What is the REST call to list all the project roles of a user.
I could get the groups by using:
http://XXX/rest/api/2/user?username=XXX&expand=groups.
I want the project role results by sending username but not project name.
This is not available yet I guess. But It would be helpful if you could post your JIRA-Version anyway.
Only think that might be of interest for you is here: Taken from JIRA 6.1 docs. But you have to define the permissions in this request.
https://developer.atlassian.com/static/rest/jira/6.1.html
/rest/api/2/user/permission/search?username&permissions&issueKey&projectKey&startAt&maxResults
Returns a list of active users that match the search string and have all specified permissions for the project or issue.
This resource can be accessed by users with ADMINISTER_PROJECT permission for the project or global ADMIN or SYSADMIN rights.
The project key is optional for this call.
If this won't help you:
You can extend the rest API with your own plugin.
Related
I am trying to create a flow process to automate creating CSV files which contains the student, teacher assignment, submissions, and submission outcomes. I have registered an app in Azure AD and I can connect to this fine via PowerShell with delegate permissions and see all of the data I need.
However, when I try to connect with application permissions EduAdministration.Read.All, EduAssignments.Read.All and EduRoster.Read.All, I can only see basic Class and Student information. So calling https://graph.microsoft.com/v1.0/education/classes works but calling https://graph.microsoft.com/v1.0/education/classes/CLASSID/assignments does not (I get a "Resource not found for the segment 'assignments'").
As I have an admin account which is a member of the CLASSID team, I can see all of this information if running from graph explorer with delegated permissions.
So, is there something else I need to do to get the application .Read.All permissions working or are there a tutorial of how to connect to graphs with Flow using delegated permissions?
There are a couple of things going on here:
"Resource not found for the segment 'assignments'" Error
You're receiving this error because you're attempting to call the Assignments endpoint in v1.0. Assignments is still in Beta, so you need to use /beta, not /v1.0.
Once you get past the segment error, you will still have a permissions issue. The Assignments endpoint only supports Delegated scopes. The inverse is true for Classes which only return limited information using Delegated scopes. In order to call both endpoints, you'll want to have two separate tokens (one delegated, one application):
For /education/classes/{id}, use the Application scope EduRoster.Read.All.
For /education/classes/{id}/assignments/, use the Delegated scope EduAssignments.Read.
A client has setup an application link for JIRA 5.2.7 and they have administrator privileges. When a call is made to "create meta" no projects are returned. The request body returns:
array(
'expand' => 'projects',
'projects' => array(),
)
However, the client sent me a screenshot showing the projects that the user has access to.
I've not run across this problem with JIRA 6.0. What are the possible reasons that this could be happening?
By serendipity I found the answer.
In order for the projects to show in the API return, the user needs to have the permission "Browse Projects" and permission "create issues" set for each of the projects they should have access to. Being an administrator of a project doesn't automatically grant that permission instead it is often inherited from another role e.g. "Users".
However, there is also a nasty undocumented bug/feature in JIRA 5.2 around authentication using Oauth. Specifically, JIRA oauth in that version requires the use of query parameters for the oauth parameters. It fails if you use POST parameters for the oauth parameters.
Unfortunately, in that version of JIRA at least, /createmeta API call will return a 200 status and an empty response even if you are not authenticated rather than an expected 401 status code.
I am trying to implement XPagesSBT on localhost.
I have followed this article http://heidloff.net/home.nsf/dx/12152011034545AMNHECAP.htm and the SBT document by Niklas and was trying to implement dropbox oAuth.
I have also placed http://localhost/XPagesSBT.nsf/ and http://localhost/WebSecurityStore.nsf in root folder
but still i get this error
Error while executing JavaScript action expression
Script interpreter error, line=1, col=26: Error calling method 'isAuthenticated()' on java class 'com.ibm.xsp.extlib.sbt.services.client.endpoints.DropboxEndpoint'
No application is registered with id XPagesSBT and provider Dropbox
if(!#Endpoint("dropbox").isAuthenticated()) {#Endpoint("dropbox").authenticate(true);}
do i need to make any other configuration /setup to XPagesSBT db? or it wont work with Localhost?
