I have a small api with a model containing some properties. Half of the properties are being managed by the application itself and should not be postable, editable by the user sending an api request. The fields can be viewed only on GET requests.
Is there any way of masking those fields in the generated api docs (swagger) and also preventing the user from editing them?
From the docs, in your model.json add a section for ACLs (Access Control Lists), as follows. I'm not sure what it will do to the docs, but it should make them readonly.
"acls": [
{
"accessType": "READ",
"permission": "ALLOW",
"principalType": "ROLE",
"principalId": "$everyone",
"property": ["array", "of", "property", "names", "that", "are", "read", "only"]
},
...
]
Related
I have been able to find various questions similar to this one, but none of them are solving this problem.
So I have this custom field
"customfield_10039": {
"required": false,
"schema": {
"type": "user",
"custom": "com.atlassian.jira.plugin.system.customfieldtypes:userpicker",
"customId": 10039
},
"name": "user",
"key": "customfield_10039",
"autoCompleteUrl": "https://integrationtr.atlassian.net/rest/api/1.0/users/picker?fieldName=customfield_10039&fieldConfigId=10140&projectId=10001&showAvatar=true&query=",
"hasDefaultValue": false,
"operations": [
"set"
]
},
So as you can see this allows one to set the user, now I set the user using this:
{"fields":{"customfield_10039" : {"name":"admin"}}}
I have tried so many combinations for name, I have tried using email id, display name, even name by concatenating first name, second name. In each one I get the same error:
{"errorMessages":[],"errors":{"customfield_10039":"user is required."}}
I am developing Azure DevOps extension which contain service endpoint to hold secret ID/KEY. My requirement is to have endpoint just consist of Connection name, ID ,and Key in it.I have gone trough list of provided endpoints in Microsoft but I couldn't find suitable option to satisfy my requirement.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=vsts#sep-ssh
closest solution I found is as below . But it contains input box for server URL(Which I need to omit (in this example though I don't define server URL it displays in popup dialog)). Please refer below image.
Is it possible to remove Server URL from above dialog box Or it there better endpoint type I can use for this requirement? please be kind enough to share some light with me.
You'll need to create a custom service type, that will allow you to show/hide the individual text boxes. You can find an example in the Azure DevOps Extension Tasks which I maintain.
You define custom service endpoint types in the vss-extension.json along with your other extension points:
{
"id": "vsts-marketplace-endpoint-type",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "VstsMarketplacePublishing",
"displayName": "Visual Studio Marketplace",
"url": {
"displayName": "Marketplace URL",
"value": "https://marketplace.visualstudio.com",
"isVisible": "false"
},
"helpMarkDown": "Required permissions: <ul><li><b>Publish</b>: All accessible organisations, Marketplace (Publish)</li><li><b>Share</b>: All accessible organisations, Marketplace Publish</li><li><b>Install</b>: All accessible organisations or a specific organisation, Extensions (read and manage), Marketplace (acquire)</li><li><b>Query Version</b>: All accessible organisations, Marketplace (read)</li><li><b>Is Valid Extension</b>: All accessible organisations, Marketplace (read)</li></ul><br/><a href='https://www.visualstudio.com/docs/setup-admin/team-services/use-personal-access-tokens-to-authenticate'>More information</a>.",
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-basic",
"inputDescriptors": [
{
"id": "username",
"name": "Username",
"description": "Username",
"inputMode": "textbox",
"isConfidential": false,
"validation": {
"isRequired": false,
"dataType": "string",
"maxLength": 300
},
"values": {
"inputId": "username",
"isDisabled": true,
"defaultValue": ""
}
},
{
"id": "password",
"name": "Personal access token",
"description": "Azure DevOps personal access token.",
"inputMode": "passwordbox",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string",
"maxLength": 300
}
}
]
}
]
}
},
You may find other extensions that set or configure the authentication dialog on GitHub, there are quite a few. Useful docs are here in an old blog post.
When trying to filter for a custom created schema extension:
https://graph.microsoft.com/v1.0/me/events?$filter=(<schemaId>/<key> eq '<value>')
the error message we get is:
"message": "Could not find a property named 'e2_<ourTenantID>_<schemaId>' on type 'Microsoft.OutlookServices.Event'"
The problem is that before performing search, the API prepends tenantID to schema ID, thus failing to recognize the property. It seems that graph API performs search using their own internal schema ID.
