I have developed a basic Teams chatbot using the Hello World Tutorial from Microsoft (with Node.js). What I would like to make this bot able to search through the Sharepoint documents library. Users could ask questions like "the contract for product B" to the bot in teams and the bot could reply with the doc url or, better, the doc itself. So :
Is it possible ?
If yes would you know a tutorial that could help me ?
Thanks
Yes, this is possible. You need to be aware that a bot is basically just a web service with a special REST endpoint, so it can do anything any other web service can do, which includes for example calling to SharePoint. The important thing for you to be aware of is that the bot / web service has no access rights by itself into SharePoint, so you need to think about authentication to the SharePoint library. In short:
You should use Microsoft Graph to connect to SharePoint, something like this: https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0 or more specifically this: https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http
If you look at the Permissions section in the above link, notice that your service (i.e. bot) needs to have either 'Application' permissions, which means a standard permission applied to the bot itself, and granted by the tenant admin, to retrieve any files, or 'delegated' which means it can only fetch items the user has access to, and the bot operates on the user's behalf. The 2nd option requires you to implement SSO in your bot, to get the user's access token, exchange it for a Graph token (something called an "OBO" or "On Behalf of" exchange), and then calling to SharePoint.
I've tried to keep the answer focused on your question. If you want more details, especially on the 2nd part which is more detailed and might not be familiar to you, let me know, but it should be a separate question here on this site in that case.
Related
I have the app that uses OneDrive API (MS graph) to access OneDrive free accounts and OneDrive for business.
The app works fine.
In docs of the API i can see same API can be used also to access Sharepoint Online sites data.
How to do this? When i auth a user who has Sharepoint Online account with MS graph, there is only his drive (ondrive) but there is no his site listed.
How to get access to his sharepoint site too using same API?
I have found how to work with sites using the Graph API.
To get list of sites there is the call
GET /v1.0/sites/
Then use the SITEID to get list of drives (in fact, top level folders)
GET /v1.0/sites/SITEID/drives
Then to get contents of a drive user
GET /v1.0/sites/SITEID/drives/DRIVEID/root/children
And all next calls are same as for onedrive drive
However, there is the problem i still can not solve. How to create new top level folder (new drive on a site). There is no API call for this
I believe what you are looking for is the sites API. It lets you interact with a SharePoint site if you know the path or the id of the site. You can find the documentation for the api here:
https://dev.onedrive.com/resources/site.htm
There is no easy way to discover sites as of now. You can however search for a site. You can read more about it here:
https://dev.onedrive.com/sites/search.htm
This endpoint to get the list of sites is not working, so the last answer is not valid anymore.
https://graph.microsoft.com/v1.0/sites
I haven't found a way to do this, the discovery of sites, without admin consent. If the admin consent flow is not a problem you can try this workaround, use the endpoint of groups to ask for the groups that the user is member of, and you can use the groups to get the document libraries of the user.
To get the groups:
GET https://graph.microsoft.com/v1.0/me/memberOf
With the group id, you can use this endpoint:
GET https://graph.microsoft.com/v1.0/groups/{group-id}/drive
So if someone know how to do the discovery of sites for a user without admin consent, please share.
EDIT: I'm not sure why my answer was deleted, my answer basically has 2 things:
I gave notice that one answer here is not valid anymore.
I gave a possible other solution to the problem.
I'm working on accessing document libraries for Sharepoint sites via Mircosoft Graph, but haven't had any luck so far.
Here is my setup:
I have two sites
https://mydomain.sharepoint.com
https://mydomain.sharepoint.com/teams/MyTestSite
When I make an api call to https://graph.microsoft.com/v1.0/drives, the response doesn't contain id of document library for second site (https://mydomain.sharepoint.com/teams/MyTestSite).
I have gone through documentation and haven't found anything on how to accomplish this. If anyone got any idea about this, please share.
Thanks.
I was able to figure out a solution for this. A sharepoint site is represented as a Group in Office 365. I found that out by doing some hit and trial.
So, after looking up their documentation for anything related to a Group, I got to this: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/group
And, by using the List groups endpoint I was finally able to get a list of all the Sharepoint sites which the authenticated user can access.
This API call requires Group.Read.All scope while requesting access token and only Admin users can authorize this scope. So, this will need a separate interface for Admin to list groups, potentially store the group-user mapping on my app for the user to be able to make api call (/groups/{group-id}/drive/items/{item-id}) related to the drive.
The V1.0 API has a way to list your doc lib as follows
GET https://graph.microsoft.com/v1.0/sites/mydomain.sharepoint.com:/Teams/MyTestSite:/drives
Hope this helps.
The beta API also exposes a Sharepoint endpoint.
