Where / how can I find the id from OData__ModernAudienceTargetUserFieldId or _ModernAudienceTargetUserFieldStringId - the displayed id is not identifiable with groups from await graph.groups();
img
It should be from the user information list in the site.
You could find the id from there, the url is : /_layouts/15/people.aspx?MembershipGroupId=0
Related
In botbuilder, there's a context.activity.channelData object that my bot received. That has a tenant object which only contains an id property. Is there any property or function that can return to me the name of the tenant (organization) who belongs to that id?
Here's an example. A user works for Acme Inc. and has three MS Teams teams: Team1, Team2, and Team3. I can get the names of all the teams, and I can get the tenantId for "Acme Inc." but how can I get the name of the tenant that owns those team, a.k.a. the text Acme Inc.?
Unfortunately, you can't get that info from channelData.
You can use GraphAPI to return the org name.
https://graph.microsoft.com/v1.0/organization?$select=displayName
https://developer.microsoft.com/en-us/graph/graph-explorer
Here is a bot sample on how to use graph in a bot. And here is a sample on using auth in Teams. With all that together, you should be able to get that info.
If needed at all you can get the AAD group ID from TeamsInfo. Info here.
While it's not possible to get the actual tenant name per se from channel data, what you can do in your bot is make a call to get "conversation members", in order to get a UPN for the user(s). Here's an example in C# (I'm sure there's a Node equivalent) an that will give you properties including:
"userPrincipalName": "MeganB#[whatever].OnMicrosoft.com"
That might be enough for what you need?
i am using nodejs passport-azure-ad for AD authentication with OIDCStrategy. Every thing is working fine but i am not able to fetch correct groups. Although i update responseType: 'code id_token', and getting groups id as well but groups are different from the azure portal showing.
I am not sure about your scenario . If you wan to get group claims by setting groupMembershipClaims property in manifest . Your choices for setting the groupMembershipClaims property are null (the default), All or SecurityGroup. If you choose SecurityGroup you will get group claims in the JWT token for just security groups the user is a member of. If you choose All you will get group claims in the JWT token for security groups and distribution lists the user is a member of. If you want to just get security groups the user is a member of , you should set value to SecurityGroup , then you will find group object IDs now provided in the claims . You could check that value with object id value in group property from azure portal .
If your question is getting group name with group object id in token claims , please provide more details about that, for example , which api you are using .
If i misunderstand your scenario , please feel free to let me know .
We have added a AD group to SharePoint users group. Now when we login with user, we want to check permission for the logged in AD user.
I have added Ad group (example) managers in SharePoint.
Now I want show some URL links to only the group(managers).
When user logged in, how can I check whether user is manager or not? (Using
CSOM or JSOM)
Unfortunately, the SPGroup.ContainsCurrentUser property that you would use for this in server-side code is not accessible through the JavaScript client object model (at least not in SP2010 and 2013).
Option 1: Use group membership visibility as a workaround
One potential workaround is to exploit a combination of two properties that you can access on groups via the JavaScript client object model: OnlyAllowMembersViewMemberhip and CanCurrentUserViewMembership.
If the current user can view group membership for a group that is only set to allow group members to do so, we can assume the user is a group member.
var clientContext = new SP.ClientContext();
var groupId = 5; // the group membership ID for the group you want to check
var group = clientContext.get_web().get_siteGroups().getById(groupId);
clientContext.load(group,"CanCurrentUserViewMembership");
clientContext.load(group,"OnlyAllowMembersViewMembership");
clientContext.executeQueryAsync(
function(sender,args){
var isMemberOfGroup = group.get_canCurrentUserViewMembership() && group.get_onlyAllowMembersViewMembership();
if(isMemberOfGroup){
doSomething();
}
},
function(sender,args){alert("Whoops! "+args.get_message());}
);
This approach will only work if you've set the groups to only be visible to members, and it'll always return a false positive if you have elevated access, such as if you're a site collection administrator or the group owner.
