I am having issues when trying to add group to a team folder using the Dropbox API v2.
I am trying to add group to team folder using the 2/sharing/add_folder_member route
I am sending the request with this body:
{
"shared_folder_id": :team_folder_id,
"members": [
{
"member": {
".tag": "dropbox_id",
"dropbox_id": :group_id
},
"access_level": {
".tag": "editor"
}
}
]
}
, and headers:
Authorization [Bearer :team_member_file_access_token],
Dropbox-API-Select-User [:business_account_owner_team_member_id]
The provided user in the headers is member of the group. Because adding user to a group is async operation, I am waiting until the job is complete before sending request to add group to a team folder.
This API call was working fine before, but since the last week always gives access_error - not_a_member error.
Is there a bug with Dropbox, or is there a new way to preform this action?
It turns out that Dropbox has a change in team member file access.
Changing the header Dropbox-API-Select-User to Dropbox-API-Select-Admin fixed the problem.
https://www.dropbox.com/developers/documentation/http/teams#teams-member-file-access
Related
Requirements: We would like to create a Variable Group (along with some variables) in a given Project.
Option1: We are able to create a new Variable Group successfully
when we create a request via PostMan using PAT Token which has FULL access.
Option2: Our end goal is to invoke the ADO Rest API in the Web App which uses
OAuth. When the end user logs in and make a call (pls see the input
details below) we are getting '401 Un Authorized - The user is not authorized to access this resource.' error. The Web App's application has the Variable Groups manage scope as shown below.
TroubleShooting: As part of troubleshooting, for Option1 which uses PAT (with full access) in Postman, we have updated the permissions of the PAT to just have Create, Read and Manage Var Groups as shown below.
Now, even the Option1 is not working after making the PAT to have Custom Defined access.
Are we missing something?
Postman Details:
URL: https://dev.azure.com/myorgname/_apis/distributedtask/variablegroups?api-version=6.0-preview.2
Verb: Post
Headers: Authorization: Basic
Body:
{
"name": "This is ignored",
"description": "This is ignored",
"type": "Vsts",
"variables": {
"BuildConfiguration": {
"value": "Release"
}
},
"variableGroupProjectReferences": [
{
"name": "VarGroup",
"description": "The variable group to store the information about the variables using in the Pipeline",
"projectReference": {
"id": "#ProjectId#",
"name": "#ProjectName#"
}
}
]
}
I can also reproduce your issue with option 1, not only Read, create, & manage for Variable Groups, even I select all the scopes via Custom defined, it still does not work.
According to this doc - https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/manage-pats-with-policies-for-administrators?view=azure-devops#restrict-creation-of-full-scoped-pats
Some of our public APIs are currently unassociated with a PAT scope, and can therefore only be used with “full-scoped” PATs. Because of this, restricting the creation of full-scoped PATs might block some workflows. We're working to identify and document the affected APIs and eventually associate them with the appropriate scope. For now, these workflows can be unblocked by using the allow list.
I believe this should be the reason for this issue, there may be some additional permissions to create variable groups. For option 2, there may be a similar cause.
So in this case, you may need to use the Full access PAT temporarily, as mentioned in the doc We're working to identify and document the affected APIs and eventually associate them with the appropriate scope.
I want to assign the realm role "TEST_ROLE_123" to a group, I am using
PUT /admin/realms/ataccamaone/groups/{group-id}
{
"realmRoles":["TEST_ROLE_123"]
}
I got group-id from /admin/realms/ataccamaone/groups/
However I get the response 204 No Content and in the Keycloak console I do not see the assignment.
I tried to reproduce your problem and find that PUT /admin/realms/ataccamaone/groups/{group-id} can only edit group name.
Inspect into "Network" tab of browser, I see it uses another URL to map roles to groups. And steps to do this via Admin REST API are:
Obtain PAT as described in https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_protection_whatis_obtain_pat section
Following steps use this PAT as Bearer token (in "Authorization" header). I guess you've already got this.
Call GET http://localhost:8080/auth/admin/realms/realm1/roles to get list of roles, including their name and id values.
