Why does hyperledger composer acl file not take effect? - hyperledger-composer

EDIT: rest-server gives the option "Specify if you want the generated REST API to be secured: (y/N)", is this to enforce the acl?
I've been trying to setup a simple test using hyperledger-composer node js client. In my config I have the following:
"connection-info" : {
"participantId" : "gk1",
"participantPwd" :"CjysyeLjriRT",
"businessNetworkIdentifier" : "myBizNetwork",
"connectionProfile" : "defaultProfile"}
In my business network definition I have the following:
rule Default {
description: "DENY all participants access to all resources"
participant: "ANY"
operation: ALL
resource: "net.name.myBizNetwork"
action: DENY }
When I call the following code in node js app, I can still see the resources:
this.bizNetworkConnection.getAssetRegistry('net.name.myBizNetwork.TestAsset');
}).then((registry) => {
return registry.find('testAssetId = ' + id);
Obviously I'd like to do more scenarios with access control, but in my understanding this should work.

A good first point of call is to try out your model, acl, and script files in the online playground here https://composer-playground.mybluemix.net/
Note - you are an admin by default, to simulate being a participant you can do so by:
Clicking 'admin' in the top right of the playground
'+ Issue New ID'
Supply a User ID (whatever you like) and participant (will be one you created earlier) and then press 'Create New'
Select Option 2: '+ Add to my Wallet' (This will allow you to then use the identity and you will 'be' that participant
From looking at your code, the resource you deny is "net.name.myBizNetwork".
Following the documentation here https://hyperledger.github.io/composer/reference/acl_language.html I think that to deny access to the resources within your network you will need to add a '*' wildcard (see the Examples section in the link). If that doesn't work it may have something to do with identities.
Another note, from my understanding, you need to secure the API if you want to use identities. However, you also need to create/bind identities to existing participants, and then use those identities to 'be' that participant. See the article here https://hyperledger.github.io/composer/managing/identity-issue.html
By default, you are a Null participant (you can see what participant you currently 'are' by pinging the network)

Related

unable to delete test accounts with stripe sdk

I am writing some integration tests at the moment for my website, I have noticed that I have been creating accounts without deleting them.
I have just been deauthing them with
try {
info('deauthing: ' .$accountID);
OAuth::deauthorize([
'stripe_user_id' => $accountID,
]);
} catch (\Stripe\Error\OAuth\OAuthBase $e) {
exit("Error: " . $e->getMessage());
}
when i try to reuse an email address for a testing account, it tells me that account already exists. But I can't see it anywhere in my dashboard.
I have tried to delete the account at the end of my test run but I get this error
Stripe\Error\Permission : This application is not authorized to delete this account.
the code i am using is this
public function deleteAccount($accountID)
{
$account = \Stripe\Account::retrieve($accountID);
$account->delete();
}
what am I missing?
There is no way to delete a Standard account via the API. As the platform you can create one, but it is then owned by a separate user and you can not control its deletion for security reasons. De-authorizing the account is the closest thing you can do in this situation.
If you're doing this for unit tests, you might want to create Custom accounts instead to avoid the address conflict. Otherwise, use a random suffix like my+12345#email.com

How to access Clockify API through Power Query

I am trying to get my time entries from Clockify API directly via Power Query to Excel. I use the following code in the Power Query:
= Web.Contents("https://api.clockify.me/api/workspaces/ID of my workspace/timeEntries/", [
Query=[ #"filter"="", #"orderBy"=""],
ApiKeyName="APIToken"
])
When I then try to run the code I am prompted to enter the Web API authentification, which delivers an error ("English translation: Authentification does not work. Try again") after I enter my correct Web API code see screenshot here
Does anyone have an idea how to solve this?
There are two things to keep in mind when making calls to REST-based APIs in Power Query/M:
When using the Web.Contents() function, it's best to pass your API key as a parameter within the request header itself. In your case X-Api-Key should equal to {your API key}.
Use anonymous access to connect to the API. Your screenshot suggests you're trying to connect using "Web API". Clear the value in the "Schlüssel" field and use "Anonym" instead.
Here's a simple example where I return the information about a workspace by workspace ID. (I've masked both my workspace ID and API key; replace these values with your workspace ID and API key.)
This works for me in both Excel and Power BI:
let
Source =
Web.Contents(
"https://api.clockify.me/api/workspaces/{your workspace ID}",
[
Headers=[
#"Content-Type"="application/json",
#"X-Api-Key"={your API key}
]
]
),
jsonResponse = Json.Document(Source)
in
jsonResponse
Doesn't it have to be X-Api-Key instead of ApiKeyName?