Interesting thing is, that when searching for a non-existing schema, the tenantID is not added.
The problem persists when testing to filter messages, events and contacts.
Our schema extension creation JSON:
{
"description": "Extension to help avoid duplicates",
"targetTypes": [
"Contact",
"Message",
"Event"
],
"properties": [
{
"name": "UniqueId",
"type": "String"
}
],
"status": "InDevelopment",
"owner": "<appID>",
"id": "<name>",
"#odata.type": "#microsoft.graph.ComplexExtensionValue"
}
From the Group API and /Conversations endpoint you can get a list of conversations and when looking in the Groups App you can see the user with image.
But data returned from API doesn't have any good data to use for a user lookup.
I would expect an email address at least, not just the name which is far from unique. Is there a efficient way to get the user without traversing all the threads and posts?
Data from API:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups('{id}')/threads",
"value": [{
"id": "{id}",
"topic": "Test main thread",
"hasAttachments": false,
"lastDeliveredDateTime": "2017-10-20T11:35:04Z",
"uniqueSenders": [
"Jonas Stensved"
],
"preview": "{message preview content}",
"isLocked": false
},
{
"id": "{id}",
"topic": "The new Test group is ready",
"hasAttachments": false,
"lastDeliveredDateTime": "2017-10-13T10:33:03Z",
"uniqueSenders": [
"Test"
],
"preview": "{message preview content}",
"isLocked": false
}
]
}
How a group in the Groups app looks:
[]
It might help to break down the object hierarchy here:
Group - parent to a collection of Conversation resources
Conversation - parent to a collection of Thread resources
Thread - parent to to a collection of Post resources
Post - the actual content sent to the Group by a User
In order to see which User resources map into a given Thread, you need to drill down another level to find the Post resources contained within the Thread.
You can do this using the $expand=posts parameter to expand the Posts collection. You can also a ($select=from) the $expand so you only return the properties you need to map back to the User resource.
So this query:
/v1.0/groups/{group-id}/threads?$expand=posts($select=from)
will provide you a Thread result like this:
{
"id": "{thread-id}",
"topic": "New Training Plans",
"hasAttachments": false,
"lastDeliveredDateTime": "2017-07-31T18:59:05Z",
"uniqueSenders": [
"HR Taskforce"
],
"preview": "{thread-preview}",
"isLocked": false,
"posts#odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups('{group-id}')/threads('{thread-id}')/posts(from)",
"posts": [{
"#odata.etag": "W/\"CwAAABYAAADE9kXbLjqkSJUGeLzs6eumAAAAAA0/\"",
"id": "{post-id}",
"changeKey": "CwAAABYAAADE9kXbLjqkSJUGeLzs6eumAAAAAA0/",
"from": {
"emailAddress": {
"name": "HR Taskforce",
"address": "HRTaskforce#M365x214355.onmicrosoft.com"
}
}
}]
}
You can try this yourself using this Graph Explorer example.
You can get group members list and iterate over them. Depending on the size o the group this might require paging. You can find more information in the docs: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/group
I hope this helps.
I'm documenting a Rails app with Swagger 2.0 and using Swagger-UI as the human-readable documentation/sandbox solution.
I have a resource where clients can store arbitrary metadata to query later. According to the Rails convention, the query would be submitted like so:
/posts?metadata[thing1]=abc&metadata[thing2]=def
which Rails translates to params of:
{ "metadata" => { "thing1" => "abc", "thing2" => "def" } }
which can easily be used to generate the appropriate WHERE clause for the database.
Is there any support for something like this in Swagger? I want to ultimately have Swagger-UI give some way to modify the generated request to add on arbitrary params under the metadata namespace.
This doesn't appear supported yet (over 2 years after you asked the question), but there's an ongoing discussion & open ticket about adding support for this on the OpenAPI github repo. They refer to this type of nesting as deepObjects.
There's another open issue where an implementation was attempted here. Using the most recent stable swagger-ui release, however, I have observed it working as I expect:
"parameters": [
{
"name": "page[number]",
"in": "query",
"type": "integer",
"default": 1,
"required": false
},
{
"name": "page[size]",
"in": "query",
"type": "integer",
"default": 25,
"required": false
}
This presents the expected dialog box & works with Try it out against a working server.
I don't believe there is a good way to specify arbitrary or a selection of values (e.g. an enum), so you may have to add parameters for every nesting option.