I want to change the group settings (oGrp.OnlyAllowMembersViewMembership = false) for all the site groups present in my site. I have to use web services to perform this function and not the object model.
Until now I have worked on the object model mostly so I'm not very sure of web services. Please let me know if anyone has ideas on how to go about it.
I don't believe this is possible using the web services. They have a more limited set of functionality than the object model. It is possible to add and remove users from groups but there is little that allows you to change a group's settings. UpdateGroupInfo is the closest I know of which doesn't do what you want.
Your best option is to write your own custom web service and deploy that. You can then use the SPGroup.OnlyAllowMembersViewMembership property from the object model to configure the groups.
Related
I've created a custom template for B2C Sign In User flow. I wanted to add instruction text on the top of the page in 2 languages, so I created 2 templates, uploaded them to folders in blob storage.
When I insert a link to the User flow it is working for separated languages, but once I add a wildcard value {Culture:RFC5646} (which is recommended on MS docs) it doesn't work.
Have you got any ideas or advices of how this needs to be done?
Just to add another issue to this: the language is custom.
Thanks!
The language customization feature allows Azure AD B2C to pass the OpenID Connect parameter ui_locales to your endpoint. Your content server can use this parameter to provide language-specific HTML pages. The important thing is that the parameters must be passed in here.
Reference : azure b2c - custom UI - localize custom label
I managed to find the answer.
Instead of {Culture:RFC5646} I've added {Culture:LanguageName} and it fixed the issue!
Link below:
Question about Culture:RFC5646 and ContentDefinitions
I have a concept of Slack's workspaces in my app and I'd like my consumers to specify to which "workspace" they are installing an app.
Even though I can see that I can extend an Application model, it doesn't really help.
Is there some best practise I could apply here? I've read the documentation several times. I was thinking of the following 2 workarounds, but there must be a simpler way for this.
1) First let user to authorise an app with his account and later let him to apply it to the workspace simply by creating some model and checking this on API/view layer. The problem here is that user experience is not as smooth as on Slack or Github where you select what entities you want an app to have access to when approving an app.
2) Extend Grant & Token models with a reference to a Workspace. In that case I'm struggling with adjusting forms, since I can not override them in a settings. (I can do that for models & templates).
Do you maybe have some idea how to do this? Thank you
I have found lots of information on the internet about adding Members to a Group in Googlegroups, but I cant manage to get any of it to work.
I am working in Python-DJango.
Using a bussiness account, I manage to add them using Provisioning API, but I could not do it with the new Directory API.
The problem is the group I want to add people to is not a business one, it's an ordinary googlegroups one:
group_name#googlegroups.com
From what I have found, and what I did for the business group I have the following code:
groupClient = gdata.apps.groups.client.GroupsProvisioningClient(domain=domain)
groupClient.ClientLogin(email="user#gmail.com", password="xxx", source='apps')
groupClient.AddMemberToGroup("group_name#googlegroups.com", "newUser#gmail.com")
I wanted to know what I have to put in the domain field. With the business account it was the business domain, but being a normal googlegroups one I am not sure. I have tried googlegroups.com and doesn't work, as I always get a invalid domain error.
Any help would be appreciated
Thanks!
The Provisioning API (deprecated) and the new Admin SDK are both designed to work with Google Apps for Business and EDU and only work against Google Groups for Business (groups with a custom #yourdomain.com address).
You cannot use these APIs with consumer Google Groups that have #googlegroups.com email addresses. For these groups, your only option is to manage membership via the web interface.
I'm building a lightweight web interface to SSRS where web app users are mapped to web app roles, which in turn are mapped to SSRS users.
The reason for this convoluted scheme is not up for debate: In short, AD groups can't be used, the site uses Forms auth and there are a fixed number of roles.
Web Role | SSRS User
Admin | AdminUser
Supervisor | SuperUser
User | BasicUser
Guest | GuestUser
The goal is to enumerate all reports a user has permission to view, and allow the user to view the report with the ReportViewer control.
More importantly, it's to simplify the UX for users, both admins and the rest: preventing admins from having to use the Report Manager website (ie, selecting checkboxes rather than hand-typing which web-role-users have access to which reports), and providing a simple UI from which users can see and execute all their reports.
Everything works OK when the user is the AdminUser.
However, I'm having difficulty calling the web service when the user isn't included in a Policy on the Home/Root folder with at least the Browser SSRS role. (The permissions granted to user 'computer\username' are insufficient for performing this operation.)
This is problematic for a couple reasons:
If every user must be a Browser to connect to the web service and enumerate reports they have access to view/execute, then all users will have access to all new reports/folders by default. (Children automatically inherit new permissions)
If a report exists in a nested folder that does not inherit permissions and the user is not a browser of, but the user is a Browser on the nested report, ListChildren() will not return that report.
It seems this leaves me with 2 less than ideal options:
Don't call the web service with the different users. Instead, enumerate reports with ListChildren() using only the admin user. Then, for each report, call GetPolicies(), and from that collection of policies, determine what reports the user is able to view.
Make the call with different users. Live with the pitfalls of newly-published reports being accessible to everyone by default, until permissions are changed. Also live with the pitfalls of nested reports not showing unless the user has access to that path. If an admin wants a nested report within a folder with explicit permissions to be available to a user who can't see that folder, the policies on all ancestor folders and their children must be modified.
#1 is obviously very unwieldy and inefficient. But #2 has significant drawbacks and becomes just as onerous & inefficient when setting permissions in certain situations.
Is there a better way? Have I missed something obvious?
[edit]
A 3rd option is to query the ReportServer database directly using a query like this. This has the benefit of returning everything the user has access to, regardless of whether or not it exists in a subfolder the user cannot access (aka, cannot use the web service's ListChildren method to retrieve). However, if using AD groups, I would have to know which groups the user is a member of, whereas the web service would do this for me. This option feels like a bit of a hack to me, but it could work.
As it turns out, we ran an end-route around this issue by dropping the requirement to restrict report access by web role, and made the path we query in the web service a web.config setting that can change, thus allowing report authors to 'hide' reports in a parent folder if the need arises in the future.
The best solution would have been to query the ReportServer database directly.
However, the client changed their mind & didn't want to restrict reports based on web user role in the end, so problem solved!
Is it possible to get a list of alerts for ALL users within a given site? After messing with the GetAlerts method in /_vti_bin/Lists.asmx, it seems it always executes in the context of the user who provided it with credentials, and will only return the Alerts for THAT user. I was hoping to get a list of EVERY alert within the site.
I know I can probably do this via the SharePoint API in a console app but was hoping to use web services or another method that didn't require direct access to the SharePoint box.
I guess the other method would be to write a custom web service... but I was hoping for something quick and easy.
I think you have answered your question. There is no easy way, only custom coding is left.
Couldn't you use the _vti_bin/sitedata.asmx GetListItems (it allows you to send CAML) method to retrieve alerts and just run the call to the service as the application pool's identity, that should retrieve all items, since the application pool identity is the system account for your site collection....