According to https://developers.facebook.com/docs/beta/authentication/, the 'Default Activity Privacy' field in the Auth Dialogue can only have four values: None, Friends, Me only, or Public.
I think this is either a huge oversight in the API or I cannot find out how to implement what I think is the right way to do this. For example, if I am a user of Spotify, I want to Add to Timeline but I want those stories to be visible to certain lists. In the Activity Log (which is private to me) I can control the visibility of all the previous posts from Apps and their visibility in terms of lists, but not for these new Timeline updates from Spotify. I tried going back to some activities posted by YouTube and I can control which lists its visible for in the dropdown on the right during hover.
I want to give the users of my App the option to control which lists their actions show to by default. The new API seems to have taken a feature away because I can't see where that control is!
Users can control who can see Timeline activity on a per app basis directly from the new authentication dialog (See the control next to: This activity is visible to:) This setting includes Friend Lists. You can also guide your app users to change this setting at any time by going to their App Settings on Facebook (https://www.facebook.com/settings/?tab=applications), and setting the visibility of App activity privacy: for your application.
Related
I have Created the SharePoint custom List with 3 views(Ex.test1,test2,test3).
I want to assign 3 views to 3 user,one should not have permission to view other's view.
Any help would be appreciated.
As far as I know, this is simply not possible, i.e. assigning views to a certain user. You can have 'Public' views (visible to everyone with access to the list as the name implies) and 'Personal' views (visible only to the user who created them, the user must have the relevant permission enabled for this). Personal views cannot be shared.
Also, if it is critical that data is only visible to certain users and not others, a user can look at items not in their View by simply changing the ID in the Item View in the URL so View filtering is not a good way to go about this.
Could you please elaborate on what exactly are you trying to achieve, i.e what is the difference between the views etc.?
UPDATED:
Here you can get another good solution.
https://sharepoint.stackexchange.com/questions/253723/restrict-list-view-to-role-sp-o365
It is really good solution because you need only admin rights and no code.
You need to create folders, break role inheritance and add permissions on folders.
My OLD answer:
From my experience It is depend on what is your expectations from solution, your limits, what you want to get and what things you can sacrifice and in some cases what SharePoint edition you are using.
Note: SharePoint does not have out-of-box fully customizable list item permissions.
I can say about some expectations, some details, some solutions and workarounds and how to implement this.
You can try to get something that applied to you:
.1. You want to disallow users to see other users views. But:
users with specific permissions can create their own views and therefore they can create views with all fields and all list items data from other disallowed views,
users can get data about all fields in list items and all list items from REST API, JSOM API and other SharePoint out-of-box web services,
users can open any list item, change URL item ID to another and see any data from other list item.
To achieve this you can:
.1.1. Open list under each user and create its own Personal View.
Personal Views displayed only for individual users.
.1.2. Create Public View and set its Target Audience.
Open view page -> in right corner click Gear icon -> Edit Page -> on the page click arrow icon on list view web part -> Edit Web Part -> Section "Advanced" -> Field "Target Audiences".
If you does not have this option then enable target audiences.
List Settings -> Audience targeting settings -> Enable audience targeting.
In audiences you can specify SharePoint users or groups who has permissions to see this web part.
Here you can see different uses of audiences and how to enable it on list or library: https://support.office.com/en-us/article/target-content-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293
.1.3. Create Public View, open its page, edit page, delete List View Web Part, add Content Query Web Part and set its Target Audience.
Here you can see info about Target Audiences:
https://support.office.com/en-us/article/target-content-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293
But I didn't perform this by myself.
.1.4. Add javacript to list view page.
This javascript will check user permissions and hide view or redirect user to some other location or will make other actions.
.2. Users cannot see other users created list items from any source (any list views, any API and web services).
.2.1.
Note: this is limited. User can only read, edit list items which created by him. You cannot apply this on other users created list items.
To achieve this you can:
List Settings -> Section "Advanced settings" -> Block "Item-level Permissions" -> "Read items that were created by the user" and "Create items and edit items that were created by the user" options.
.2.2. Create different lists for different users with different permissions.
.2.3.
Note: this is limited by SharePoint unique permissions limits.
You can create SharePoint workflow that run on list item creation. This workflow will break list item role inheritance and set new permissions for this items by some conditions.
This is may be good but here some limits exists. SharePoint limit list to have more than some limit number of list item unique permissions.
.2.4. I don't know if SharePoint has some limits to this but you can try and I don't know if you can perform this from public API but you can try to investigate.
You can create SharePoint workflow that run on list item creation. This workflow will set Target Audiences on list item.
Here you can see info about Target Audiences:
https://support.office.com/en-us/article/target-content-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293
.2.5. If you use SharePoint On-premise edition then you can add:
.2.5.1. List event receiver that run on list item Create event and perform following actions:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item
.2.5.2. Create Timer job, deploy, schedule it in SharePoint Central Administration.
This timer job will be check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item
.2.6. You can create Console Application (c# language) that connect to SharePoint, check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
This console app can be scheduled on any server in your company through Windows Task Scheduler.
.2.7. You can write Powershell script that connect to SharePoint, check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
This Powershell script can be scheduled on any server in your company through Windows Task Scheduler.
.2.8. You can create Windows Service (c# language) that connect to SharePoint, check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
This windows service can be installed on any server in your company.
.2.9. May be you can create some other periodically running code (like Workflow, Console App, PowerShell script, Windows Service) in any server.
This code will:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
I think code wrapper not limited to any implementation.
I think this ways is applicable to many cases.
