When a folder is shared from an outsider user - to somebody inside my Team,
I need to get the email address of the external user.
If I query for the shared folder information (https://api.dropbox.com/1/shared_folders/826357016)
we get the following info:
{
shared_folder_name: "ExternalDir"
shared_folder_id: "826357016"
access_type: "editor"
shared_link_policy: "all"
groups: [0]
owner: {
display_name: "External User - Full Name"
uid: 6920861
same_team: false
}
path: "/ExternalDir"
}
Info about the external owner includes a display_name and uid.
display_name - is not unique or trustworthy
uid - is useless, as there is no API to query for further information
But, on the Dropbox website - they do give the email address!!
take a look at the popup in this screenshot:
How can I resolve the uid to an email_address like the GUI does?
Related
I used Google People API v1.otherContacts.copyOtherContactToMyContactsGroup (reference) to copy a contact from "Other Contacts" to "myContacts" contact group. I now want to delete the original contact from "Other Contacts" using the same API.
REST Resource v1.otherContacts (reference) does not list a DELETE action.
I tried using v1.people.deleteContact (reference) passing the resource name of my "Other Contact":
import pickle
from googleapiclient.discovery import build
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
people_api = build('people', 'v1', credentials=creds)
people_service = people_api.people()
response = people_service.deleteContact(resourceName='otherContacts/c1971897568350947161').execute()
But I got an error saying:
TypeError: Parameter "resourceName" value "otherContacts/c1971897568350947161" does not match the pattern "^people/[^/]+$"
Looks like v1.people.deleteContact does not work for deleting a contact in "Other Contacts".
How can I programmatically delete a contact from "Other Contacts"?
EDIT: Based on #DaImTo's suggestion below, I tried replacing otherContacts/ in the resource name with people/ and invoking the v1.people.deleteContact API, but I got an error saying:
googleapiclient.errors.HttpError: <HttpError 404 when requesting https://people.googleapis.com/v1/people/c1971897568350947161:deleteContact?alt=json returned " generic::NOT_FOUND: Contact person resources are not found.". Details: "[{'#type': 'type.googleapis.com/google.rpc.BadRequest', 'fieldViolations': [{'field': 'resourceNames[0]', 'description': 'Resource not found.'}]}]">
I advice consulting the documentation for people.deleteContact
Required. The resource name of the contact to delete.
DELETE https://people.googleapis.com/v1/{resourceName=people/*}:deleteContact
That means it should be people/c1971897568350947161 assuming that is the id of the user you want to delete c1971897568350947161.
Looks like Other Contacts are read only, according to this announcement from Google: https://developers.google.com/contacts/v3/announcement
The new People API has the same functionality as the legacy Contacts
API for all features, with the following exceptions for “Other
Contacts”:
Administrators have read-only permissions for “Other Contacts” through
the new scope. As sending mutate/write signals back to “Other
Contacts” is not supported, your users will have to add the Other
Contact as a My Contact if they wish to update its data fields.
EDIT: rest-server gives the option "Specify if you want the generated REST API to be secured: (y/N)", is this to enforce the acl?
I've been trying to setup a simple test using hyperledger-composer node js client. In my config I have the following:
"connection-info" : {
"participantId" : "gk1",
"participantPwd" :"CjysyeLjriRT",
"businessNetworkIdentifier" : "myBizNetwork",
"connectionProfile" : "defaultProfile"}
In my business network definition I have the following:
rule Default {
description: "DENY all participants access to all resources"
participant: "ANY"
operation: ALL
resource: "net.name.myBizNetwork"
action: DENY }
When I call the following code in node js app, I can still see the resources:
this.bizNetworkConnection.getAssetRegistry('net.name.myBizNetwork.TestAsset');
}).then((registry) => {
return registry.find('testAssetId = ' + id);
Obviously I'd like to do more scenarios with access control, but in my understanding this should work.
A good first point of call is to try out your model, acl, and script files in the online playground here https://composer-playground.mybluemix.net/
Note - you are an admin by default, to simulate being a participant you can do so by:
Clicking 'admin' in the top right of the playground
'+ Issue New ID'
Supply a User ID (whatever you like) and participant (will be one you created earlier) and then press 'Create New'
Select Option 2: '+ Add to my Wallet' (This will allow you to then use the identity and you will 'be' that participant
From looking at your code, the resource you deny is "net.name.myBizNetwork".
