I want to override the QueryThrottle Setting using SPQueryThrottleOption. This is to be done in Client Object Model.
SPQuery q = new SPQuery();
q.QueryThrottleMode = SPQueryThrottleOption.Override;
Can be done in Client Object Model-Sharepoint 2013?
Please try this:
SPWeb web = SPContext.Current.Web;
SPList list = web.Lists["BigList"];
SPQuery query = new SPQuery();
query.QueryThrottleMode = SPQueryThrottleOption.Override;
SPListItemCollection items = list.GetItems(query);
litMessage.Text = String.Format("This list contains {0} items", items.Count);
The important bit is the 4th line down:
query.QueryThrottleMode = SPQueryThrottleOption.Override;
The SPQueryThrottleOption enumeration has three values: Default, Override, and Strict. If you use the default value, the standard list view threshold applies to all users except local server administrators, who are not bound by either threshold. If you set the query throttle mode to Override, users who have the required permissions in the Web application user policy can query at the higher "auditors and administrators" threshold. Local server administrators remain unbound by either threshold. Finally, if you set the query throttle mode to Strict, this closes down the local server administrator loophole and the standard list view threshold applies to all users.
Related
I'm trying to get access to a particular recurring Google Calendar Meeting from a Service Account. The owner of the Calendar Meeting is a real user and created in their personal calendar (which can't be changed at this point). Sharing the entire Google Calendar of that user with the Service Account is not a viable solution.
Instead I've tried to just invite the Service Account to the meeting - so far so good.
However, I'm unable to retrieve that event with the Google Calendar API.
Basically, I'm trying something like this:
scopes = ["https://www.googleapis.com/auth/calendar.readonly"]
google_credentials = ServiceAccountCredentials.from_json_keyfile_name(CREDENTIALS_FILE, scopes)
calendar_service = build("calendar", "v3", credentials=google_credentials)
events_result = calendar_service.events().list(
# calendarId="<some-service-account>#<some-project>.iam.gserviceaccount.com",
calendarId="primary",
singleEvents=True,
).execute()
print(events_result)
events = events_result.get("items", [])
print(events)
Neither getting the calendar with id primary nor with the <some-service-account>#<some-project>.iam.gserviceaccount.com works.
Also getting the calendar list of the service account looks like that:
scopes = ["https://www.googleapis.com/auth/calendar.readonly"]
google_credentials = ServiceAccountCredentials.from_json_keyfile_name(CREDENTIALS_FILE, scopes)
calendar_service = build("calendar", "v3", credentials=google_credentials)
print(calendar_service.calendarList().list().execute())
# OUTPUTS:
# {'kind': 'calendar#calendarList', 'etag': '"<removed>"', 'nextSyncToken': '<removed>', 'items': []}
Thus, an empty items list. I'm not sure what the problem is here - or if that's not even possible.
Am I missing some permissions for the Service Account?
This relates to my earlier question - How to iterate/loop through next pages in an API request in PowerQuery/PowerBI? ; which was resolved using below code:
//Declare base variables
let
BaseURL = "https://api.aaaaaa.com",
Entity = "/api/v1/user?&limit=1000",
Token = "zzzzzzzzzzzzzzzzzzzzzzzzzzzz",
Options = [Headers=[APITOKEN=Token]],
URL = BaseURL & Entity,
//Define a function that would take step/page as parameter and return results
GetData=(page as number) =>
let
Source = Json.Document(Web.Contents(URL & "&step=" & Number.ToText(page), Options)),
Data = try Source[results] otherwise null
in
Data,
//Iterate over GetData () to return all the records until last page i.e. until no "result" is retrieved from the API call
GeneratePageList =
List.Generate( ()=>
[Result = try GetData(1) otherwise null, Page=1],
each [Result] <> null,
each [Result = try GetData([Page]+1) otherwise null, Page=[Page]+1],
each [Result]
)
in
GeneratePageList
However, once this code is published to PowerBI service, we cannot schedule refresh for it, since it gives below error as:-
This dataset includes a dynamic data source. Since dynamic data sources aren't refreshed in the Power BI service, this dataset won't be refreshed. Learn more: https://aka.ms/dynamic-data-sources.
