I try with no success to give read or write access to an existing user (Office 365) on a Sharepoint drive folder.
With Graph Explorer the URL is like :
https://graph.microsoft.com/v1.0/sites/{site id}/drive/items/{folder id}/permissions
I can get actual permissions with GET method, but with POST method and this body I've got Invalid Request :
{
"grantedToV2": {
"user": {
"id": "xxxxxxx",
"displayName": "xxx xxx"
}
},
"roles": [
"read"
]
}
I tried with the powershell SDK and the New-MgDriveItemPermission too with no success.
Any help is welcome !
In order to add permissions to an you will have to make a POST request to the below endpoint:
https://graph.microsoft.com/v1.0/sites/{site-id}/drive/items/{folder-id}/invite
With the body containing all the info about the invitation request as the below example:
{
"requireSignIn": false,
"sendInvitation": false,
"roles": [ "read | write"],
"recipients": [
{
"email": "{email of the user}"
}
],
"message": "string"
}
If your request is succesful the response you will get back will be of the below format:
Status: 200
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(permission)",
"value": [
{
"#odata.type": "#microsoft.graph.permission",
"id": "<some id>",
"roles": [
"write"
],
"grantedTo": {
"user": {
"email": "<user>#<tenant>.onmicrosoft.com",
"id": "<some id>",
"displayName": "<user's display name>"
}
}
}
]
}
Below I will share with you the code snippet I got from Graph Explorer after creating a succesful request:
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var recipients = new List<DriveRecipient>()
{
new DriveRecipient
{
Email = "<user>#<tenant>.onmicrosoft.com"
}
};
var message = "Here's the file that we're collaborating on.";
var requireSignIn = true;
var sendInvitation = true;
var roles = new List<String>()
{
"write"
};
await graphClient.Sites["root"].Drive.Items["<folder-id>"]
.Invite(recipients,requireSignIn,roles,sendInvitation,message,null,null,null)
.Request()
.PostAsync();
Notes
You can find documentation about the endpoint here.
If you try to add permissions to a Folder that inherits its permission model from the document library, you should watch out because in some cases if the user is not a member of the site groups, MS Graph might invoke unique permissions on the folder.
Related
I can successfully create user by calling the following path in Postman software:
http://{KEYCLOAK_IP}/auth/admin/realms/{REALM_NAME}/users
The body content that I send is like following:
{
"enabled":true,
"username":"Reza",
"email":"reza#sampleMailServer1.com",
"firstName":"Reza",
"lastName":"Azad",
"credentials": [
{
"type":"password",
"value":"123",
"temporary":false
}
]
}
Now, let’s assume that we have a client, which is named browserApp and this client has a role, which is named borwserAppRoleUser. Also, the realm has a role, which is name realmRoleUser.
In order to include abovementioned roles in the body content of the HTTP request I tried the following structure:
{
"enabled":true,
"username":"Reza",
"email":"reza#sampleMailServer1.com",
"firstName":"Reza",
"lastName":"Azad",
"credentials": [
{
"type":"password",
"value":"123",
"temporary":false
}
],
"role": [
{
"id": "borwserAppRoleUser",
"name": "test",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "browserApp"
},
{
"id":"realmRoleUser",
"composite":false,
"clientRole":false
}
]
}
Sending the above body content results in 400 bad request response. The errors contains this message:
Unrecognized field "role" (class org.keycloak.representations.idm.UserRepresentation), not marked as ignorable
Also, I am sure that the rest of the role object is not correct.
I searched for examples online, but I could not find any sample regarding the role assignment. Can any body please help me to fix this problem?
REST API not supports realm & client roles by single JSON data.
It only support by Add Realm with JSON import
The simple JSON format is like this but it needs extra data.
