I've implemented simple REST API based on Flask Eve framework.
Now I want to add some custom ACL based on user's roles.
I've investigated this question a little and found interesting solution called Flask-ACL:
https://mikeboers.github.io/Flask-ACL
But there are a few questions I want you to ask:
Do somebody know any documentation how to use Flask-ACL + Eve frameworks, because it's not clear enough for me..
What is the best way to map list of roles to list of permissions?
Can't help with Flask-ACL (I don't know it) but, have you looked into Eve's own Role Based Access Control yet? It basically allows you total control on what an authenticated user can do.
Related
Currently, the Google Vault API does not provide a way to get a report of all users in a G-Suite tenant or domain who are on hold in one or more matters. This information is currently available only via the admin interface for Google Vault under Reports/User Holds. It would be great to be able to obtain this report via an API call in JSON format rather than only via the admin UI. Am I missing something or is this functionality already available?
Respectfully, please keep in mind that suggesting that I perform API operations to search all matters and iterate through the users on hold in each matter to obtain this information is not the answer I am looking for. There should be a quicker, more efficient way to get this information since such a report is already available via the UI. I am simply asking if there is a way to get this same information programmatically via the APIs/automation. Thank you in advance.
Unfortunately, Vault API does not have a method for that. The only way to retrieve this information is to list all matters and iterate through them, as you already mentioned.
File a feature request:
It's not uncommon for a feature to be present only in the UI. If you want to see this implemented on the API, I'd suggest you to report it on Issue Tracker's Vault component.
I looked through the issues of this component, and it looks like this hasn't been requested yet. There's currently a somewhat related feature request, but not exactly what you're looking for:
Audit reporting functionality
Update:
The original poster filed a feature request in Issue Tracker. I'm add this to the answer in order to give it more visibility.
To anyone who would like to see this feature implemented in the future, I'd suggest starring the issue (star on the top-left) in order to help prioritizing it:
Vault API: Need API method to return list of all users who have active holds as available in Vault UI
I have a concept of Slack's workspaces in my app and I'd like my consumers to specify to which "workspace" they are installing an app.
Even though I can see that I can extend an Application model, it doesn't really help.
Is there some best practise I could apply here? I've read the documentation several times. I was thinking of the following 2 workarounds, but there must be a simpler way for this.
1) First let user to authorise an app with his account and later let him to apply it to the workspace simply by creating some model and checking this on API/view layer. The problem here is that user experience is not as smooth as on Slack or Github where you select what entities you want an app to have access to when approving an app.
2) Extend Grant & Token models with a reference to a Workspace. In that case I'm struggling with adjusting forms, since I can not override them in a settings. (I can do that for models & templates).
Do you maybe have some idea how to do this? Thank you
I just want to know if it's possible to do the following:
To display some wall posts from my own facebook account in a php web page, without going through the granting-permission in the user interface level? Because from what I know, you need an access token to use the API, and to get an access token, you need to go through the granting-permission UI. So I am feeling impossible here.
I got my app ID and secret code ready, I just want to know for sure if what I want to implement is even possible to begin with.
Actually, you could change your privacy permissions so that your wall is completely public. The API is then able to access public information without being granted user authorization.
I was also searching the same, as I want to implement it in my project. Now I've got the answer of this. Yes, you can get posts as well as comments from your wall. If you want more details about same, comment below mentioning my name. :)
I was hoping to use the Graph API to retrieve a list of apps that the user currently has on their account - those that they are using or have used, and have not yet removed. This would be the same list as found by clicking App Centre and My Apps.
I'm not looking to get info about a specific application (yet; I don't know what app to look at, or how to get its ID).
This article: How to get the List of Facebook Applications for a user using Graph API
seemed to be the right answer (and the OP certainly liked it), but for me, while it works, it returns an empty array - but I have about 20 apps (mostly games) listed on my profile, half of which are in favourites. I don't need to know which are in favourites; I simply would like to know what apps a user is interested in.
I realise this is considered sensitive information, but since I cannot find what string to use for the api() method, I can't tell what permissions I'll need; I currently ask for read_stream but since the call itself succeeds, I assume I have sufficient privilege.
I see that you can list the app requests using /me/apprequests, which suggests you should be able to retrieve the list of apps (that's where the requests come from, usually, except invites to new games) - but I can't find anything that seems right.
Any ideas?
Thanks.
No, it is not possible to retrieve a full list of the applications that a user has TOS'ed.
As described in the comments to the OP, it is possible to deduce some of them from /[user]/scores assuming they have granted the user_games_activity permission.
I'm working on a django project in which users can post articles and vote on them. But the users are not supposed to vote on their own articles. Currently I'm using the permission system with django-guardian. My idea is to grant a kind of 'anti-permission' so that only the author can't vote on their own articles.
My reasoning is that in this way all the permissions can be handled in a unified protocol, separately from view functions(instead of putting conditions inside them). And if there comes future requirements like this, they can be handled elegantly.
But it does not look semantically right to use "permissions" in this way. Just wondering if there's a better way of doing it?
Thanks for your help! :)
Write a manager that takes the context and then returns a list of objects that the user can vote on.
Use this manager in your view.