I'm coding an App which export all my MMS pics to multiple Download subfolders and I encounter some permission issues.
My code is extracting all my messages (text + images) and creating a html file with them following this tree :
My Download Folder/My App Name/Contact Name/
And in this folder, all the pics + my html file.
So, the paths to the pictures are dynamic and I can't define all of them in my provider_paths.xml.
What I've done :
Basically, at the end of my pic generating process, I need to grant my new generated image the read permission to further open it in a web page of myself.
The difficulty here is to keep the read permission even if the App is destroyed. I need to see my Web page without my App working on it obviously.
I'm using a FileProvider for this and this is what I've tried so far.
I obviously requested READ_EXTERNAL_STORAGE in my Manifest and made it granted by the user.
My Manifest :
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="#string/file_provider_authority"
android:exported="false"
android:readPermission="true"
android:writePermission="true"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="#xml/provider_paths"/>
</provider>
My provider_paths.xml :
<external-path path="Download/MyApp/" name="Download"/>
The code at the end of the pic generating process :
Uri uriForPic = FileProvider.getUriForFile(MainActivity.this,getString(R.string.file_provider_authority),imagefile);
intent.setDataAndType(uriForPic, "image/jpeg").addFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_GRANT_READ_URI_PERMISSION);
Not working. So I tried this one :
Uri uriForPic = FileProvider.getUriForFile(MainActivity.this,getString(R.string.file_provider_authority),imagefile);
Intent intent = new Intent();
intent.setAction(Intent.ACTION_VIEW);
Context context = MainActivity.this;
List<ResolveInfo> resInfoList = context.getPackageManager().queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY);
for (ResolveInfo resolveInfo : resInfoList) {
String packageName = resolveInfo.activityInfo.packageName;
context.grantUriPermission(packageName, uriForPic, Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);
}
All is doing smooth until I try to open my html pages with my pics in them. Then, I got the java.lang.SecurityException: Permission Denial error. This is weird since I can watch all my pics using the gallery without any exception.
I understand I must manually grant permission to each of my FileProvider generated Uris but these solutions don't work and after a week trying and googling, I'm lost and need your help...
So, two questions. Does my provider_paths.xml grant access to subfolders ? And what is missing in my understanding of permissions ?
Thanks for reading me,
Related
I'm building an app that uses the ms-graph v1.0 API to write data to excelsheets in my OneDrive. It works with excel files that I uploaded to my drive but doesn't work with excel files that've been shared with me.
I know that I can get a list of all shared files with me/drive/sharedWithMe and the file that i want to edit is amongst the files that are being returned.
However, when i try to get one shared drive item using its driveItem property parentReference: driveID like this: /drives/{driveID}/items/{itemID} it returns : 403 - acces denied.
Here are my permissions:
"user.read",
"calendars.read",
"directory.accessasuser.all",
"files.readwrite.all"
I couldn't try the shares path /shares/{shareID} because I don't know how to figure out the shareId. It doesn't seem to be among the properties of the item that is returned by /sharedWithMe. Where can I get it?
Figured it out by myself.
I got the error
"message": "Cannot reference a user's drive from another user's personal site"
so I removed the me/from the route me/drives/{driveID}/items/{itemId} and it worked.
I am looking for assistance to find out how I can download and move a OneDrive file that is accessed through a shared directory, via the shared link method of sharing.
I have two users:
user 'A' who is a Microsoft Consumer and has a regular OneDrive account and will host a csv file 'test.csv' in a folder 'toshare'
and user 'B' who is also a regular Microsoft Consumer who should use the graph API to download test.csv and then move the file to a subdirectory /toshare/archive
Aside: I am currently using the chrome app "advanced REST client" to manually make the REST calls, and am getting Authenticated OAuth BEARER tokens by inspecting network traffic from Microsoft's online "Graph Explorer" tool. After we understand the calls, we'll integrate it into our Java app.
I have succesfully followed the instructions here:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/shares_get
to view the folder contents.