Call GET http://localhost:8080/auth/admin/realms/realm1/groups to get list of groups, including their ids
Call POST http://localhost:8080/auth/admin/realms/realm1/groups/{group-id}/role-mappings/realm with following body:
[
{
"id": "9083cac3-4280-497d-b973-7713a5fb12b4", // role-id
"name": "secretary" // role-name
}
]
Call DELETE with URL and body same as step 4 to remove roles from group.
I've faced same issue and corrected it with using a GROUP, Basically I've added the preferred ROLE into the User Groups ROLE LIST and used that specific user group while creating the user via REST API.
Eg:- ADMIN_USER_GROUP -> INCLUDED ('ADMIN_ROLE')
Then User creation API Request should be like below,
{
"firstName": "Sergey",
"lastName": "Kargopolov",
"email": "test4#test.com",
"enabled": "true",
"credentials": [
{
"value": "123"
}
],
"groups": [
"ADMIN_USER_GROUP"
]
}
I'm sending emails using: https://github.com/sendgrid/sendgrid-nodejs/tree/master/packages/mail
I have not been able to find out HOW I can add the Unsubscribe equivalent. This is documented in here: https://sendgrid.com/docs/Classroom/Basics/Marketing_Campaigns/unsubscribe_groups.html#-Using-a-Custom-Unsubscribe-Link
On the website, you just use a shortcode [Unsubscribe], this does not work when sending emails via the sendgrid/mail package.
One tip that would have saved me an hour or two is that:
It's possible to send the following in the api json along with other stuff:
"asm":{
"group_id":123,
"groups_to_display": [123],
}
then the following variables become available to use within the template:
<%asm_group_unsubscribe_raw_url%>
<%asm_preferences_raw_url%>
If you want to keep things simple don't include the following variable as it fiddles with too many things (this wasn't obvious from the documentation so obviously I did so and wasted time :( ):
"tracking_settings": {
"subscription_tracking": {
"enable": true,
"substitution_tag": "[unsubscribe_url]"
}
}
Just use them in their raw format and you shall be fine.
Since you're sending using code, it's a "transactional" type of message. You'll want to either turn on the Subscription Tracking filter at the account level (via [UI](subscription tracking setting) or API), or turn it on as you send the message, as part of the mail/send API call, under tracking_settings.
It's important to note that you can't mix those. If you define anything in the mail/send API call, you'll need to define everything for Subscription Tracking in that call. SendGrid won't look at some settings at the mail level, and some at the account level.
Most users will just set it at the account level. There, you can customize the HTML & Text of the Unsubscribe footer, customize the HTML of the landing page, or redirect landing to a URL of your choosing, which will send the recipient there with ?email=test#domain.com in the URL string for your system to catch. You can also define the "replacement tag" like [%unsubscribe%], so that you can place the URL wherever you want within your HTML.
https://app.sendgrid.com/ > Suppressions > Unsubscribe Groups > Create New Group
Note down group_id/ids. e.g 123 (Only number !Not string)
Send email using node.js
const sgMail = require('#sendgrid/mail');
sgMail.setApiKey(SENDGRID_API_KEY);
const tags = { invitedBy : Alex }
const msg = {
to: email,
from: { "email": SENDER_EMAIL,
"name": SENDER_NAME
},
templateId: TEMPLATE_ID,
dynamic_template_data: {
Sender_Name: name,
...tags
},
asm: {
group_id: 123,
groups_to_display: [
123
],
},
};
await sgMail.send(msg);
The best approach is to use Group Unsubscribes.
First create a group in Sendgrid:
Groups > Unsubscribe Groups > Create a group
Next, insert a module into the Sendgrid template that creates specific tags in your email, which are populated when you make an API request
Go to your template
Insert an unsubscribe module in an HTML block
Save
Finally make an API request and specify the group created in step 1:
"asm":{
"group_id":544,
"groups_to_display": [544, 788],
}
These will be inserted into the module mentioned in step 2 when the email is sent.
Unfortunately Sendgrid unsubscribe links are not as straightforward as they could be. They are explained in more detail here
The easiest way is to do this via the SendGrid GUI.
Go to Settings -> Tracking -> Subscription Tracking
For creating a group, a user and assigning the user to that group, I referred this link Add permission profile through API.
