When retrieving comments made on a Box file, the comments may have been made by a user other than the current user.
The comment object contains the user name and id, but not the avatarUrl.
Making a call to users/me works for the current user.
I tried users/userId for another user (the one who made the comment), and it does not seem to work.
Is there another entry point to do this ?
Nope - you can only access the authenticated user's information.
If they opened the API call to any user, then a malicious attacker could download all of box's user information. I realize this is not your intent - this is just Box trying to protect itself.
Related
The setup
I have a Power Apps Portal with the following pages:
Prequalification page. This has an entity form embedded inside it. The entity form is linked to the custom entity SupplierPrequal. When the user fills in and submits that form, they are redirected to the next page.
Submission List page. This has a List embedded inside it. The list should show each of the logged-in user's form submissions.
Submission Edit page. This has an entity form embedded inside it. The entity form is linked to the same custom entity SupplierPrequal and lets them attach files to a previous submission.
The problem I am facing
On the Submission List page, it shows submissions of users other than the logged in user. Here is a screenshot. You can see that the metadata for fields like [Created By] does not identify the user who submitted the form.
I was able to autopopulate the field [00_lkp_UserSubmittingForm] with the logged in username. Unfortunately this is not a unique identifier, and is also editable by the user.
I see these potential solutions, and would appreciate your advice
Change the metadata so that instead of recording the field [Created By] as "SYSTEM", it will record the logged-in user's unique identifier. Then change the view's filtering conditions, so [Created By] equals the current user.
Change the metadata so that a new field such as [00_lkp_UserSubmittingForm] will be autopopulated with the logged-in user's unique identifier. Then change the view's filtering conditions, so that new field equals the current user.
I suspect that both these approaches will require a lookup of the [External Identity] entity's field [Username]. They will probably involve configuring the entity form's tabs "Entity Reference" and "Entity Form Metadata" in Portal Management.
What I've researched
This link describes a similar problem, although the solution is for a CRM Portal, not a Power Apps Portal.
This link addresses the issue for a Canvas App, not a Portal App
This link apparently got it working, although I am still trying to understand what I need to configure.
If I understand your problem statement you wish to filter out Entity List, in your case Submission List page based on your logged in user.
As you might now, every user in Portals is a Contact record in CRM.
If I see your createdby, modifiedby and owner fields, I believe you have some background logic which runs under System (user) and does the required.
You have 2 way to solve your issue:
Either change your background logic to run under the context of running user. This will createdby, modifiedby and owner as running user and not System.
or you create a lookup field 00_lkp_UserSubmittingForm I say lookup and not plain text field. This lookup field will have relationship with contact. So you can autofill this field (lookup) with contact as user. In this way you get unique value in your 00_lkp_UserSubmittingForm field. Because it has unique guid for each user (in turn a contact)
Now with above any method what you get is current user (unique).
Then you can follow any of the below article to solve your issue.
List item
In Entity List itself, there is one option to add Filter Condition. Please check below:
Article Ref
Or follow this article
There's an interesting problem I'm facing as an educator. I want to collect user names in a form, but when I do that, it automatically enables students to email themselves a copy of their response.
I believe there's a way to somehow poll who's responded. When you enable the "one response per user" option, it doesn't require a stored user name. I know the information is out there somewhere - I just don't know how to get to it.
Any help would be greatly appreciated!
EDIT: I neglected to be specific about the coding aspect - apologies. I'm generating the form programmatically, and wanted to know if the information is stored somewhere in the response when the one-response-per-person option is enabled. After more digging, it appears that the easiest way to deal with this is to use an extension to handle disabling the email option.
Thanks for all your help!
you cant get the user email unless you enable that option like you mentioned. yes google might internally know who you are if you were already logged-in but its not perfect because using chrome incognito mode for example would not detect the email.
one way I can think is to:
1) with apps script generate an array of all student emails and a random password. dump to a private spreadsheet and use as your database for the next script.
2) in your forms, ask first as a form question the custom username and password.
3) on another script you can generate form urls with prefilled usernames and passwords and email each student their own custom form url.
when the student opens the form to respond, the username and password would be prefilled already.
not perfect but a malicious user would need to hack the email and if they can hack their email then they could also impersonate the user logged-in.
I'm following the Quick Start Guide, as I've just received my credentials. I went through the coblogin and user (consumer) creation successfully. For test purposes, I was able to search and list sites and infos.
