I have a pretty robust android application which does a lot of disc access in various activities and services and has no single point of access. Which was fine pre-marshmallow.
Asking the permissions the first time and handling when the permissions being declined is fine but what if the user revokes the permissions after granting them. Now I am in a situation where I have 1000's of lines of code which needs to do a permission check in multiple places. So what is the best course of action
1) Multiple if checks sound too laborious.
2) Blanket Try Catch
Is there a better way to handle it?
You have to check permission each and every time whenever you use. For your simplicity you can use PermissionAcceptor-master library.
Almost all permission is included in this library.
You have to add few lines of code using PermissionAcceptor-master library like
new PermissionRequest(MainActivity.this,
Permission.PERMISSION_CAMERA,
PermissionCode.CODE_PERMISSION_CAMERA,
R.string.permission_camera_rationale,
R.string.permission_camera_denied,
R.string.permission_enable_message, this)
.checkPermission();
For more information, visit PermissionAcceptor-master.
I had similar issue with my application, on multiple activities accessing an API which requires write storage permission. I end up having a BaseActivity class which checks for permission when activity resume and if permission is not granted it navigates the user to the initial activity. The Initial activity will never let the customer to other activities if permission is not granted.
If the user revokes a permission after giving it, it's done via Settings, in which case your app is closed and restarted anyway. BaseActivity may indeed help to handle onRequestPermissionsResult
Related
I found a previous question very similar to mine, however the other developper needed to write to Firebase and I don’t, hence this near duplicate question:
I have a very simple database with about 150 documents and the users don’t need to authenticate to use my app. Authentication just don’t make sense for what the app does and users only read the database, they don’t write.
My current rules are read allow only which of course triggers the Firebase rule warning daily.
1) Is there a way to set rules similar to “only requests coming from my app can access it”. Given that the app is linked to firebase one would think it’s possible?
2) If I must use authentification, is there a way that I can do this behind the scenes so that the user is unaware of that? Maybe by using a UUID to identify a user and no password or something like that. I want to avoid showing a log in screen at all cost. Think of it as asking to log in to check gas prices...
** This is an iOS app
No, it's not possible.
You can use anonymous authentication to create a user account without requiring a sign-in.
I'm currently trying to use Microsoft Graph to send a Microsoft Teams Chat message to a specific employee.
The idea behind that is that I want to be able to send chat messages using PowerShell, but for now, I'd be happy to get it done in Microsoft Graph first and build a PowerShell script afterward.
Important: I don't want to post a message to a Channel, only in a 1:1 chat.
What I've tried:
I'm able to get the current chats for my own user by using:
https://graph.microsoft.com/beta/users/{myid}/chats
If, however, I try that with a different user's id, I get a 401 (permission denied) error. I can't even see their current chats even though I have all available permissions.
In the error message, it says the following:
"User Id must match the API caller when called in delegated mode"
... but I don't want to use delegated mode since that'd mean I'm executing the commands as if I would be that user, and therefore couldn't create the chat message which I want in the first place.
It might sound rather confusing, so I hope you get what I mean.
To my knowledge, there's no way to send a message directly to the user without some kind of context. The problem becomes, for instance, where would the message appear, and who would it be from?
If you could deal with it being inside a Channel instead, then PowerShell is fine as you can set up a webhook to do this. I've done the same, from PS -> Teams a few years ago, so I assume it should still work. This article should help.
Alternatively, if you really want a "1-1" conversation, so to speak, you need to create and register a Bot, so that the message comes "from someone" to the user. This concept is called Pro-active Messaging and I've posted more about it here. However, coming purely from PowerShell it's going to be a LOT of work:
Create a Bot in Azure to get the App ID and Password. Technically this would be a non-existent Bot as there's no implementation, which means if the user were to reply it would go nowhere. This might be ok? You could possibly try build an Azure Function Bot in PowerShell, but not something I've done myself so can't advise (I've only used C# for Bots thus far)
Create a Conversation ID, and save it for later - again, a bunch of work.
Convert the code (e.g. from my post above) into PowerShell, referencing the relevant NuGet packages.
So, I'd recommend trying to find an approach using a Teams Channel rather, and messaging the user there, if you can manage that in your use case?
Unless all of this is irrelevant if you're trying to send on behalf of another user?
The term "Delegated" in this context refers to the type of permissions claims included in the OAuth token. There are two types; Application and Delegated.
There are two key rules when it comes to Application vs. Delegated scopes:
A single token may only contain a single type of scope. In other words, the token itself is either an Application or Delegated token, never a combination of the two.
The type of scopes applied to a Token is determined by the OAuth Grant you used to obtain it:
Authorization Code: Delegated
Implicit: Delegated
Client Credentials: Application
With regard to the List Chats (/chats) endpoint, only Delegated permissions are supported:
Delegated (work or school account): Chat.Read, Chat.ReadWrite
Delegated (personal Microsoft account): Not supported.
Application: Not supported.