Using REST APIs I am able to do that but permission for user is not getting set.
When I check in DocuSign, group is having correct permission set but same is not set for a user. Please let me know if I am missing anything.
Additional Information: This is the request I am sending
{
"newUsers":[{
"email":"'.$email.'",
"userName":"'.$userName.'",
"password":"'.$password.'",
"groupList": [{
"groupId": "'.$groupId.'",
"groupName": "'.$groupName.'",
"permissionProfileId": "'.$permissionId.'"
}]
}]
}
Also, when a user is added to a group, permissions set at group level will be applied to the users. Is there something missing?
When you create a permission profile you use this endpoint:
POST {vx}/accounts/{accountid}/permission_profiles
the response body for that endpoint should contain this info ( I omitted some details from the response)
{
"permissionProfileId": "sample string 1",
"permissionProfileName": "sample string 2",
...
}
Once you have the permissionProfileId and permissionProfileName you should be able to assign that permission profile to a user using this endpoint:
PUT {vx}/accounts/{accountid}/users/{userid}
and using the permissionProfileId and permissionProfileName in your request (I used dummy values here):
{
"permissionProfileId": "12345",
"permissionProfileName": "SomeName"
}
I hope that helps!
-Yadriel
I have tried to update the value of the OData__ModerationStatus column AKA "Approval Status" 3 different ways but only one works. Using VS 2013 the WorkFlow update Item activity from the toolbox and you can see that it's missing X-RequestDigest in the header and does not allow an update to the approval status and results in a security validation error. I believe the error is related to the missing header. Here is the code from the UpdateListItem.
RequestHeaders = (InArgument<DynamicValue>) ((Activity<DynamicValue>) new SetDynamicValueProperties()
{
Properties = {
{
"If-Match",
(InArgument) new InArgument<string>("*")
},
{
"X-HTTP-Method",
(InArgument) new InArgument<string>("MERGE")
},
{
"Accept",
(InArgument) new InArgument<string>("application/json;odata=verbose")
},
{
"Content-Type",
(InArgument) new InArgument<string>("application/json;odata=verbose")
}
}
}),
RequestContent = (InArgument) listItemProperties,
So I used 2 SendHttp activities, one to get the X-RequestDigest using a POST with the url siteurl/_api/contextinfo the second POST using the following headers & Body.
HEADER:
X-RequestDigest:[FormDigestValue from the previous POST]
Accept: application/json; odata=verbose
Content-Type: application/json; odata=verbose
IF-MATCH: *
X-HTTP-Method: MERGE
BODY: [I have tried the following 3]
String.Format("{ '__metadata': { 'type': '" + type + "' },'OData__ModerationStatus':'0' }")
{ '__metadata': { 'type': 'SP.Data.Shared_x0020_DocumentsItem' },
'OData__ModerationStatus':'0' }
Used a BuildDynamicValue activity to set the RequestContent.
All three come error with Microsoft.SharePoint.SPException: Invalid text value. A text field contains invalid data. If I use any other field it works, If i use Fiddler or Advanced Rest Client it updates the value.
Can someone help me understand or explain why it works via REST calls but I can't use VS and the UpdateItem/HTTPSend to set the value.
I have included a image with a successful workflow that updates the Title
We were able to get the scenario working.
After further investigations we could see that the workflow does not have Approve permissions.
We could see this by capturing the REST calls in fiddler for the workflow
{"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."},"innererror":{"message":"0x80070005owssvr.dll: (unresolved symbol, module offset=0000000000015BC3) at 0x000007F988885BC3\nMicrosoft.SharePoint.Library.ni.dll
The VS 2013 SP 2013 workflows are really like provider hosted apps and have a default permission which does not include approve items.
Perform the below steps to fix this
• Go to Site Settings Site App Permissions
Find the App Workflow as copy the first guid as shown below
• Go to http:///_layouts/15/appInv.aspx.
Enter the Guid copied in previous step in the App ID and click on Lookup.
This will populate the Title, App Domain and Redirect URL columns.
Copy the below in Permission Request XML (do NOT change the scope)
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" /></AppPermissionRequests>
• Tested the workflow again and it started working.