Analytics Management API - insufficient permissions when patching adwords link

What I am trying to do is to insert new profile id to Webproperty Adwords Link.
There are already some profiles added to this link - lets call them xxxxxx and yyyyyy.
To add a new one I use this method: https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtReference/management/webPropertyAdWordsLinks/patch#request
I create a new profile via API and i have its id - let's say its: zzzzzz
Next i use this method: PATCH https://www.googleapis.com/analytics/v3/management/accounts/accountId/webproperties/webPropertyId/entityAdWordsLinks/webPropertyAdWordsLinkId
with following body:
{ 'profileIds' => ['xxxxxx', 'yyyyyy', 'zzzzzz'] }
And i got an error: "User does not have sufficient permissions for this PROFILE with ID yyyyyy."
It seems like i dont have a permission to access this yyyyyy profile but its already there - i just want to add zzzzzz profile. Am I doing something wrong?

The like-button show my like-count, but it's not visible in the facebook api

If i go to https://developers.facebook.com/docs/plugins/like-button/ and enter https://www.ballantinesbarproject.fr/?name=epicerie and select box-count as layout.
the like-button shows a like count, as expected, since I liked the page. However, if I look in facebook api:
REST:
https://api.facebook.com/method/links.getStats?urls=https://ballantinesbarproject.fr/?name=epicerie&format=json
FQL:
https://graph.facebook.com/fql?q=select%20url,%20like_count%20from%20link_stat%20where%20url=%22https://ballantinesbarproject.fr/?name=charlatan%22
(though one user claims, he can se counts in the fql-api)
It says there is 0 likes. How come?
Following query is the proper FQL Query for retrieving like or comments count for a link
select url, like_count from link_stat where url="https://ballentines.herokuapp.com/?name=charlatan"
I have debugged the above Query with Graph Explorer
Reference : https://developers.facebook.com/tools/explorer/145634995501895/?fql=SELECT%20like_count%20FROM%20link_stat%20WHERE%20url%20%3D%20%27https%3A%2F%2Fballentines.herokuapp.com%2F%3Fname%3Dcharlatan%27
If you check on above link, you would get proper like_count (now 3). Screenshot below
If you check above Screenshot the application selected is "Graph API Explorer" which is the default App while debugging with Graph API explorer.
If you are logged in with your proper Developer Account. the application Dropdown would also have your Application.
So after switching to your Application, click "Get App Token" and then submit the Query.
Now the like_count would come 0 for the same query. See Below Screenshot.
Now click on "Get Access Token", this would ask you to Allow the App if you not already done so. After "Allow App" proper User Access Token would be loaded in "Access token" box and now again Submit your Query. Now the "like_count" would be 3 as expected.
So you would need proper User Access Token to retrieve proper information from "link_stat" FQL table and App access token wont work for it
Hope this helps.
I guess you should use the following FQL:
select url, like_count from link_stat where url="https://ballentines.herokuapp.com/?name=charlatan"
Gives me
{
"data": [
{
"url": "https://ballentines.herokuapp.com/?name=charlatan",
"like_count": 1
}
]
}
as result...
The Open Graph debugger shows that the og:type meta-data is missing. That could be related to the problem. Can you add it?
https://developers.facebook.com/tools/debug/og/object?q=https%3A%2F%2Fwww.ballantinesbarproject.fr%2F%3Fname%3Depicerie

Meteor shortcut to get the profile picture for the currently logged in user, regardless of platform

There are questions about getting the profile image from Twitter, Facebook or Google, but it would be nice if there were a simple and extensible wrapper that returned the profile image regardless of the current user's account service.
I think you would want to set the users profile picture yourself. Because the services do not have a standard way to store profile picture. And the meteor oauth has no required code for each service class to implement.
You could set it on account creation. This would require writing code for each service.
Accounts.onCreateUser(function (options, user) {
if (user.services.google !== undefined) {
user.profile.profile_picture = user.services.google.picture;
}
if (user.services.twitter !== undefined) {
user.twitter.profile_picture = user.services.twitter.profile_url; // sudo param name
}
return user;
})
or on publish.
In the meantime there is an Atmosphere package that returns the user profile picture and works for a lot of auth services:
bengott:avatar
Instead of bengott:avatar (which is now deprecated), use the utilities:avatar package instead
You might also want to look at the accounts-meld package.

Resources