I'm trying to add Gcal integration to my site, and while I can easily display the calendar using OAuth, I can't seem to find a way to add events without making the calendar view public.
Ever person who has access to this website also has editing access to the calendar. Members want to keep the gcal and not switch to a Django calendar instead.
I'm trying to figure out a way to do the following:
Keep calendar view private
Allow members to add events on the group's Django site
Is there a way to do this? I've read that it is not possible to export events which are behind the login page. What package might permit me to do this? Is there a way to integrate a Django calendar package with the Google OAuth? Apologies if this question isn't specific; I'm the only developer working with narrow and changing constraints.
Setting your authorization's scope to read-only should be able to keep your calendar public but not editable. You can find more about that here.
You also might want to check on the Google Calendar API documentation for more information regarding the calendars access levels.
Related
I've been looking at options for sharing my Power BI reports with clients in a secure manner. By looking through the documentation and was looking into Power BI embedded, however, one of my colleagues suggested that instead of going through all of that we should simply publish the iFrame to a password protected website in our own site as to reduce the workload.
I was interested has anyone tried this and had any success? Are there any drawbacks to using this method? I'm fairly new in this field so I am afraid I am missing something.
Why not create a user account in your domain ClientName#yourdomain.com and share the reports/dashboards as per normal internal sharing?
To answer your question directly, I have done this before and it worked fine.
Keep in mind that the iFrame is public so once the user has that user from the iFrame they would need to log into that page, they can go directly to the url within the iframe.
I am building a website where you can keep your private portfolio, logs, etc using Django.
All courses, documentation, I came accross so far give all users the possibility to view all entries made by all users (e.g. blog, posts etc.). However I want to restrict any user from viewing & READING other users' data.
How can this be best achieved? Is there an extension available? I know that django doesn't have row-level permissions, but there are extensions for that available such as Django-rules.
In my case however I want restrict a user from viewing other users' data. In other words, a user can only see his/her porfolio and is also not in any way able to CHANGE, UPDATE, DELETE any entries which is not its own.
I found that django-guardian does the job.
I want to build a dashboard that returns more customized insights from the insights generated by app.
The app is a facebook connect website that users visit and view a list of products. They can post to facebook about that particular product by sharing a custom story that incorporates that product on their timeline.
When I go to the insights for my app, it does a great job of showing me all social impressions for all custom stories that were generated on my site.
I'd like to narrow that down even more for specific products.
My plan is to record the object ids that are generated by these actions and link them to a partucular product in my database.
I'd then like to create a new dashboard page that will allow me to login, request read_insights permission from me and then use that object_id:product mapping from my database to show how many social impressions where recorded for a given product's object_ids.
Is this possible? I've read alot about it but still haven't found the most elegant way to get a segmented report of social impressions per type of content that was posted.
Thanks for your time.
The implementation all depends on which platform you want your app to run on.
The first major component is you must have a Facebook developers account which is easy to signup for. Just go to developers.facebook.com and register. Takes like 2 mins. After that you will need to create your first app and add the correct domain name where your app will be hosted and what platform it will run on. (iOS, Android, Web, ect.) Once that is finished you can make your app public so you can use the Facebook API in your code.
For the app creation itself. The first thing you need to do is import the correct API for your platform. Which you can find a walk through at https://developers.facebook.com/docs/. Once the API is imported you must build a Facebook object which contains your app id and possibly app secret. If you're using JavaScript you don't want to use the app secret because it will be visible to the public.
Now that you have your Facebook object you must require the app users to log in and grant permission to your app. You can add extended permissions to your log in process by adding a scope value to the log in button generated by Facebook. Here is an example.
<fb:login-button id="loginBtn" max_rows="1" scope="basic_info,read_insights,manage_pages" size="medium" show_faces="false" auto_logout_link="true"></fb:login-button>
After the user is logged in you can now query information from the users account using Facebook Api calls to Social Graph. Facebook also provides a tool to help you figure out what information you can query. https://developers.facebook.com/tools/explorer
Everything else you want to do with the app can be done by Facebook API calls. You just need to insure you grant the user the correct permissions before making the API calls.
API calls are a little different depending on which language syntax you are using but they all follow the same data model and return some array of responses which can be parsed using JSON or the standard array format. The Graph Explorer tool listed above will show you the output for your queries so you can handle them accordingly.