When I try to invoke addSiteAccount1 using the user session token for the consumer that I create, I get an HTTP 200 response and no apparent error, no exceptions or messages. The JSON response is basically the same as the one listed in the API documentation page, however there's no ID I can use to list transactions. I'm using a real login/password account information on Chase (site ID 643).
By the way, if I use random strings for credentialFields[0].value (username) and credentialFields[1].value (password), I get the same JSON response.
Please help me clarify what is not working here.
addSiteAccount1 API will give you a response which should contain "siteAccountId" field this is the identifier for that particular user's Chase bank site.
This siteAccountId will have itemIDs which resembles different 'container'(in Yodlee terminology) like, all saving and checking accounts comes under bank container,while credit card comes under credit's container similarly loan and mortgages are other containers.
Now even under a specific container you might have multiple accounts for e.g., Chase Bank container you might have 1 saving's account and 1 checking account, for each there will be an itemAccountId available. This uniquely identifies that specific account and you can pass this itemAccountId (which you can get from getItemSummariesForSite API) in executeUserSearchRequest API to get the transactions belongs to this specific account.
For further help here is the link for the API flow which will give you an idea about how and when to use different APIs.
OK, I think I got it working, but maybe some documentation clarification is needed. Provided that all mandatory parameters in the addSiteAccount1 are present and contain no errors, the method call will be successful for a given consumer.
I then visited the getAllSiteAccounts method, which would show me all account aggregation for that user/consumer. I was able to see all accounts added, some had a message like "REFRESH_COMPLETE" and others would have "AUTH_FAILED". It seems that once one adds an account, the Yodlee robots will try to login and then synchronize the data for a given account. Makes sense?
I was only able to verify if the bank credentials were OK by calling another method.
With a Google Apps for Education domain, we can create forms that allows users to edit their response.
This sends a link to the submitter with the url that they can use to edit their response. Essentially this is the url of the form with a unique key at the end.
At the time of submission, I would like to be able to collect this key and store it with the form data for each user.
We are creating an Alumni website (where all users will be authenticated to our domain), and we'd like to have an update my profile page. This would be blank the first time the user submits. But then when they come back, I'd like a script to search the username against submitted entries, and if the user is found, direct them to the link that allows them to update their profile.
At the time of first submission, Google automatically sends the url to the user. However, t is unlikely that years later, they will stil have this email, so if we could provide the link for them, it would be far easier for the user.
I have similar problem. One way to solve, is to implement a Gmail plugin(if all users are gmail users). The plugin can parse the message (extractor), and get the key/or the whole URL. But you need to saveit on some database, in order to have acccess later.
If we got some way to list form keys, it should be much better!
How can i disable or delete an user in mediawiki?
I can delete the records from the db but i am not sure if this would affect anything else in the wiki.
Any suggestions would be welcome
Thanks
Prady
1. This solutions is available out of the box for MediaWiki 1.16+
The user and all the contributed content will remain but they will not be able to log in any more.
There are two steps that need to be done:
First block the user using the link in Special Pages.
Blocking can be performed against user id or IP address to prevent them from editing the wiki.
They will still be able to log in and view content.
Then in LocalSettings.php add $wgBlockDisablesLogin=true; ($wgBlockDisablesLogin).
Now upon logging in the user will be greeted with Login error. This user is blocked. Login not allowed..
2. This solutions requires an extension that works with MediaWiki 1.29+
If you want to completely remove access to a user, e.g. on a simple private wiki, it's not possible to simply delete the account (unless no edits have been made); you can block it, but the user will still be able to read pages. However, using User Merge and Delete extension you can merge the account in another one and delete the former; the original account will then "disappear".
Also:
If you want to preserve history readability (i.e., to have edits from the user to be still shown under his name), you can create a new account e.g. with username "OriginalUserName (deactivated)" and then merge "OriginalUserName" into the former, or even use Renameuser extension.
I suppose if you wanted to revive the user later on you would need to repeat this process but this time you would merge OriginalUserName (deactivated) into OriginalUserName.
See Preventing Access page in the MediaWiki manual.
There's a special page that Admin users can see, /Special:BlockIP. Block them there.
You can also get to it from the Special Pages page, /Special:SpecialPages.
you could also reset the password of the user via
/Special:PasswordReset
note: I would not recommend deleting data via scripts in the DB. there are various functionalities for rolling back unwanted user edits, merging contribution from one user to another, etc.