If you want more customizable control, or you have some limits in implementation, then you can create many workarounds by many ways. Workaround can close many permissions holes but may be not all holes:
.1. You don't want user can create views from list view page UI.
You can add javascript to hide ribbon, buttons or some other UI elements to disallow user to create its own view or to switch to another user view.
If user is smart he can avoid this by using REST API, JSOM or web services to get neccessary list item data.
.2. You don't want user can see any list item data changing URL list item ID to another.
.2.1. You can add some javascript on default form pages.
On New Item form page, on Display Item form page and on Edit Item form page.
This javascript will be check user permissions and hide data or redirect user back to list view page or somewhere.
.2.2. You can create HttpModule that intercept web requests and check user permissions and redirect him to another page if he don't have permissions.
HttpModule must be added to IIS and SharePoint web config.
.3. You can try to disallow REST API, JSOM using but I didn't do that.
I think you can add HttpModule to IIS that will intercept web requests and check user permissions and return bad request HTTP status codes and error messages.
But I didn't yet try this by myself.
Here you must know all API endpoints to close access to them.
May be here exists many other different workarounds but I don't remember about them now.
Try something from what I said. May be it help you.
I have a customize request from my client in sitecore mobile module.
I want to be on full view site from my mobile on Career page, i am able to do it but any of the link inside career page with having mobile layout in presentation detail is taking that page again to mobile device.
Can we make any customization that maintain the device in cookies so that it keep user on full view site after coming to career page.
Is there any setting we can do in pipeline or session. I just want to be throughout in full view site after coming on career page and no going back to mobile layout. Kindly suggest.
Yes, you can do exactly that. You'd need to update the rule to detect the various devices (which I'm guessing you already have). You can then create a custom condition to check if cookies have been set for the full site(does not need to be a cookie of course, but that'd be the easiest way).
You can find the existing Conditions and Actions here in the path /sitecore/system/Settings/Rules.
To create custom conditions and actions, please read the following article on SitecoreInsight.com
After creating your custom condition, go into your device item again and update the Rule there to only switch to that device when that cookie has not been set.
[edit]
Come to think about it, it might be possible to have your 'go to full site' link appended with a querystring sc_device={GUID of device}. I'm not sure what would take precedence here, the 51degrees rules or Sitecore's cookies... Worth a try though :-)
I have a Glass application that is activated by a voice command. The user requests a product and the request is then passed on to a node.js server, which handles the bulk logic of my application. When the node server is done, it builds some HTML templates that it passes on to the Mirror API, which then puts those cards into the timeline of the Glass app.
Now the problem I have is this:
When a user requests something from within the application, he just stays within that application but the cards from the Mirror API are put onto the timeline.
Is it possible to navigate the user from within the application to the timeline item that has just been inserted?
As I build the Mirror API timeline item, I know ahead of time what the bundleId will be on the timeline, so can I use that somehow to navigate to that item on the timeline?
I've had a look here on Stackoverflow, the Glass forums and the official documentation and couldn't see anything that would help.. Anybody here have any ideas?
Currently the only way for forcing a specific card to show in the timeline is by using a LiveCard (https://developers.google.com/glass/develop/gdk/reference/com/google/android/glass/timeline/LiveCard). Live cards will automatically be given focus when published and you can force the timeline to give your card focus after publishing by calling LiveCard.navigate().
So unfortunately unless you want to change some of the fundamentals of your app, this isn't going to be much help.
Though from the sounds of it, you may be able to use a LiveCard to show what is returned from your server. If you want to perform inserts via the mirror API, this could still be done in addition.
I'm currently toying with the Facebook Graph Api and have been able to get some interesting results, I would like to be able to post to one of my Facebook App users pages. They have authenticated the app and confirmed the ability for my app to be able to post on there wall. I know there is the can_post check using FQL, but I haven't seen any information on this using the Graph API. Is there a possible check to make so I can see if I have the ability to post on there wall?
can_post
https://developers.facebook.com/docs/reference/fql/user/
This settings is actually a setting of the timeline:
This setting only affects the viewers of the specific timeline and does not apply to the owner of the timeline.
can_post - bool - Whether or not the viewer can post to the user's Wall
Beyond this settings, by authenticating an application and giving it certain publishing permissions, the application, using it's per-user per-app access token will be able to perform actions on behalf the actual user. Actions will be attributed to the user even though it is the application that initiated and published these stories.
To answer what I assume is your underlying question - your application, given the appropriate permissions, will always be able able to publish a story to the users timeline. The act of giving an application any permissions is the same as allowing the application to act as you and access everything you would be able to access. This includes posting a story to your own timeline (even if no other user would be able to).
The start-up i currently work for is oriented around restaurant wait times. For our v1.25 specifications our clients -restaurants- that have Facebook pages want to be able to communicate to their app profile from their Facebook page.
The closest i have came to answering this question is the Graph API. However, the Graph API only allows us to read and write data to FB pages. So, is there a way for a restaurants FB page to write to its app profile? Secondly, Loso, whom we have modeled some of our designs from has this ability, does anyone have an idea as to how they have done it?
--Boris M.
Here is an option that you can consider...
When you are designing the app you can also develop a page tab to go with it...
You will find this option in the basic settings of the app.
You can make it to install for all first time users of your app, by getting a list of all his pages he created using that profile then install it on the one he selects.
This page tab when installed on a page will appears just where other tabs on the page appers(e.g. events, notes etc. occurs)
You can provide your required functionality on this tab as you like.
Thus the user can just select that tab on the page and use its functionality to post on the profile page of the app.
Hope this works for you... and also u can check out the jobcaster app it does something like that!