You can also use the path if you already know your site structure:
GET https://graph.microsoft.com/beta/sharepoint:/sites
I am developing an app which needs public_content scope of Live API and aware of new regulations of Instagram. After I complete my app, I will send it to Instagram for review. Issue that I wonder was, Is having a company is strictly required in order to have Live API permission ? Because I saw in documents that developers should show their apps' privacy policy and kind of stuffs.
I dont think you require to have a registered company, but your app/website should look serious and should solve a problem for brands/businesses as mentioned in the 3 approved use case by Instagram.
I used to have http://gramfeed.com for last 5 years and recently had to rename to https://www.picodash.com and refocus the service for more specific audience to get approval. It has to look professional and should NOT be a generic service to all users.
I'm making an app that authenticates a coach with KA's API, in order to present statistics and reports on the progress of each student.
How do I see "For whom am I a coach" (inverse of /api/v1/user.coaches)?
or otherwise request user and progress data for all my students?
You can request /api/v1/user/students to get a list of the currently authenticated users' students. Note that this is an undocumented endpoint, not sure if that's on purpose or not, but I suspect just an oversight because IIRC I've seen them reference it on github issues in the past.
I added that endpoint to the khan npm module in this PR: https://github.com/weo-edu/khan/pull/4
An important caveat to note is that as of this writing, you won't be able to request students on behalf of a user who has authenticated your application, only the user who created the app you're currently using.
Put another way: If I create an application called "hello" while logged in as "Jeffrey", I can get all of Jeffrey's students by authenticating with the "hello" app. However, If I log in as Lisa via the "hello" app (via oauth, e.g. passport-khan), I'll have an access token but the Khan API will refuse my request because Lisa did not create the "hello" app.
This behavior is documented (albeit a bit confusingly) in this wiki page, here's the relevant paragraph:
It is recommended that schools have one teacher/coach account that registers for an API key. This enables a situation where the logged-in user is the same as the third-party developer, who then can access their own students' data pursuant to Khan Academy's "coach" relationship. For example, suppose the principal of Riverdale High wished to export data for multiple students via the API. The principal would create a teacher/coach account, perhaps called "RiverdaleHighAPI," and register for an API key. The principal would then ask all students of Riverdale High to add "RiverdaleHighAPI" as a coach, either directly or via several class codes. When accessing the API with "RiverdaleHighAPI" as the logged in user, the principal would be able to access the data for all students that have added "RiverdaleHighAPI" as a coach. The app would not have access to any other coaches' student data, even if another coach logged in through the app. To protect student privacy, we do not allow indirect consent through the coach, and we require each student to explicitly grant permission to access their data. Please note that we are working to improve this functionality; for the time being, this "RiverdaleHighAPI" account should only be used by the school's API client, not by any actual teacher or coach.
Lastly, khan actually encourages public use of their internal API. They recommend opening up your developer console while logged in to khan and looking for the endpoints that return the data you want. (see this note on their authentication document).
This is obviously a fairly non-standard practice and I assume the endpoints would be subject to breaking changes without warning. Also you'll be flying documentation free. That said, this approach may be the most robust option for your purposes. Here's the quote from their wiki for posterity:
The API explorer documents our public API, which has URLs starting with /api/v1, but unfortunately it's not very well-maintained and lacking in a few areas.
If you're feeling adventurous, though, you're welcome to use any internal undocumented API endpoints. For example, if you load a Khan Academy video page and use your browser's developer tools to look at the ajax requests being sent, you'll see that it gets a URL like /api/internal/videos/aubZU0iWtgI/transcript, which contains a JSON response with the video subtitles. That "internal" in the name means that we don't provide documentation, and we may remove the endpoint or change the format in the future, but you're welcome to use any internal endpoints if you keep those caveats in mind.
I am trying to find out if the currently logged on user has a certain security role. I've looked on Google (couldn't find an answer) and the SDk examples (they seemed way too complicated). So, if you know the name of the security role and the user ID, how do you check to see if the user has that role?
If you browse the folder structure of the CRM 2011 SDK (link: https://www.microsoft.com/en-us/download/details.aspx?id=24004) to this location you will find what you are looking for:
.\SDK\SampleCode\CS\BusinessDataModel\UsersAndRoles\DoesUserBelongToRole.cs
It provides a sample built as a C# Console application. The code will work in ASP.NET as long as the app pool user is authorized to access the CRM Organization that you are trying to connect to.
Hope this helps
You should be able to find lots of examples out there. However to get the current users roles in JavaScript you can use:-
Xrm.Page.context.getUserRoles()
That however will return a list of GUID's which you then need to compare with roles in the system. This part is a bit trickier however here is an article that shows pretty clearly how to do it
http://www.infinite-x.net/2010/11/16/retreiving-user-roles-in-crm-2011/
At a high level you need to do an OData query (against RoleSet) to return the role (or roles) that you are wanting to compare. Then you compare the GUID's of those roles against the GUID's returned by the getUserRoles() function and you're good to go!