How to Iterate Through All Site Groups
If you want to apply the above logic to check the current user's membership in all groups on the site (instead of specifying a group by its ID), you can use the modified JavaScript code below.
var clientContext = new SP.ClientContext();
var groups = clientContext.get_web().get_siteGroups()
clientContext.load(groups,"Include(CanCurrentUserViewMembership,OnlyAllowMembersViewMembership,Title)");
clientContext.executeQueryAsync(
function(sender,args){
var groupIterator = groups.getEnumerator();
var myGroups = [];
while(groupIterator.moveNext()){
var current = groupIterator.get_current();
var isMemberOfGroup = current.get_canCurrentUserViewMembership() && current.get_onlyAllowMembersViewMembership();
if(isMemberOfGroup){
myGroups.push(current.get_title()); // this example adds group titles to an array
}
}
alert(myGroups); // show the array
},function(sender,args){"Whoops! "+alert(args.get_message());});
Option 2: Use Audience Targeting as a workaround
For your requirements you may not even need programmatic access to the group membership. You could just set audience targeting on the web parts that you want to be visible only to certain groups; audience targeting should respect AD group membership.
I am creating an Organization in Liferay using:
OrganizationLocalServiceUtil.addOrganization (
userId, parentOrganizationId, name,
type, recursable, regionId, countryId,
statusId, comments, false, serviceContext);
Following are my confusions:
Why we need parentOrganizationId?
What does organization status refer to?
Why ServiceContext?
The short answer: There's javadoc
Somewhat longer:
Organizations have an implicit hierarchy - thus, if you create an organization, you might as well create it at the intended position in the hierarchy, thus parentOrganizationId.
You might want to try ListTypeConstants.ORGANIZATION_STATUS_DEFAULT as the status you give
Typically, Liferay stores owners or other data with created entities (e.g. for later permission checks). This is data that can be retrieved from serviceContext.
The answer lies in this documentation.
From the documentation as it is:
userId - the primary key of the creator/owner of the organization
parentOrganizationId - the primary key of the organization's parent organization
name - the organization's name
type - the organization's type
recursable - whether the permissions of the organization are to be inherited by its sub-organizations
regionId - the primary key of the organization's region
countryId - the primary key of the organization's country
statusId - the organization's workflow status
comments - the comments about the organization
site - whether the organization is to be associated with a main site
serviceContext - the organization's service context (optionally null). Can set asset category IDs, asset tag names, and expando bridge attributes for the organization.
To add to the above documentation some specifics in response to your question:
Why we need parentOrganizationId?
Liferay has a concept of heirarchical Organization structure, so you can have levels of Organizations.
So if you want to create top-level Organization then use com.liferay.portal.model.OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID to pass for
parentOrganizationId
What does organization status refer to?
Liferay has workflow (like Kaleo-workflow) for various assets. If you don't want to use this than pass [com.liferay.portal.kernel.workflow.WorkflowConstants.STATUS_APPROVED][4]
Why ServiceContext?
This you can pass as null as stated.
Basically you can think of this class as a collection of different general methods and attributes like Expando, asset-tags, asset-categories etc which can be passed as a single argument by being enclosed in the ServiceContext object rather than as individual arguments and making the method call tedious.
Here is the documentation.
Here are some more details for you to understand this better: Development Guide & Wiki.
A working snippet for Liferay 6.2 for top level organizations is:
ServiceContext serviceContext = ServiceContextFactory.getInstance(request); //or null
Organization organization = OrganizationServiceUtil.addOrganization(
OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID,
organizationName,
OrganizationConstants.TYPE_REGULAR_ORGANIZATION,
RegionConstants.DEFAULT_REGION_ID,
CountryConstants.DEFAULT_COUNTRY_ID,
ListTypeConstants.ORGANIZATION_STATUS_DEFAULT,
"",
false,
serviceContext
);
The comment of Olaf Kock before is correct, and using
WorkflowConstants.STATUS_APPROVED
for the status will yield a
com.liferay.portal.NoSuchListTypeException.
I would upvote him, if this would not be a new account.
I have 350 groups in in my sites collection. I need to find a user by passing login name get his groups belongs to? How to get programmatically?
Use SPWeb.AllUsers collection to get the SPUser by login name (alternatively use SPWeb.EnsureUser if you don't know if they have been added yet)
Use SPUser.Groups to get the groups the user is a member of
Checkout this excellent post on ASP.NET forums:
C# Example: How to get all groups, users and roles from SharePoint using SPGroup, SPUser, SPRole ...
CheckOut this one
SPFieldUserValue usersField = new SPFieldUserValue(SPContext.Current.Web);
bool isUser = SPUtility.IsLoginValid(SPContext.Current.Site, usersField.User.LoginName);
SPGroup group = SPContext.Current.Web.Groups.GetByID(usersField.LookupId);