We are creating a custom dynamic sap Fiori/SAPUI5 application tile in our launchpad. It seems like you just need to put the odata service call with a $count for the dynamic tile to show list of pending items. For example
/MyListSet/$count
will output 100 pending items
But what if we want to check if the user has authorization to items in the list? I'm considering putting something like
/MyListSet('USER')/$count
but this doesn't seem to be possible as the USER is unknown until runtime.
Is there a way to get the logged user calling the OData service and pass this user to our OData call via RFC and filter the result from there?
The user should already be authenticated with the system if he sees your app/launchpad.
I would suggest that you use the sy-uname system variable and filter your entityset before responding to frontend.
This should not be implemented in SAPUI5 instead use the ABAP Gateway service.
Related
I've been searching for a similar situation, but don't see one yet. Here's the scenario...
Lets say you have a server that allows multiple people to sign on. There is an application on the server that works with Google Calendar. Anyone can use it.
First, a user must register the service and go through the initial OAuth 2.0 setup. This adds the necessary info (id, token, refresh token, exp time, etc) to a table. Once done, they can use Calendar APIs and in the background the tokens are automatically refreshed.
Now, lets say Bob and Nancy are both set up. What's to stop Nancy from accessing Bob's calendar data as only the ID (ie, bob#gmail.com) is in the Token database and the ID is used to access that specific calendar, but there's no authentication method to USE that actual token record.
Would there be some need to add another layer of authentication to actually accessing a specific record in the Token table? So, before Bob or Nancy can run a addCalendarEvent() type process we'd need to validate it's their ID and not someone else's?
I hope this makes sense. :)
I want to use the QBWebConnector for an app that has multi-tenant DB. It means I need to know the tenant when my app receives data from QBWebConnector to populate the DB correctly.
I am using a PHP kit from consolibytes.
What are my options here?
I see that the functions which are called for building and receiving XML request have params like $user and $extra.
The $user is the user which is used by QBWebConnector to authenticate with the SOAP server.
So should I create multiple QWC files for each tenant as a user and use that to identify the tenant?
And what is this $extra in the param? Should I use that? If then how?
I also see we have callback options and hooks when we create QuickBooks_WebConnector_Server. I am not sure the use of them but can they be used in any way?
Thanks for taking the time to help me.
So should I create multiple QWC files for each tenant as a user and use that to identify the tenant?
Each tenant in your application should have their own username, and thus their own .QWC file.
If your application has multiple users per tenant, you do not need a .QWC file per user. You need a .QWC file per tenant.
And what is this $extra in the param? Should I use that?
The $extra param is for passing additional data to your callback functions. It has nothing to do with tenancy or authentication, so don't use it for that.
I also see we have callback options and hooks when we create QuickBooks_WebConnector_Server. I am not sure the use of them but can they be used in any way?
They can be used, but not for tenancy or authentication.
I am trying to create a flow process to automate creating CSV files which contains the student, teacher assignment, submissions, and submission outcomes. I have registered an app in Azure AD and I can connect to this fine via PowerShell with delegate permissions and see all of the data I need.
However, when I try to connect with application permissions EduAdministration.Read.All, EduAssignments.Read.All and EduRoster.Read.All, I can only see basic Class and Student information. So calling https://graph.microsoft.com/v1.0/education/classes works but calling https://graph.microsoft.com/v1.0/education/classes/CLASSID/assignments does not (I get a "Resource not found for the segment 'assignments'").
As I have an admin account which is a member of the CLASSID team, I can see all of this information if running from graph explorer with delegated permissions.
So, is there something else I need to do to get the application .Read.All permissions working or are there a tutorial of how to connect to graphs with Flow using delegated permissions?
There are a couple of things going on here:
"Resource not found for the segment 'assignments'" Error
You're receiving this error because you're attempting to call the Assignments endpoint in v1.0. Assignments is still in Beta, so you need to use /beta, not /v1.0.
Once you get past the segment error, you will still have a permissions issue. The Assignments endpoint only supports Delegated scopes. The inverse is true for Classes which only return limited information using Delegated scopes. In order to call both endpoints, you'll want to have two separate tokens (one delegated, one application):
For /education/classes/{id}, use the Application scope EduRoster.Read.All.
For /education/classes/{id}/assignments/, use the Delegated scope EduAssignments.Read.
I am using 2 Oauth services in my website. They both send back a query parameter called code. And I use a custom function to grab that code field when my page loads. Do OAuth services have a way you can change that code field to be custom? I am using Google OAuth for one and I am unable to locate this.
No, the standard specifies that the query parameter is named code, so there's no way to name them differently.
But the client can add a state parameter to the authorization request, which the authorization server has to return with the code. You can use that parameter to distinguish between the two authorization requests.
I am trying to use 'Get /organization' api to fetch the tenant name, tenant id and list of domains in the tenant. If there are many domains (say 300-400) in the tenant, would all of them be included in the response? or would the response be paginated? In that case how should I handle pagination?
My app is Java based and I am directly using the REST interfaces.
Are you seeing issues getting all the data back? AFAIK Organization is a singleton, so specifying $top won't help here. My assumption is that you will get all the data back in the single response.
Hope this helps,