Section enrollments - desire2learn

My Offerings, Sections and Enrollments are created through Holding Tank.
I'm trying to access lists of Users enrolled in an Offering and its Sections.
Call
/d2l/api/lp/1.0/enrollments/orgunits/(D2LID:orgUnitId)/users/
works OK for Offering OrgUnits, but when used on the Section ones User information is missing:
"User": {
"Identifier": null,
"DisplayName": "Anonymous User",
"EmailAddress": null,
"OrgDefinedId": null,
"ProfileBadgeUrl": "/d2l/api/lp/1.0/profile/SjtASOuIHM/image",
"ProfileIdentifier": "SjtASOuIHM"
},
"Role": {
"Id": 103,
"Code": "Student",
"Name": "Student"
}

Knowing an orgUnitId you can get the enrolled users in the org you're "allowed to find". The Users > View User Enrollments permission governs whether you're allowed to pull back any enrollments, and the Search for {roleName} permissions govern what user records, by the name of the enrolled role, you can pull back.
The field values in the returned user records you're allowed to see are governed by the User Information Privacy role permissions: it seems likely that you have a set of UIP role permissions that let you see user record values for course offerings (the typical case) but not for the org unit type corresponding to your Section org units. Verify that you have the UIP role permissions for all the org unit types you need to search through, and that should address your issue here.

Related

The meaning of the calendar owner's email in Graph API

What is the meaning of the owner's email in calendar property [1] ?
Is it the owner's SMTP address, userPrincipalName or the other property of user resources [2]?
Ref.
[1] https://learn.microsoft.com/en-us/graph/api/resources/calendar?view=graph-rest-1.0#properties
[2] https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties
As stated in the documentation:
Owner - emailAddress - If set, this represents the user who created or added the calendar. For a calendar that the user created or added, the owner property is set to the user. For a calendar shared with the user, the owner property is set to the person who shared that calendar with the user.
It's an emailAddress which is a simple object containing the user's name and address:
{
"address": "string",
"name": "string"
}

Rules for tables having segregated data for each company

In my firebase app, each user belongs to a company (a company may have many users), and data in tables is split into Table_name\COMPANY_ID\
COMPANY_ID is defined in the Users table.
Like for e.g Items table would be:
Items\<COMPANY_ID>\Item_1
Items\<COMPANY_ID>\Item_2 and so on
Users table is defined as:
Users\<AUTH_ID>\
Where AUTH_ID is the authentication id
I want to set up rules so that a user can access data only of his own company. How to make read and write rules for Items table (and all other tables too)?
Something like this should do the trick:
{
"rules": {
"Items": {
"$companyId": {
".read": "root.child('Users').child(auth.uid).child('CompanyId').val()
=== $companyId"
}
}
}
}
In words: allow the authentication user user to read a company's data, if their CompanyId matches that company.

userType field - which values are allowed?

Microsoft Graph API's User entity has field "userType". According to documentation there is no any information about this. There is one line: "A string value that can be used to classify user types in your directory, such as “Member” and “Guest”. Supports $filter.". So there is no any limitations :-)
Can be "userType" null? I can't PATCH existing user manually via graph api - graph api return an error. But on production we have some users, which have "userType": null
Which values are valid for "userType"? Can you provide it in documentation or here please?
According to your questions, I suppose you want to know the valid value of the field userType. we can refer to the content of User Entity.
For your first question, we can set the field userType to null, not " " or "null". When we create a user, the default value of this field will be Member if we didn't set it.
We can patch existing user. Based on my test, we can modify it like this:
PATCH https://graph.microsoft.com/v1.0/users/{userid}
{
"displayName": "XXX",
"givenName": "XXXX",
"jobTitle": "Marketing Director",
"userType": "Guest"
}
This will modify the user'userType from Member to Guest.
For your second question, according to the content of User Entity and the article of Azure AD User, the valid value for userType is "Member" and "Guest". Based on my test, it is sure that only these two values can be used.

Properties null when using /users but not when using /me/contacts

When getting contacts from https://graph.microsoft.com/v1.0/me/contacts I get all properties for a user, ex:
{
displayName: 'Joe Joeson',
jobTitle: 'Administrator',
department: 'HK',
mobilePhone: '09823987234',
businessPhones: '8934598743',
mail: 'joe#mail.com',
}
But when I get all users of the organization (with https://graph.microsoft.com/v1.0/users?$select=displayName,jobTitle,department,mobilePhone,businessPhones,mail,userType) the same contact doesnt get some properties, ex:
{
displayName: 'Joe Joeson',
jobTitle: null,
department: null,
mobilePhone: null,
businessPhones: null,
mail: 'joe#mail.com',
}
Why? Its the same contact? Or am I missing something? Should I get all contacts from the organization in another way?
I have confirmed that all properties are set in https://portal.azure.com
The /contacts and /users endpoints return two different entities. A contact entity represents an Outlook Contact from the current user's Exchange mailbox whereas the a user entity represents an User directory object from the tenant's Active Directory instance.
The reason you're seeing two different results is because you're returning two different entities. The first is the Joe Joeson contact from your Outlook/Exchange mailbox and the second is the Joe Joeson user from Active Directory.
The reason you're seeing less information from /users is due to your requesting the Read all users' basic profiles (aka User.ReadBasic.All) scope. This scope can only see a limited number of properties from a user resource: displayName, givenName, surname, photo, and mail.

Apache Usergrid 2.x: can you restrict API access by a Data Entity's property value?

Say I have the following API, where users can have zero or more registeredIds, which model identifiers by type (with effective dates).
Two examples of registeredIds include:
// Social Security Number
{
"id" : "111-11-1111",
"type" : "SSN",
"validFrom": 315554400000,
"validTo" : null,
"registrationAuthority": "United States Social Security Administration"
},
// Employee ID
{
"id" : "12345678",
"type" : "employee-id",
"validFrom": 1262325600000,
"validTo" : null,
"registrationAuthority": "YoYoDyne"
}
When Anonymous User requests an employee, e.g.,
https://api.usergrid.com/your-org/your-app/users/janedoe
Anonymous User should only get a single registeredId.type with the type value "employee-id." Administrators, however, should see both the "employee-id" and "SSN" registeredId.types.
How would Apache Usergrid apply access control by the registeredId.type? I know I can assign permissions, but this is too restrictive. Can I create some kind of Entity SubType? Or should I handle this through relationships?
Currently, Usergrid does not allow you to set property validation checks. One solution to this problem is to have separate "EmployeeID" entities, have a connection from each User to that their id entity and setup permissions so that only authenticated users can access the EmployeeID entities.

Resources