• Data source for Query1Discover Data Sources
Tried RelativePath & Query method as suggested here - https://blog.crossjoin.co.uk/2016/08/16/using-the-relativepath-and-query-options-with-web-contents-in-power-query-and-power-bi-m-code/ and here-
https://blog.crossjoin.co.uk/2019/04/25/skip-test-connection-power-bi-refresh-failures/
But, without any luck, see below how am using it:
let
BaseURL = "https://api.crewhu.com",
Entity = "/api/v1/user?&limit=1000&step=",
Token = "60afbdaf5d7d584762771f36",
Options = [Headers=[X_CREWHU_APITOKEN=Token]],
URL = BaseURL & Entity,
//Define a function that would take step/page as parameter and return results
GetData=(page as number) =>
let
Source = Json.Document(Web.Contents(BaseURL & [RelativePath = Entity, Query=[page]], Options)),
The BaseURL is reachable; but redirects to the login page, where our admin credentials (username+password) on the vendor site works well. However, same credentials do not work when using "Basic" connection method during accessing Web Content. Therefore, tried adding #Authorization = Basic in the header along with API key like - [Headers=[Authorization = Basic, X_CREWHU_APITOKEN=Token]]; but this also didn't work.
We've only got an Open API token/key from the vendor; but even that token/key also doesn't work from when providing that in "Web API" section during connecting/accessing Web Content, it gives error as:- "a web api key can only be specified when a web api key name is provided", but the same key/token works well from within PowerQuery (M) code using anonymous web api call method.
Have tried multiple permutation combinations of providing key/token in the username/password fields as suggested in some sites, but still no luck.
The bind variable :app_region_id works region however it does not work for the authorization scheme
SQL statement for region
SELECT WORKSPACE,APPLICATION_ID , PAGE_ID, REGION_ID, REGION_NAME,AUTHORIZATION_SCHEME, :app_region_id
from apex_application_page_regions
where region_id = :app_region_id
Authorisation scheme
Scheme type: Exists SQL Query
SQL Query:
Select 1
from apex_application_page_regions
where region_id = :app_region_id;
which bind variable should I use to achieve region authorization. The code that I wanted to implement, it does not return the desired results
Select 1
from AD_GRP_APEX_REGION_ASSOC r,
AD_GRP_EMP e
where e.ad_grp = r.ad_grp
and e.user_id = :app_user
and r.region_id = :app_region_id
The variable :app_region_id is not a global variable in the same way as :APP_USER. Authorization schemas only work with global variables which are associated to the SESSION, not to a element in a page ( such is a region ). Besides that, it does not make any sense to have it because you use AUTHORIZATION SCHEMAS to limit access to different components in your application. Let me show how to apply authorization schemas to regions in Oracle Apex.
Let's imagine I have a test application with three regions:
Region 1 shows one field of a query ( one row )
Region 2 shows another field of a query ( one row )
Region 3 only shows a message ( static content )
Without any authentication schema, it shows this
Now, let's create an authorization schema example that derives who is the user and based on this will show only region 3. In my case my application uses the authentication schema by default ( apex users ) so the user logged is always assigned to the global variable :APP_USER.
Application Builder --> Shared Components --> Authorization schemas
Authorization Schema --> MY_TEST
Type --> Exist SQL QUERY
select 1 from dual where exists ( select user_name from apex_workspace_apex_users where workspace_name = 'MY_WORKSPACE' and user_name = upper(':APP_USER') )
This authorisation schema will forbid to see a region when the user exists, so basically for everybody, obviously I am doing it just for testing purposes.
Then I modified attributes of REGION 1 and REGION 2 , changing the authorization schema to MY_TEST
Now, when I execute the application , I can only see the region3 in the page.
I am using admin services to get a list of all users available in the store. I am calling the service through Jaggery using this code:
ws = require('ws');
var user = "";
var wsUser = new ws.WSRequest();
var optionsUser = new Object();
optionsUser.useSOAP = 1.2;
optionsUser.useWSA = 1.0;
optionsUser.action = "urn:listUsers";
wsUser.open(optionsUser, "https://localhost:9443/services/RemoteUserStoreManagerService", false, "admin", "admin");
wsUser.send('<ser:listUsers xmlns:ser="http://service.ws.um.carbon.wso2.org"><ser:filter></ser:filter><ser:maxItemLimit>-1</ser:maxItemLimit></ser:listUsers>');
resultUser = wsUser.responseText;
This gives me the list of users of the Primary Store. There is also a Secondary User Store connected to the APIM through Active Directory, and I would like to get the list of the users of that store as well.
Is there a way to get the list of users of all stores using admin service, if yes how would I do that?
Thanks
If you set '*' (i.e.asterisk) for search filter like below, you should get users of all userstores.
<ser:listUsers xmlns:ser="http://service.ws.um.carbon.wso2.org">
<ser:filter>*</ser:filter>
<ser:maxItemLimit>-1</ser:maxItemLimit>
</ser:listUsers>
First off, if there is a true, official way of having flash/flex's NetConnections usurp the session/cookie state of the surrounding web page, so that if the user has already logged in, they don't need to provide credentials again just to set up an AMF connection, please stop me now and post the official answer.
