Getting insights for page posts returning []
This is for the adidas page
pp graph.get_object("182162001806727/insights/")
It generally returns fields for country data and nothing for page_impressions or page_engagement, etc
Even though the docs mention that Insights are generated for a psot/page with more than 30 likes, but still nothing.
Infact, insights for the first post of Adidas page returns absolutely nothing
pp graph.get_object("182162001806727_1189840444372206/insights")
or
graph.get_connections('182162001806727_1189840444372206', 'insights/page_impressions_frequency_distribution', period: 'week'
even though it has high amount of likes and comments, if you check their feed.
So, what is the correct method or is it even possible or publicly available.
And, for pages, is the page_impression/engagement data available?
https://developers.facebook.com/docs/graph-api/reference/v2.7/insights#reading:
Permissions:
- Any valid access token can be used for publicly available metrics (currently page_fans_country or page_storytellers_by_country)
- A user access token with read_insights permission can retrieve metrics for all pages and domains owned by this user.
- A page access token with read_insights permission can retrieve all metrics for that Page.
Those two permissions highlighted in bold are the only two publicly available ones. For everything else, you need an admin user token or a page token.
Related
I want to store url of user's referral website after sucessfull registration. In this case I can't use request.referer because user can visit few pages on my website before registration. But I need previous website url, for example http://google.com or http://facebook.com/somepage_id or whatever. I know that Google Analytics or Intercome can collect this data but I want something simple. Preferably without external APIs or libraries if this possible.
There is ruby gem called 'ahoy', which can be used for this.
When someone visits your website, Ahoy creates a visit with lots of useful information.
traffic source - referrer, referring domain, landing page, search
keyword
location - country, region, and city
technology - browser, OS, and device type
utm parameters - source, medium, term, content, campaign
Please find the link for more information,
Ahoy
When user reach your site create UserSession which will store request.referer also it has user_id. And during registration bind UserSession to created User by filling user_id. In this case you will get site from which user came + you can get some additional info from UserSession(user-agent, date, visited pages and etc.)
I want to track all users (both authenticated users and anonymous users) , so far the solution i found are not good.
First of all, we can use a cookie but as we all know its not a reliable solution, second of all we, can use browser finger printing, but until this moment I did not find any solution for server side.
I found this solution valve but it is for client side and this one browserFingerPrint , I want an approach which user does not find any token in request , I want to create the key in server side so I can track users.
Does any one know any solution?
note : my server side technology is Asp.net Mvc
use case : users can comment on m site and also they can like or dislike comments, I want to allow all users to do this and also I want to track users before action (like or dislike)
No, there is no solution for what you want that doesn't use some form of a "token" which fingerprints anonymous users.
Let's see why.
An anonymous browser sends a series of bits of data, such as IP, browser agent and other headers. These should never be used to identify a user because they can be easily forged. They can be OK for tracking, and for most purposes IP address or some hash based on IP address and browser agent is sufficient. However this won't do for things which require security, such as commenter identification.
For commenter identification, it is necessary to prevent fraud. This is typically achieved by giving a unique token to each user. This can be transmitted in many forms, off the top of my head: cookies, headers, query string, POST parameters, or client certificates. However it does require a token issued by the server. If the client can generate a token from scratch, then it follows it can generate a fake token.
I am using the Survey Monkey api to get the url's of surveys I have created which allows me to display surveys from within my application. To do this I have to send my key and authorization with the request.
What concerns me is that Survey Monkey has an api 'create_flow' that allows surveys to be created. Using fiddler I can see my requests including the key and authorization token. As far as I can see, this means that anyone could use this information to access the api and create a new survey on my account, which I do not want.
Is there any way to stop someone from creating new surveys using the API and the auth token? I'm not really bothered about people getting access to the survey details or Uri's as all they can do is post junk survey results that only I will see, but I absolutely don't want anyone else to be able to create a survey that will be presented to all my users with potential malicious text.
It is not possible to make an account read-only.
So if I'm understanding correctly, you're shipping an application which contains your api_key and access token?
This is very much not recommended - the access token is equivalent to your account password, it gives full access to your account.
If you want a way to dynamically list your surveys, the best way to do it is create a proxy web app / API you host yourself. When someone hits that address, it uses the access token / api key you've stored on your box and grabs the list of surveys and then returns it to your app. This is the only safe way to do this.
