Can anyone suggest me how to fetch privacy list of a user through facebook-graph-api or FQL? I need to poll questions on user's facebook-wall using my app giving him option to limit visibility of the questions on UI.
You can retrieve a user's default visibility setting for posts made from your app using the following FQL query [1]:
SELECT name, value, description, allow, deny, networks, friends FROM privacy_setting WHERE name = "default_stream_privacy"
Some objects (Albums for sure, possibly timeline posts? [undocumented]...) allow you to specify visibility settings at the time of creation PROVIDED THAT the visibility settings do not exceed the scope of the default visibility setting.
The privacy settings for a specific object (once created) can be retrieved using the FQL query [2]:
SELECT value, description FROM privacy WHERE id = 10151177771869615
Can anyone suggest me how to fetch privacy list of a user through facebook-graph-api or FQL?
You mean their default privacy settings they have in place for their wall posts etc.?
Can’t be done.
I need to poll questions on user's facebook-wall using my app giving him option to limit visibility of the questions on UI.
The user themselves can limit the visibility of anything your app will post on their behalf, in the Auth dialog when first connecting to your app, and then afterwards in their account settings.
There is no parameter an app could use to set privacy options on-the-fly while posting a new question.
You could set the Default Activity Privacy in your app’s settings to only me – but, as said, the user can overwrite this any time they like.
Related
Can anyone provide me with working example how to show analytics (Visits, Page views, Page views per visit, etc) for logged users? As I understand there is no OOB solution, so I've tried to implement flexible dimensions, but didn't find any good examples and failed.
First of all you have to identify your logged in contact by calling the Sitecore.Analytics.Tracker.Current.Session.IdentifyAs() method, see more details here. When the contact logs in you can use their username to identify them upon the successful login.
Note, that the identification and authentication are separate unrelated events. Contacts are identified against the xDB and authenticated against the authentication mechanism used by the website.
When the contact identifies, it is saved to xConnect with a known identifier based on the information passed into theIdentifyAs() method: Identifier, Source and
IdentifierType will be set to ContactIdentifierType.Known (it is set to ContactIdentifierType.Anonymous for anonymous contacts). Then you can use IsKnown property on the Sitecore.XConnect.Contact that returns true if a contact has any known identifiers.
If you want to track some custom events for the logged in users to then use them for reporting needs you can add user interactions by calling the client.AddInteraction() extension method. I have given an example here.
If you want to extend the contact with your own custom data then you can create custom contact facets, read more here.
In order to implement your custom report with flexible filtering by logged in and not users, of course, you will need to define your custom dimensions and metrics, read more here.
I have a workspace in which I have many applications based on the same schema.
Every applications has his own login page at the moment.
I want to build another application responsible for the login of all the other applications.
The login will redirect the user to a main page that will show the links to the different modules (applications) based on the user type.
Note that only the ADMIN user can see the links to all the applications.
Different types of user will see only the links to the apps that they are authorized to access.
I read other related posts, I know I have to change the cookie name for all the app I want to share the authentication.
But my question is:
If I login successfully with a user different from the ADMIN, I am still able to access all the applications via URL, even if their link is not visible in my main page.
How can I prevent this?
Check out the use of authorisation schemes (see under Shared Components).
If you had an authorisation scheme per application you check on each page so that if the current user was authorised that application. Don't forget that each authorisation scheme would also allow users who have ADMIN access.
Hope this helps.
Just had another thought. Check out this post http://www.explorer-development.uk.com/securing-vulnerability-exploits-apex-part-2/ by Craig Sykes.
Activating Session State Protection and using Checksums would prevent a number of issues for you.
For the past few months I've been using the "link" field present in data returned for a Like in order to determine whether the Open Graph object being liked is part of my application. For all that time the link field contained the og:url value for the object being liked. Now the link field contains a URL for a Facebook page that is automatically created for the object being liked. I've found that sometimes the "website" field contains the og:url value for the object but sometimes the website field is not returned (even when explicitly requested).
Is anyone else experiencing this issue? Did I miss an announcement from Facebook about how they are completely changing the meaning of these fields? Am I taking crazy pills? Is this just a symptom of the many current bugs surrounding like/send functionality right now? I wanted to throw this out to the community before filing a bug report.
Open Graph Protocol
Page Administration
To administer your page, you need to associate it with either your Facebook account or your Facebook Platform application. It is valid to associate your page with both user accounts and a Facebook Platform Application.
To associate the page with your Facebook account, add the additional property fb:admins to your page with a comma-separated list of the user IDs or usernames of the Facebook accounts who own the page, e.g.:
<meta property="fb:admins" content="USER_ID1,USER_ID2"/>
Each listed user must click Like on the URL to be approved as an admin. This is to prevent users being made admins without their consent.
So I think using the site url depends on the admin users liked the page or not.
I'm trying to post to wall on behalf of a user (user access token) via the Graph API. The post is successful and I get a api ID for the post. But I can't view it as the posting user.
On my friends wall the post shows up but it are marked in "privacy" settings as "Only you".
Are you able to set some other privacy setting like "Everyone" or "Friends" when using the graph api?
This sure has with facebook privacy settings of personal profile, and can't be set via an API request/post.
The privacy parameter of https://developers.facebook.com/docs/reference/api/post/ can't change this when posting to other than (access token) owners wall.
Note: This privacy setting only applies to posts to the current or
specified user's own Wall. Facebook ignores this setting for targeted
Wall posts (when the user is writing on the Wall of a friend, Page,
event, group connected to the user). Consistent with behavior on
Facebook, all targeted posts are viewable by anyone who can see the
target's Wall.
According to https://developers.facebook.com/docs/beta/authentication/, the 'Default Activity Privacy' field in the Auth Dialogue can only have four values: None, Friends, Me only, or Public.
I think this is either a huge oversight in the API or I cannot find out how to implement what I think is the right way to do this. For example, if I am a user of Spotify, I want to Add to Timeline but I want those stories to be visible to certain lists. In the Activity Log (which is private to me) I can control the visibility of all the previous posts from Apps and their visibility in terms of lists, but not for these new Timeline updates from Spotify. I tried going back to some activities posted by YouTube and I can control which lists its visible for in the dropdown on the right during hover.
I want to give the users of my App the option to control which lists their actions show to by default. The new API seems to have taken a feature away because I can't see where that control is!
Users can control who can see Timeline activity on a per app basis directly from the new authentication dialog (See the control next to: This activity is visible to:) This setting includes Friend Lists. You can also guide your app users to change this setting at any time by going to their App Settings on Facebook (https://www.facebook.com/settings/?tab=applications), and setting the visibility of App activity privacy: for your application.