Barring that, I'm assuming there is not, as I have searched and it seems to not exist. I've concocted a means of doing this, but want some feedback as to whether it is secure.
Accessing a wrapper-page for a flash object will always go to secure https due to django middleware
When the page view is loaded in Django, it creates a "session alias" object with a unique key that points to the current session in play (in which someone ostensibly logged in)
That session alias model is saved, and that key is placed into a cookie whose key is another random string, call it randomcookie
That randomcookie key name is passed as a context variable and written into the html as a flashvar to the swf
The swf is also loaded only via https
The flash application uses ExternalInterface to call java to grab the value at that randomcookie location, and also deletes the cookie
It then creates a NetConnection to a secure server https location, passing that randomcookie as an argument (data, not in the url) to a login-using-cookie rpc
At the gateway side, pyamf looks up the session alias and gets the session it points to, and logs in the user based on that (and deletes the alias, so it can't be reused)
(And the gateway request could also set the session cookie and session.session_key to the known session ID, but I could let it make a whole new session key... I'm assuming that doing so should affect the response properly so that it contains the correct session key)
At this point, the returned cookie values on the flash side should stick to the NetConnection so that further calls are authenticated (if a connection is authenticated using username and password the normal way, this definitely works, so I think this is a safe bet, testing will soon prove or disprove this)
So, is this unsafe, or will this work properly? As far as I know, since the html page is guaranteed to be over ssl, the key and cookie data should be encrypted and not steal-able. Then, the info therein should be safe to use one-time as basically a temporary password, sent again over ssl because the gateway is also https. After that, it's using the normal pyAMF system over https and not doing anything out of the ordinary.
No responses on this so far, so the best I can do is confirm that it does in fact physically work. For details on how to set up Flex Builder to write html-wrappers that communicate with Django pages templates, see my other post. The above was accomplished using a combination of the aforementioned, plus:
Made a SessionAlias model:
class SessionAlias(models.Model):
alias = models.CharField( max_length=40, primary_key=True )
session = models.ForeignKey( Session )
created = models.DateTimeField( auto_now_add=True )
Flex points to a Django page that loads via a view containing:
s = SessionAlias()
s.alias = SessionStore().session_key // generates new 40-char random
s.session = Session.objects.get( session_key=request.session.session_key )
s.save();
randomcookie = SessionStore().session_key // generates new 40-char random
kwargs['extra_context']['randomcookie'] = randomcookie
response = direct_to_template( request, **kwargs )
response.set_cookie( randomcookie, value=alias )
In the flex html-wrapper, where randomcookie is the location to look for the alias:
<param name="flashVars" value="randomcookie={{randomcookie}}" />
In applicationComplete, where we get randomcookie and find the alias, and log on using that:
var randomcookie:String = this.parameters["randomcookie"];
// randomcookie is something like "abc123"
var js:String = "function get_cookie(){return document.cookie;}";
var cookies:String = ExternalInterface.call(js).toString();
// cookies looks like "abc123=def456; sessionid=ghi789; ..."
var alias:String = // strip out the "def456"
mynetconnection.call( "loginByAlias", alias, successFunc, failureFunc );
Which in turn access this pyamf gateway rpc:
from django.contrib.auth import SESSION_KEY, load_backend
from django.contrib.auth.models import User
from django.contrib import auth
from django.conf import settings
def loginByAlias( request, alias ):
a = SessionAlias.objects.get( alias=alias )
session_engine = __import__( settings.SESSION_ENGINE, {}, {}, [''] )
session_wrapper = session_engine.SessionStore( a.session.session_key )
user_id = session_wrapper.get( SESSION_KEY )
user = User.objects.get( id=user_id )
user.backend='django.contrib.auth.backends.ModelBackend'
auth.login( request, user )
a.delete()
return whateverToFlash
And at that point, on the flash/flex side, that particular mynetconnection retains the session cookie state that can make future calls such that, inside the gateway, request.user is the properly-authenticated user that logged onto the webpage in the first place.
Note again that the run/debug settings for flex must use https, as well as the gateway settings for NetConnection. And when releasing this, I have to make sure that authenticated users stay on https.
Any further info from people would be appreciated, especially if there's real feedback on the security aspects of this...
IE doesn't give access to cookies in local development but if you publish the SWF and put on a domain, it should pickup the session just like ever other browser. Use Firefox 3.6 to build your flex apps locally.
Tested in IE8, Firefox using a pyamf gateway on Flex 3 with NetConnection. The gateway function was decorated with #login_required