I am trying to figure out how can we detect if we are logged in to a site from Firefox Extensions.
I am planning to invoke a rest api in the target site to detect if the user is loggedin or not. I am not sure what is the right place to make such calls.
Going though documentation, seems like main.js is could be the place where I want to put such method, but then I am not sure how to call form my views this particular method in main.js
There is no generic way to determine that a user is logged in to a site. Every site can, and does, choose their own method of doing so. The most common method is to store a session cookie on the user's machine through the browser. However, the specifics are nearly certain to be different at each site. There is also the question of, in your situation, if there is the possibility that the site permits the user to be logged in for an extended period of time (i.e. not just in a session).
The most probable way to successfully determine how the fact that the user is logged in is recorded on the machine is to look at the differences between what cookies are stored (for the site) prior to the user being logged in, while the user is logged in, and after the user is logged out. There are a large number of extensions dealing with cookies. One of them should probably be able to help with letting you look at the information you need to examine for this investigation.
Once you have that information, you can use a variety of different interfaces in Firefox to access the cookies and see if the user is logged in. Obviously, you will want to listen for changes, and/or listen for a page from the site to be loaded (overlay/bootstrapped, SDK) rather than pooling for changes in the cookies.
MDN refs about the cookie interfaces:
Deal with individual cookies:nsICookie, nsICookie2 nsICookieManager, nsICookieManager2
Deals with the entire cookie string: nsICookieService
Let's imagine I have following scenario
User receives an email that there is a new item waiting for her
Clicks on a link and is able to either confirm or reject item (details skipped)
Can then access a list of all her items
The trick is that I would like to allow all this happen without user signing in but then limit access to other parts of the website (like sending an item to another user)
How I see it is that:
when user clicks a link she is signed in but only on tier 1 - with access only to confirm/reject action and read only to index of items (that's when Devise session is created)
when user wants to access other part of the website the sign in page is presented
when user comes to the website just by typing in the url http://example.com and wants to access own account she is asked to sign in.
after sign in session is "promoted" to tier which allows full access
after some time of inactivity session is downgraded to tier 1 for security reasons
My inspiration comes from how Amazon works - you can access in read-only most parts of the account but before performing any destructible actions you need to sign in.
Does anyone have any experience with such approach or can share some blog posts, etc?
I didn's find anything on SO and Google mostly returned things about two-factor auth which is not the case here.
I also understand that there are security concerns with links in email.
I have implemented a very similar behavior few months ago. I don't have very interesting resources to show you but I can explain a bit how you could organize or think about the problem to solve.
Description
For the problem you state, it looks like once you have identified a user, you have two different states you can give him:
limited access (perform certain actions, read most of the resources, etc)
full access (allows them to do anything they would normally do).
Having stated that, what you need to do is figure out in which cases you will give a user each access state (for example):
signing in with email token -> limited access
password -> full access
authentication_token -> full access
omniauth -> full access
After that, you will need to save this information in the user session. This should be done anytime the user is authenticated, as you will know what strategy was used to authenticate the user.
To know if a user can or cannot perform an action you will need two things, know what the user can do, and the current "access state". Depending on those you will decide wether the user is allowed or not to perform a certain action.
Whenever a user can't perform an action and is logged in with limited access you should bring him to the flow for verifying his crendetials. This flow is pretty simple, almost like a sign in but just with the password. Once you verify his crendetials you can upgrade his authorization to a full access one.
Implementation details
I recommend you to create a Authorization model which will represent the "access states" that I mentioned. This model will have to be serialized in the session so you should be able to build it from a simple structure and serialize it again into that structure. The simplest the better (a boolean flag, an array or maybe a hash). For the case mentioned, it looks like a boolean would do the job.
Regarding implementation details, I recommend you implementing this with a Warden after_atuhentication callback.
You could implement this with CanCan by creating you own Ability that would be built with an Authorization instance and a User instance.
I think you're confusing authorization and authentication. Devise is an authentication solution, meaning it handles the "proof me you are who you say you are" part. Authorization is the "Ok, I know who you are, now let's see what can you do". Devise doesn't provide an authorization system beyond the simple "logged/not logged". If you need a more complex authorization system, use an authorization gem. CanCan is very popular.