Following the documentation here https://hyperledger.github.io/composer/reference/acl_language.html I think that to deny access to the resources within your network you will need to add a '*' wildcard (see the Examples section in the link). If that doesn't work it may have something to do with identities.
Another note, from my understanding, you need to secure the API if you want to use identities. However, you also need to create/bind identities to existing participants, and then use those identities to 'be' that participant. See the article here https://hyperledger.github.io/composer/managing/identity-issue.html
By default, you are a Null participant (you can see what participant you currently 'are' by pinging the network)
What I am trying to do is to insert new profile id to Webproperty Adwords Link.
There are already some profiles added to this link - lets call them xxxxxx and yyyyyy.
To add a new one I use this method: https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtReference/management/webPropertyAdWordsLinks/patch#request
I create a new profile via API and i have its id - let's say its: zzzzzz
Next i use this method: PATCH https://www.googleapis.com/analytics/v3/management/accounts/accountId/webproperties/webPropertyId/entityAdWordsLinks/webPropertyAdWordsLinkId
with following body:
{ 'profileIds' => ['xxxxxx', 'yyyyyy', 'zzzzzz'] }
And i got an error: "User does not have sufficient permissions for this PROFILE with ID yyyyyy."
It seems like i dont have a permission to access this yyyyyy profile but its already there - i just want to add zzzzzz profile. Am I doing something wrong?
I'm using Google Apps and I'm trying to add a domain alias to a secondary domain I own.
According to this Google Apps blog article "the [domains] API lets you programmatically add aliases for any domain, primary or secondary, but aliases for secondary domain can only be added via the API."
I tried the API on the APIs explorer (at the bottom of the page) but only managed to add a domain alias to my primary domain and not to my secondary.
Using a POST method I've tried:
{
"domainName": "alias.domain.com",
"domainAliases": [
{
"parentDomainName": "secondary.domain.com",
"verified": true
}
]
}
Any light on the matter would be greatly appreciated.
Regards,
Jo
You need to use the DomainAliases API:
https://developers.google.com/admin-sdk/directory/v1/reference/domainAliases/insert
From there enter:
customer = your immutable ID
domainAliasName = the alias to add
parentDomainName = the secondary domain to which you want to add an alias
That should be it.
I have an application that performs WMI queries on remote hosts. I'm attempting to define the minimal amount of security permissions required for the user used to do the queries.
I've defined a user with minimal permissions. I've found that this user has enough permissions to do the needed queries, but only if the same user is logged in interactively on the remote host.
For example, if I log in to the remote host with the nonadmin user (i.e. open a desktop on the remote host), the query select * from Win32_Environment returns 2 additional entries than if I'm not logged in. The 2 entries are:
instance of Win32_Environment
{
Caption = "COMP-BAF3244E\\nonadmin\\TEMP";
Description = "COMP-BAF3244E\\nonadmin\\TEMP";
Name = "TEMP";
Status = "OK";
SystemVariable = FALSE;
UserName = "COMP-BAF3244E\\nonadmin";
VariableValue = "%USERPROFILE%\\Local Settings\\Temp";
};
and
instance of Win32_Environment
{
Caption = "COMP-BAF3244E\\nonadmin\\TMP";
Description = "COMP-BAF3244E\\nonadmin\\TMP";
Name = "TMP";
Status = "OK";
SystemVariable = FALSE;
UserName = "COMP-BAF3244E\\nonadmin";
VariableValue = "%USERPROFILE%\\Local Settings\\Temp";
};
as seen in MOF representation in the wbemtest tool. The wbemtest connection is to \\remotehost\root\cimv2 as user nonadmin.
How does logging in to the remote host effect the results of the WMI query?
What permissions do I need to add to my user so that the additional information is available even when the remote user is not logged in?
The problem has to do with the user profile not being loaded unless the user has the correct rights.
The user profile not being loaded is also an issue for calling Win32_Process.Create. If the profile is not loaded then this will fail with UNKNOWN FAILURE (8).
Thanks to this blog post for pointing out the cause of the errors!
In order to have the user profile loaded automatically while during remote WMI access, give the user "Backup files and directories" and "Restore files and directories" user rights.
You can find the these rights policies at:
"Run..." --> secpol.msc --> Local Policies --> User Rights Assignment