To be more explicit, user 'A' has went into OneDrive and has right clicked the folder 'toshare' and selected shareLink. I have converted the shareLink to a share token and then used the following API call with the Graph API as user 'B':
GET https://graph.microsoft.com/v1.0/shares/<share-token>/root?$expand=children
this shows me all the files in the directory, which includes 'test.csv'
Now, using this information, how can I download test.csv? Assuming user 'B' doesn't know the name of the file, but can identify it by being a .csv file (we can do this in code). There does not appear to be much documentation on how to download the files through a share.
The closest I've gotten was to take the "webUrl" attribute of the children object for my file, and then turn that into a share token and call
GET https://graph.microsoft.com/v1.0/shares/<child-share-token>/root
This will show me the file meta-data. and then I try to download it by roughly following the api documentation to download https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/item_downloadcontent
GET https://graph.microsoft.com/v1.0/shares/<child-share-token>/root/content
This is interesting because this works if I make the call with user 'A' but does not work for user 'B' who instead gets a 403 in advanced REST client. (If I run it in Graph Explorer, I get "The site in the encoded share URI is invalid." instead, which I've discovered with other experimentation, really means there's an authorization issue.)
GET https://graph.microsoft.com/v1.0/shares/<share-token>/root:/test.csv:/content
Also does not work, it returns: "400 Bad Request" with message: "Resource not found for the segment 'root:'." It seems like the path style file navigation does not work for shared directories?
At this point I'm rather stuck. After downloading the file, I also would like to move it into a subdirectory, denoting that it has already been read in. I'd also like to get this working for OneDrive for Business, but that seems to be another set of challenges that I'll leave for another day.
Any insight would be great thanks,
Jeremy
It's best to consider the shares/{id} segments to be similar to drives/{id}, at which point all of the previous documentation around children access is applicable. Given your scenario I'd use the path syntax:
https://graph.microsoft.com/v1.0/shares/<share-token>/root/children/test.csv
This obviously necessitates knowing the file name, but it sounds like you already have an algorithm to do that.
Theoretically your approach for creating a child-share-token would work, but it would now require that User B both provide authentication as well as to have explicit permissions. Since your share-token was a sharing link User B is most likely getting permission by virtue of the fact that they have the URL, in which case generating a new one is probably removing the special token that allows this to work. That's why it's best to always use the original share-token where possible.
Similar rules will apply to move the file. First off, we'll assume that the sharing link provides the ability to "Edit" otherwise none of this will work :). Second, we'll assume that the archive folder already exists (if it doesn't you'd need to create it using a POST to https://graph.microsoft.com/v1.0/shares/<share-token>/root/children that looks like what we've documented here).
To move the file you'd want to PATCH to https://graph.microsoft.com/v1.0/shares/<share-token>/root/children/test.csv and provide a new parentReference as documented here. It's always best to use id values if you have them, but you should also be able to provide the path to the parent in the form of /shares/<share-token>/root/children/archive.
I am trying to programmatically download a image from CQ5.I have made a link which when clicked should download a image.To do this I have made a ajax call to a servlet ,for whenever user clicks on the image,we should get a pop of open and save dialog.
This is the code I have written in servlet to download the image.
**response.setContentType("image/png");
response.setHeader("Content-Disposition", "attachment; filename=icon" + ".png");
URL url = new URL("http://somehost:portnmuber/content/dam/image.jpg");
URLConnection connection = url.openConnection();
InputStream stream = connection.getInputStream();**
I am continuously getting 401 error.
Is there some another way that I can do this.
Thanks,in advance.
Firstly, have a look at the download component in the foundation libs:
/libs/foundation/components/download/download.jsp
Secondly, if you don't have a session open with CQ5, it will by default give you a 401 error. I am assuming you are in a generated container for CQ5, or are you just randomly accessing from another domain?
Note that even for anonymous access, CQ will still establish an anonymous session, and give you a login token. Anonymous is effectively still authenticated, just without the requirement of a username and password.
