I'm unable to access the education/users endpoint but I am able to access other endpoints (education/classes, education/schools).
Whenever I try to get a list of all users, I get the following error:
{
"error": {
"code": "AccessDenied",
"message": "Required claim values are not provided.",
"innerError": {
"request-id": "58c42204-440a-482c-b1e9-4c65bb413ed1",
"date": "2018-03-21T20:23:24"
}
}
}
When I try to make the call using the Graph Explorer, I'm given the following notice:
Failure - Status Code - Looks like you may not have the permissions for this call. Please modify your permissions.
Unfortunately, I get the same error after modifying my permissions.
If anyone has any idea why this might be happening, I would be very grateful for the help.
For app+user (delegate) permissions, the only supported scope for the /education/users collection on MSGraph is EduRoster.ReadBasic.
This supports getting an individual user's information, or information on lists of users within classes of which you are a member, but does NOT support browsing the entire set of users in a tenant, as it is deliberately a restricted scope.
If you need more than this, you would need to use app-only permissions, and sync the users into your own data store with EduRoster.Read.All, which would allow you to get all of the users.
Related
I am using the mediawiki api to upload a file. I am sending a mutlipart POST request to
https://commons.wikimedia.org/w/api.php?format=json&action=upload&filename=xxx
In the header I include my Autherzation: Bearer accessToken123 and in the body I include my CSRF token, as well as my multipart file, all as per documentation.
However, the response I get from the server is the following:
{
"error": {
"code": "permissiondenied",
"info": "The action you have requested is limited to users in one of the groups: *, [[Commons:Users|Users]].",
"*": "See https://commons.wikimedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."
},
"servedby": "mw1448"
}
This would be quite self-explainatory by itself, however when I check my rights/groups with
https://commons.wikimedia.org/w/rest.php/oauth2/resource/profile
I get the following:
{"sub":xxxx,"username":"xxxxx","editcount":7,"confirmed_email":true,"blocked":false,"registered":"xxxx",
"groups":["*","user","autoconfirmed"],
"rights":["read","writeapi","viewmyprivateinfo","abusefilter-view","abusefilter-log","upload","upload_by_url","reupload-own","purge","reupload","autoconfirmed","editsemiprotected","skipcaptcha","abusefilter-log-detail","transcode-reset"],
"grants":["basic","uploadfile","uploadeditmovefile","privateinfo"],"realname":"","email":"xxxx"}
As you can see I am both a part of the required groups and also have the neccessairy upload right. The error message is quite clear, so I don't know what I am missing. It is not the CSRF token or access token, supplying these wrong results in a different error message. Any help is appreciated.
Well I finally figured it out: When requesting the app keys from mediawiki, you can select rights which the app has on behalf of the users. If you want to upload pictures to wikimedia commons, you do not only need the `
Interact with media: Upload new files; Upload, replace, and move
files
right, but also the
Create, edit, and move pages
right, since you are creating a new page with each upload. I hope this helps someone else in the future :`)
I'm trying to use Google's APIs Explorer to run a method (drive.permissions.create) in which I grant a user access to an entire Google Shared Drive (not specifically a file or folder).
After executing the command, I get the following error:
An error occurred. See the response for details.
Request
POST https://www.googleapis.com/drive/v3/files/0AKppN1yZFzBbUk9PVA/permissions?emailMessage=Test&key={YOUR_API_KEY}
{
"role": "organizer",
"type": "user",
"emailAddress": "test#test.com"
}
Response
{
"error":{
"errors":[
{
"domain":"global",
"reason":"notFound",
"message":"File not found: 0AKppN1yZFzBbUk9PVA.",
"locationType":"parameter",
"location":"fileId"
}
],
"code":404,
"message":"File not found: 0AKppN1yZFzBbUk9PVA."
}
}
I acquired value, 0AKppN1yZFzBbUk9PVA, from another command I thought would give me the ID of the Shared Drive I'm trying to share(drive.drives.list). However, this value is incorrect. Where or how can I find the ID of the Shared Drive I'm trying to give access to?
Also, if I'm missing another value to input other than a correct Id for the command to be successful, please let me know. There is still so much I don't know about how Google Drive's API works (or APIs for that matter).
Thanks in advance!
For Shared Drives you need to set supportsAllDrives to true.
Assume I know the extension names I am looking for I could get a users extensions like so:
GET https://graph.microsoft.com/v1.0/users/{{OBJECT_ID}}?$select=extension_{{APP_ID_WITHOUT_GUIDS}}_SomeId,extension_{{APP_ID_WITHOUT_GUIDS}}_SomeValue
Or I could get the attributes from his member groups like so:
GET https://graph.microsoft.com/v1.0/users/{{OBJECT_ID}}/memberOf?$select=extension_{{APP_ID_WITHOUT_GUIDS}}_SomeId,extension_{{APP_ID_WITHOUT_GUIDS}}_SomeValue
However, what If I wanted to see all extension the token had paticular access to. $select=extension_* does not work I get the following:
{
"error": {
"code": "BadRequest",
"message": "Term 'extension_*' is not valid in a $select or $expand expression.",
"innerError": {
"request-id": "3b4e14d6-3bbc-429b-8c45-b0fea629f4a6",
"date": "2018-04-06T13:35:40"
}
}
}
Is there syntax to make this possible?