This is working example for Import Realm JSON data
{
"id": "test",
"realm": "test",
"users": [
{
"enabled": true,
"username": "Reza",
"email": "reza#sampleMailServer1.com",
"firstName": "Reza",
"lastName": "Azad",
"credentials": [
{
"type": "password",
"value": "123",
"temporary": false
}
],
"realmRoles": [
"user"
],
"clientRoles": {
"borwserAppRoleUser": [
"test"
]
}
}
],
"scopeMappings": [
{
"client": "borwserAppRoleUser",
"roles": [
"test"
]
}
],
"client": {
"borwserAppRoleUser": [
{
"name": "test",
"description": "${role_create-client}"
}
]
},
"roles": {
"realm": [
{
"name": "user",
"description": "Have User privileges"
}
]
}
}
If you want to assign user's realm role and client role, use separate API call.
#1 Assign user's realm role
POST {KEYCLOAK-IP}/auth/admin/realms/{REALM-NAME}/users/{USER-UUID}/role-mappings/realm
In Body of POST
[
{
"id": {REALM ROLE UUID},
"name": {ROLE NAME},
"composite": false,
"clientRole": false,
"containerId": {REALM NAME}
}
]
1.1 Get master token - here
1.2 Get User UUID
1.3 Get Realm role UUID and name
1.4 POST realm role into user
#2 Assign user's client role
POST {KEYCLOAK-IP}/auth/admin/realms/{REALM-NAME}/users/{USER-UUID}/role-mappings/clients/{CLIENT-UUID}
In Body of POST
[
{
"id": {CLIENT ROLE ID},
"name": {ROLE NAME},
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": {CLIENT-UUID}
}
]
2.1 Get master token
2.2 Get user UUID - same 1.2
2.2 Get Client UUID
2.3 Get Client role UUID & name
2.4 POST client role into user
Finally confirm both assigned roles by this API
GET {KEYCLOAK-IP}/auth/admin/realms/{REALM-NAME}/users/{USER-UUID}/role-mappings
I'm using App ID and I follow this tuts https://cloud.ibm.com/docs/services/appid?topic=appid-tutorial-roles for my personal project.
I tried to call API {{APPID_MANAGEMENT_SERVER_HOST}}/management/v4/{{APPID_TENANT_ID}}/users with body:
"idp": "cloud_directory",
"idp-identity": "huynhdn#gmail.com",
"profile": {
"attributes": {
"role": "MANAGER"
}
}
}
I get Future User in User Profiles! => OK
Next, I call {{APPID_MANAGEMENT_SERVER_HOST}}/management/v4/{{APPID_TENANT_ID}}/cloud_directory/Users to set password for this user.
"displayName": "Test User",
"password": "abcd1234",
"emails": [
{
"value": "huynhdn#gmail.com",
"primary": true
}
]
}
Finally, I call {{APPID_AUTH_SERVER_HOST}}/oauth/v4/{{APPID_TENANT_ID}}/token to get token with user created above! But when i check in app id, attribute "role" is gone :(
WHY? or Anyone can help me another way to create user has "username", "password", "attribute" with API management!
The doc page you're referencing above states that in order to get future user attribute the user must validate ownership over email. You can either do it through standard means, or manually specifying status:confirmed when creating your CLoud Dir user, e.g.
{
"displayName": "John Smith",
"password": "p4ssw0rd",
"emails": [
{
"value": "john#example.com",
"primary": true
}
],
"status":"CONFIRMED"
}```
I have a workplace application,
I wish to change emailIds of the user via API,
I found that Account Management API
can be used to modify user details via API calls.
My use-case is to modify user email via the Account Management API, which comes under urn:scim:schemas:core:1.0 schema extension,
I wish to overwrite the existing email with the one I would specify in the requestBody,
From the documentation, I've come up with the following request -
Url endpoint -
https://someCompanyName.facebook.com/scim/v1/Users/ HTTP/1.1
Method type -
POST
Request body-
{
"schemas": [
"urn:scim:schemas:core:1.0",
"urn:scim:schemas:extension:facebook:auth_method:1.0"
],
"userName": "abc",
"name": {
"formatted": "Julius Caesar"
},
"emails": ["abc#gmail.com"],
"urn:scim:schemas:extension:facebook:auth_method:1.0": {
"auth_method": "password"
}
}
Is it correct? What modifications do I need to make to the request?