I don't remember exactly anymore but reading my blog entry you linked it says you shouldn't use Anonymous:
"Additionally there are a couple of security related settings which are important to understand. First of all you need to assign access to the document with the application keys to the ID with which you signed the two NSFs. In the screenshot above I've entered both OpenNTF servers and my own user ID. When you use the web UI to do this these names are added to the document in an authors field and a readers field.
In the last step you need to configure the ACL of the security store. Anonymous must not have access to this database. All users who you want to be able to use the Social Enabler OAuth functionality need to have author access. This is so that their user keys can be stored in this database so that they only have to do the OAuth dance once. "
It should work on localhost. It looks like a configuration issue with SBT not being able to read the security tokens from the websecuritystore.nsf . Did you create the Dropbox Application Key with an admin id and sign the websecuritystore with the correct id?
Padraic
For administrative purpose, especially the deprovisioning process, it'll be useful to know if a user has shared any of his resources (Docs, files etc.) with other users.
Any tips or code that could solve this task?.
You can check what permissions are given to users toward a file by using this drive.permissions.list request:
GET https://www.googleapis.com/drive/v2/files/{fileId}/permissions
The response gives you information about what users are authorized to interact with the file, including user's id, name, role, type ... that you can choose to store in your database.
You can test this by using Google API Explorer
I am working with Apps Script on a Google Site and I am trying to use Oauth to authenticate the gadget as the active user to show the active users documents list. I have found several Google group discussions asking about this with no answers, was hoping I could get an answer on here. Here is my code:
var oauthConfig = UrlFetchApp.addOAuthService("gDocs");
oauthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
oauthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope=https://docs.google.com/feeds/");
oauthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
oauthConfig.setConsumerKey("myDomainName");
oauthConfig.setConsumerSecret("myCosumerSeceret");
var options =
{
"method": "GET",
"headers": { "GData-Version": "3.0" },
"oAuthServiceName" : "gDocs",
"oAuthUseToken" : "always"
};
var results = UrlFetchApp.fetch("https://docs.google.com/feeds/default", options);
At this point the code does not run and the page with the gadget displays:
Authorization is required to perform that action.
Any assistance would be greatly appreciated.
Thank you,
James Krimm
In order to perform authorization using 3-legged OAuth, you have to use 'anonymous' as ConsumerKey and ConsumerSecret:
oauthConfig.setConsumerKey("anonymous");
oauthConfig.setConsumerSecret("anonymous");
Also, please note that the correct feed url is https://docs.google.com/feeds/default/private/full.
However, if your goal is to get the list of documents for the active user, why don't you just use the DocsList Services provided by Apps Script? They will also take care of parsing the results for you.
https://developers.google.com/apps-script/service_docslist
It's not possible to access the active user data. A published Apps Script, as on a site, runs under the account of the script owner, called effective user. And, as a security concern, the script owner does not have permission to access any data of the active user.
So, what #claudio suggests (of using builtin DocsList) is not possible.
Unless we're talking about a Google Apps domain (and not regular consumer accounts) and the script owner is the domain administrator. In which case he can use the Google Docs List Data API to impersonate any user on his domain.
Either way, the consumer key and secret should always be "anonymous", regardless this scenario.
I have a Google Script OAuth library https://sites.google.com/site/scriptsexamples/custom-methods/google-oauth that will make the OAuth part less painful.
And some source code for a currently being developed DriveSrevice Library that will hit the points that are missing in Google Script.
https://sites.google.com/site/scriptsexamples/custom-methods/driveservice
This particular error is probably not related to OAuth but related to adding DocsList to the app.
See: https://developers.google.com/apps-script/troubleshooting#common_errors
Authorization is required to perform that action.
This error indicates that the script is lacking the authorization
needed to run. When a script is run in the Script Editor or from a
custom menu item an authorization dialog is presented to the user.
However, when a script is run as a service, embedded with a Google
Sites page, or run from a trigger the dialog cannot be presented and
this error is shown. To authorize the script, open the Script Editor
and run any function. To avoid this error, remember to run the script
once in the Script Editor after adding new services or capabilities to your script.
The answers here are not correct. You CAN do what you need, but not using Oauth directly. Instead, publish the Apps Script with the option to "run as the current user" instead of the script owner. Then use DocsList of DriveApp to get at the users files. The key here is to publish the service to "run as the user accessing the app".