No, this isn't possible with Microsoft Graph (using v1 Directory Schema Extensions). With Azure AD Graph API there is a function - getAvailableExtensionProperties - that should return all the available v1 directory schema extensions available in the tenant; this doesn't exist in Microsoft Graph. If you use Microsoft Graph schema extensions, you can query /schemaExtensions to find all public schema extension definitions available for use in any tenant (although your app also needs to have been granted access to the underlying extended object - like user).
Hope this helps,
I have two projects linked to one clientID. Project "A" is in sandbox, the "B" one is confirmed. I was calling feed with this type of URL
https://api.instagram.com/v1/users/[userID]/media/recent/?client_id=[clientID]&count=20&access_token=[mySecretToken]
The problem is, that with this type of URL I can retrieve data only for project A. For confirmed project B I always get an error
{"meta": {"error_type": "APINotFoundError", "code": 400, "error_message": "this user does not exist"}}
I'm following the documentation ( https://www.instagram.com/developer/endpoints/users/#get_users_media_recent ) but this absolutely doesn't work outside the sandbox!
In another part of documentation I have found this:
For example, if you query the /users/{user-id}/ endpoint and the {user-id} is a sandbox user, then you will get the normal API response; but if the {user-id} is not a sandbox user, you will get a APINotFound error.
That's really useful information, but I really can' find a way, how can I retrieve data from confirmed (live, reviewed) project.
Can plz anyone help how can I do it?
I'm attempting assign a test user access to a device using the SoftLayer API. (Any referenced functions below are provided by the "SoftLayer_User_Customer" service)
When calling "addBulkVirtualGuestAccess" & "removeBulkVirtualGuestAccess" I am returned true in both cases.
When using "getAllowedVirtualGuestIds" I am returned an empty array, before and after execution of either the previously referenced functions. The test user does not contain any server access initially, so this is expected, however it is not expected after executing the "addBulkVirtualGuestAccess" call.
According to the documentation, true should only be returned in the case that this user already has access to that device, or for the removal function, when the user cannot use that device. There is a possibility perhaps the JSON body I am providing is not appropriate, if this is the case, please let me know.
Equivalent curl command:
echo '{"parameters":[[X,Y]]}' | curl -X POST -u $USERNAME:$KEY --data #- https://api.softlayer.com/rest/v3/SoftLayer_User_Customer/Z/addBulkVirtualGuestAccess.json
Where X & Y are device integer ID values and Z is the SoftLayer users ID of which the user is to be added to.
Any assistance would be appreciated.
=========================================================================
UPDATE
It appears I cannot create a comment to meet my reply length requirements, so I shall edit my answer instead.
Thanks for your reply, mcruz.
Your suggestion seemed to work, it appears that a user requires the permission "VIRTUAL_GUEST_VIEW" to be added a device via the addBulkVirtualGuestAccess function.
However it should be noted that similar methods of the same service User_Customer, have unexpected behaviours:
addBulkVirtualGuestAccess
Returns true when no device has been added to due users permissions. This is misleading and I would expect a user permission exception to be returned.
addVirtualGuestAccess
Can be used to add VMs individually to a user without the "VIRTUAL_GUEST_VIEW" permission. getAllowedVirtualGuestIds Will return no ID's when this is done, however getVirtualGuests will return the full image JSON data of the VM's added individually, the IDs can be extrapolated from there.
I've spent quite a bit of time debugging the above, I'm glad its finally resolved.
To aid future users of this service:
Can some of the unexpected behaviour outlined aboved of the
addVirtualGuestAccess method can be explained?
Can the addBulkVirtualGuestAccess method be updated to return an
exception if the user truely hasn't been added a device due to a
user permissions issue?
The SoftLayer API reference page makes no reference to the users
required permissions to apply a certain device, perhaps this should
be updated to display this?
Regards,
Paul Connolly
Please, verify if the user that you want to add the server access has the following ”permissions”: ”View Virtual Server Details”
To add this permission, please execute:
https://[username]:[apikey]#api.softlayer.com/rest/v3/SoftLayer_User_Customer/[user_id]/addPortalPermission
Method: POST
{
"parameters": [
{
"keyName": "VIRTUAL_GUEST_VIEW"
}
]
}
To get all available permissions, please review: SoftLayer_User_Customer_CustomerPermission_Permission::getAllObjects
Now, after reviewing the above permission available, please execute:
https://[username]:[apikey]#api.softlayer.com/rest/v3/SoftLayer_User_Customer/[user_id]/addBulkVirtualGuestAccess
Method: POST
Json Payload:
{
"parameters": [
[
18131945,
17071523
]
]
}
You can see the devices will be displayed when executing:
https://[username]:[apikey]#api.softlayer.com/rest/v3/SoftLayer_User_Customer/[user_id]/getAllowedVirtualGuestIds