in order to change the emails of a user you have to do a PUT request to the address https://www.facebook.com/scim/v1/Users/{userId}
and you have to change in your payload the email address:
{
"schemas": [
"urn:scim:schemas:core:1.0",
"urn:scim:schemas:extension:facebook:auth_method:1.0"
],
"userName": "abc",
"name": {
"formatted": "Julius Caesar"
},
"emails": [
{
"primary": true,
"type": "work",
"value": "newemail#gmail.com"
}
],
"urn:scim:schemas:extension:facebook:auth_method:1.0": {
"auth_method": "password"
}
}
Hope it helps
I am not sure what is going wrong with the create user api with roles.
Observations:
When fired without the roles it works fine, the payload is given below
{
"fullName": "unittestuser",
"emailAddress": null,
"enabled": true,
"password": "39HN=K?E",
"roles": null
}
when same endpoint is invoked with the addition of roles then it fails giving the http error code 400 (bad request)
{
"fullName": "unittestuser",
"emailAddress": null,
"enabled": true,
"password": "39HN=K?E",
"roles": [
{ "name": "unittest" },
{ "name": "UsernamePasswordAuthentication" },
{ "name": "Platform_NamedUser" },
{ "name": "Platform_Anyone" },
{ "name": "Platform_Metadata_MetadataInitializeUser" }
]
}
The roles part works when the default roles shipped with JasperReports Server installation are sent.
{
"fullName": "unittestuser3",
"emailAddress": null,
"externallyDefined": false,
"enabled": true,
"password": "39HN=K?E",
"roles": [
{ "name": "ROLE_USER" },
{ "name": "ROLE_ADMINISTRATOR" }
]
}
I have checked the the new roles which I have created are present on the JR Server before the create user is hit, so I am not sure what is going wrong with the newly created roles. I am using REST api v2 for role creation as well as user creation.
I have also tried creation the user first with empty roles and then adding roles the update call still fails with the same error.
Let me know if anyone has a clue.
Fixed...the new 6.0 on wards requires tenantid to be passed with the name of the role.
So instead of:
{ "name": "unittest" }
I passed: { "name": "unittest", "tenantId": "myorg" }
I am trying to read all the posts from my app using the graph path:
/me/home/filter=app_MY_APP_ID.
Among the data returned, some of my actions are grouped together such as:
actions = (
{
link = "https://www.facebook.com/735475141/posts/10153036942300142";
name = Comment;
}
);
application = {
//deleted for app privacy
};
"created_time" = "2013-07-30T14:41:24+0000";
from = {
id = 735475141;
name = "Can Poyrazo\U011flu";
};
id = "735475141_10153036942300142";
privacy = {
value = "";
};
type = link;
"updated_time" = "2013-07-30T14:41:24+0000";
}
When I go to my action (https://www.facebook.com/735475141/posts/10153036942300142) I see 4 photos grouped, with the story title 'X took 4 photos with MY_APP' which is great. But when I try to access that post object from Graph API, I'm getting only one post:
{
"id": "10153036942300142",
"from": {
"name": "Can Poyrazoğlu",
"id": "735475141"
},
"start_time": "2013-07-29T17:46:22+0000",
"end_time": "2013-07-29T17:46:22+0000",
"publish_time": "2013-07-29T17:46:22+0000",
"application": {
//removed for privacy
},
"data": {
"photo": {
"id": "557831850941984",
"url": "https://www.facebook.com/photo.php?fbid=10153036942105142",
"type": //removed for privacy
"title": ""
}
},
//...
}
The 'grouped items' post that I see on the website appears to have reference to only one of the objects in that post at Graph API. How can I access all the actions, if possible, without grouping?
You need to use a different endpoint: /me/<app_namespace>:<action_name>
This will return all actions published by your app for a given action and a given user. For example, using a user access token:
https://graph.facebook.com/me/my_cooking_app:bake?access_token=...