I hope this helps gets you started.
EDITED
Here's the implementation in JavaScript
function getMetric(){
// make the API call
FB.api(
"/{app-id}/insights/application_opengraph_story_impressions",
function (response) {
if (response && !response.error) {
/* handle the result */
}
}
);
}
Here's the reference now that Facebook docs are back up https://developers.facebook.com/docs/graph-api/reference/insights
application_opengraph_story_impressions will probably give you the total impression of all stories made by your app. I ran it against my Facebook app and it came back empty but I don't have any stories so it might work with your's. Also to note in the documentation there is an * by this metric and I could't find what that means.
I'm pretty sure that right now Facebook don't give developers ability to get insights about app custom stories.
Currently Facebook documentation has the following Graph APIs for Insights data:
/{page-id}/insights
/{app-id}/insights
/{domain-id}/insights
/{post-id}/insights (where this is a Page post)
So /{post-id}/insights won't work because custom story is actually user's post and others endpoints don't apply to your case.
As far as I know the only other option to access Insights is FQL. For that you'd use insights table in a manner similar to this:
SELECT ... FROM insights WHERE object_id = ... AND metric = ... AND end_time = ... AND period = ...
Now most likely this also won't work with your custom story posts (I don't have posts which I could try it on right now, so I can't tell) but at least it is not explicitly stated so in the documentation, so you should probably try it out.
UPDATE:
I wasn't able to get any insights data via FQL, although as far as I understand the following code should have gave me at least something (object id is for my page):
SELECT breakdown, end_time, event, metric, object_id, period, value FROM insights WHERE object_id = 224981264214413 and metric = 'page_fans' and period = period('lifetime') and end_time = 1395597892
But it results just in
{
"data": []
}
Facebook also has some pretty old bug report about similar topic: https://developers.facebook.com/x/bugs/508088155954330/ where they confirmed the issue, assigned it, and... did nothing to fix it for 6 months.
In case FQL doesn't work, my suggestion to you is - use your own analytics code to track the creation of custom stories and get the friend count of the users. It won't show you the real exposure of the posts but at least you will see some data on which types of custom stories where posted more often and what was the maximum potential friend count that could have seen them. By the way - to make charting easier, you could use Google Analytics events for that.
I am trying to build an application with ColdFusion.
I've been reading documentation and trying things out for days and for the life of my I can't seem to figure out how to display my own data to users from Google's APIs using OAuth2.
For example, I want to be able to display some of my stats to users with the Google Analytics API. How many unique hits, page views my site gets and from what countries. The data is private, however, so there isn't a way to do so. Or YouTube just changed their API so video tags can no longer be seen unless logged in. I want to be able to show my video tags so they can search for related things on my own site, but I can't pull them because I'm unsure of how to do this.
I know how to display and manipulate public data, but when it comes to private data, I'm at a complete loss. OAuth2 is kicking my butt!
Is there anybody that can please, please help me with OAuth2 so that I can allow my users to see my private Google data without there being any kind of log in process for them? Examples using ColdFusion would be so much appreciated.
The answer is more or less what I said at How to retrieve my own private playlist through YouTube API?
You'd want to use the OAuth 2 for Installed Applications flow, and generate new access tokens via your refresh token when your old access token expires. I'm not familiar with any libraries for doing OAuth 2 in Cold Fusion, though.
I'm doing my first steps with ColdBox and I just got stucked. I have two database tables, users and firms and each user belongs to one firm. After a user logged in to the application, he can list every firm, but can only edit the firm he belongs to.
So how can I manage that the user only has an edit link for his firm? And how should I secure the firm handler and edit action?
I'm working with ColdBox VirtualEntityService and Coldfusion ORM. Should I write a function in the UserService which validates the users permission?
Your edit permissions should be part of the session somehow and your view should contain some logic as to wether a firm is "editable" and display the edit link. Of course your controller will need to double check the user permissions when someone actually uses the edit link to make sure they do indeed have the permissions they need.
This seems like a sort of "standard logic" question and has not so much to do with Coldbox. I'm not a CB expert but I don't think there's something specifically native to CB that handles your case. This is simply about writing good controller and validation code and figuring out what to store in your users session.