey=!AFsAA1at5CFLuCQ\" width=\"98\" height=\"120\" frameborder=\"0\" scrolling=\"no\"></iframe>"
}
}
I am developing Azure DevOps extension which contain service endpoint to hold secret ID/KEY. My requirement is to have endpoint just consist of Connection name, ID ,and Key in it.I have gone trough list of provided endpoints in Microsoft but I couldn't find suitable option to satisfy my requirement.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=vsts#sep-ssh
closest solution I found is as below . But it contains input box for server URL(Which I need to omit (in this example though I don't define server URL it displays in popup dialog)). Please refer below image.
Is it possible to remove Server URL from above dialog box Or it there better endpoint type I can use for this requirement? please be kind enough to share some light with me.
You'll need to create a custom service type, that will allow you to show/hide the individual text boxes. You can find an example in the Azure DevOps Extension Tasks which I maintain.
You define custom service endpoint types in the vss-extension.json along with your other extension points:
{
"id": "vsts-marketplace-endpoint-type",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "VstsMarketplacePublishing",
"displayName": "Visual Studio Marketplace",
"url": {
"displayName": "Marketplace URL",
"value": "https://marketplace.visualstudio.com",
"isVisible": "false"
},
"helpMarkDown": "Required permissions: <ul><li><b>Publish</b>: All accessible organisations, Marketplace (Publish)</li><li><b>Share</b>: All accessible organisations, Marketplace Publish</li><li><b>Install</b>: All accessible organisations or a specific organisation, Extensions (read and manage), Marketplace (acquire)</li><li><b>Query Version</b>: All accessible organisations, Marketplace (read)</li><li><b>Is Valid Extension</b>: All accessible organisations, Marketplace (read)</li></ul><br/><a href='https://www.visualstudio.com/docs/setup-admin/team-services/use-personal-access-tokens-to-authenticate'>More information</a>.",
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-basic",
"inputDescriptors": [
{
"id": "username",
"name": "Username",
"description": "Username",
"inputMode": "textbox",
"isConfidential": false,
"validation": {
"isRequired": false,
"dataType": "string",
"maxLength": 300
},
"values": {
"inputId": "username",
"isDisabled": true,
"defaultValue": ""
}
},
{
"id": "password",
"name": "Personal access token",
"description": "Azure DevOps personal access token.",
"inputMode": "passwordbox",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string",
"maxLength": 300
}
}
]
}
]
}
},
You may find other extensions that set or configure the authentication dialog on GitHub, there are quite a few. Useful docs are here in an old blog post.