You are gettin 401 error because anonymous user permissions for the DAM are not set.
At first, you should grant access permissions for 'anonymous' users for node '/content/dam'.
You can do it from the page: "http://somehost:portnuber/useradmin" . Doble click on user 'anonymous' and go to the tab 'permissions' (on the window right). Check read permissions for 'dam' node.
Secondly, go to the system console, components tab (http://somehost:portnmuber/system/console/components) and find org.apache.sling.engine.impl.auth.SlingAuthenticator component. Click to 'configure' button. In the component configuration check 'Allow Anonymous Access' and press 'Save'.
Should work.
CQ5 uses sessions so downloading from a path requires a username/password on the author instance, for example curl -u username:password http://someserver.com:4502/etc/packages/my_packages/package.zip -o localpath/package.zip would download a package based on someone who had permissions to read it. For images you need the image path something like http://someserver.com:4502/content/dam/640x960.jpg to get the image, but you would need to add /jcr:content/renditions/original to get the original e.g. http://someserver.com:4502/content/dam/640x960.jpg/jcr:content/renditions/original. You can also change the image path to get a specific rendition of the image, for example http://someserver.com:4502/content/dam/640x960.jpg/jcr:content/renditions/cq5dam.thumbnail.140.100.png gets a 140x100 version of the image.
I had a similar issue trying to download images from AEM to iOS devices. It turns out AEM (at least the instance I'm hitting) requires a referer header; if absent the request is rejected. The problem did not surface with the simulator, just with real devices. This did the trick:
[request setValue: #"https://www.example.com/" forHTTPHeaderField: #"Referer"];
I created my first bucket, and when trying to access it by typing storage.googleapis.com/mybucket, I get the following in my browser. I am totally ignorant in respect to all things code, and only would like to be able to solve this issue in order to be able to use a WordPress plugin, WP2Cloud, which integrates Google Cloud Storage with WordPress. Here's what's in my browser:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
</Error
Any help will be appreciated!
You can not use storage.googleapis.com/mybucket or mybucket.storage.googleapis.com directly from browser. You need to pass GoogleAccessId,Expires, Signature.
If you want to use from browser you need to use Signed URLs
https://developers.google.com/storage/docs/accesscontrol#Signed-URLs
example of Signed-URLs:
http://mybucket.storage.googleapis.com/testdata.txt?GoogleAccessId=1234567890123#developer.gserviceaccount.com&Expires=1331155464&Signature=BClz9e4UA2MRRDX62TPd8sNpUCxVsqUDG3YGPWvPcwN%2BmWBPqwgUYcOSszCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw%3D
When i try to delete the user like it says in the docs (http://developers.facebook.com/docs/test_users/#deleting) i get the error response :
(#2903) Cannot delete this test account because it is associated with other applications. Use DELETE app_id/accounts/test-users/test_account_id to remove it from other apps first. Use GET test_user_id/ownerapps to get complete list of owner apps.
then when i try to do what it says (replacing <user_id> and <app_id> with a facebook numeric id) :
DELETE <app_id>/accounts/test-users/<user_id> to remove it from other apps first
i get this error :
Unknown path components: /<user_id>
am i missing something ?
As the error said you cannot delete an user because it has been assigned to two or more application.
The workaround for this is to get all the applications which are using this specific user using this call
"https://graph.facebook.com/TEST_ACCOUNT_ID/ownerapps&access_token=YOUR_APP_ACCESS_TOKEN"
This will give you the list of app the test account is attached to prior decoding the object with a JSON serializer. Then you can remove and not delete the test account from each app until only one remains using :
"https://graph.facebook.com/APP_ID/accounts/test-users?uid=TEST_ACCOUNT_ID&access_token=APPLICATION_ACCESS_TOKEN&method=delete"
When only one app remains you can delete the test account using :
"https://graph.facebook.com/TEST_ACCOUNT_ID?method=delete&access_token=TEST_ACCOUNT_ACCESS_TOKEN"
Hope this help!