There is a general rule of thumb when it comes to permissions in Microsoft Graph (I use 'general' here since there are a couple of exceptions in older endpoints): Delegated scopes that only apply to the current user end in Read or ReadWrite while those that apply to any user end in .All.
Since these two scopes (Chat.Read and Chat.ReadWrite) do not end in .All, and only Delegated scopes are supported, this tells you that the only Chats you are able to access are those owned by the currently authenticated User. In other words, you cannot read another User's chat messages via the API.
If you think about it, this makes a lot of sense. If you didn't have an authenticated User, who would the Chat message you sent be "from"? A chat message requires both a Sender and a Recipient.
For your scenario, there are a couple of possible workarounds from a Teams ChatBot to simply setting up a new User that you authenticate as and send messages to other Users from.
I don't see an easy way to grant permissions to another user. It seems to be quite convoluted at the moment, and I wonder if I'm missing something obvious.
Say I want to invite another user to share a Realm. First I would have to ask the other user for their identification, then I would create the permission object, and then finally I would give the other user the address of my realm.
It would be great if I could share some sort of permission token via text message and let the new user register themselves. I suppose I could do that if I created another "User" which represented the shared group, and merely share this abstract user's credentials. It feels a bit hacky that way, but it seems easier to do.
I was hoping the demo application of the shared drawing environment would hold a clue, but after looking at the source code, it turns out both devices are logged in as the same user.
Am I missing something? Given the demo Draw application, how would one user practically invite a second user to join in their shared drawing environment? It seems like there would have to be a whole set of convoluted permissions and url/identification sharing handshakes.
Thanks for asking the question! Today, you will need to create a shared Realm that all users would input their user IDs into and have access to. This way any user can look up an ID and share access to another Realm.
We realize the limitations and are working on offering a number of improvements. The first is pretty close to what you describe, called a PermissionOffer object where you can inform the Realm Object Server you want to grant access to another user for a given Realm(s). The server will then provide a token you can share via any means with the other user. That user can then use the token to create a PermissionOfferResponse object and accept the access grant. This is coming soon, so stay tuned!
Later, we plan to offer a way to lookup user IDs so you don't have to replicate all of them in a shared Realm (see this issue).
I use the Dropbox Datastore in an app that uses both the iOS and JavaScript SDKs. Aside from the 10MB datastore limit, it works pretty well.
But nearly every support request I get makes me wish I could have access to the user's data for debugging. Being able to see exactly what the user sees helps me to find and fix bugs very quickly.
Is there any way for me to access a user's data without logging into their account? Can I maybe store their access token and gain access to just their Dropbox Datastore data?
This is one of the attractive things about Parse: you can see all user data. While there is a lot of wisdom in sharding user data across Dropbox user accounts, it makes app debugging crazy-hard.
Any ideas? What do you do to get around this?
Dropbox datastores, like files, are considered the user's private data, and as such there isn't a way for an arbitrary party to gain access to said data without some sort of authorization (e.g., access to the account, having the data explicitly shared with them, etc.) Likewise, even the developer of an API app that a user happens to be using doesn't automatically get access to the data.
That said, if, as the developer of the app, you want to troubleshoot using your user's data, the most straightforward method would probably be to get an access token for that app/user pair from the user. That would replicate their setup most accurately. (Unfortunately, the Sync/Datastore SDK doesn't make it easy to extract/insert arbitrary access tokens like that though. So, in that case, this would be a bit of work to build some flow to get an access token, e.g., a small web app, and then some work to read data directly from the API.)
Alternatively, you may want to make it possible for the user to share the datastore with your own account.
In any case, it's very important that the user not be misled or confused as to what is happening or what the developer is requesting. That means being clear with user with regards to what the developer is requesting and what will be done with the data. In addition, apps should provide privacy policies in general.
I'm making a application for facebook that will be used for academic research. Right now when the user goes to install the application I'll request additional information which is stated in the extended permissions.
I would perfectly understand someone not wanting to give out certain aspects of this information (It's just used to gather statistics about people taking part , education, religion etc.)
Does anyone know the best way to filter the permissions? For instance maybe someone is willing to give their age but not education. Therefore can I remove the education request from my application install request dynamically?
If you want to ask the user for only those permissions that he wants to give, you can take input from him before redirecting to Facebook login. You can generate the url for requesting permissions based on this custom set of permissions using the 'perms' attribute of the <fb:loginbutton /> tag or pass the list of permissions you want to the $facebook->getLoginUrl(array('req_perms' => $perms)) call.
To keep track of permission changes, you can use the realtime updates offered. You can know more about it here.
You certainly could build an up-front permissions matrix that the user could cherry-pick from. And that would probably be the way to do it, since you can't do anything to customize the permission challenge that the Facebook Platform generates.
The trick would be keeping track of which permissions the user granted in the given access token you'll receive from back from the Platform. Especially since users can change the permissions granted to your application w/o visiting the application itself - so you'll want to be hooked in to that info via the Real Time Updates.