This is a variation of the question I had asked the other day and resolved with help.
Android 10: Able to upload a Uri directly but fails with "Permission denial" exception when re-attempted later
Using a combination of ACTION_OPEN_DOCUMENT and getContentResolver().takePersistableUriPermission, I am able to upload later a file that was chosen by user.
But, if the user selects an image through Photos/Gallery to share through our app and if there is no network at that moment, as expected the app needs to attempt the upload later. During this re-attempt, I am facing a "Permission Denial" exception. Please let me know what might be wrong. Appreciate your help.
How the URI is retrieved
callingIntent = new SharedIntent();
callingIntent.action = getIntent().getAction();
callingIntent.type = getIntent().getType();
if (Intent.ACTION_SEND.equals(callingIntent.action) ||
Intent.ACTION_SEND_MULTIPLE.equals(callingIntent.action))
{
callingIntent.uri = (Uri) getIntent().getParcelableExtra(Intent.EXTRA_STREAM);
if (null == callingIntent.uri)
callingIntent.uri = getIntent().getData();
callingIntent.aUri = getIntent().getParcelableArrayListExtra(Intent.EXTRA_STREAM);
}
In the Intent that receives the URI through Photos, we have this -
getContentResolver().takePersistableUriPermission(callingIntent.uri, Intent.FLAG_GRANT_READ_URI_PERMISSION);
To call the the IntentService to which the URI is passed for upload -
intentService.setData(callingIntent.uri);
intentService.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
context.startService(intentService);
But when the startService is called, there is a "Permission denial" exception - "Permission denial: no permissions found for UID...."
You cannot reliably get persistable Uri permissions on arbitrary Uri values. That only works if you get the Uri from the Storage Access Framework, such as your ACTION_OPEN_DOCUMENT scenario. A Uri that you receive from ACTION_SEND or ACTION_SEND_MULTIPLE is unlikely to have been obtained from the Storage Access Framework.
As a result, you have to use that Uri immediately. If you cannot do so, your options are:
Tell the user that you cannot perform their desired operation now, or
Make a local copy of the data now to a file (e.g., in getCacheDir()) while you can, then use and delete the copy later
Related
my application has Mail.Read.Write permission for MS graph API and the application has restrict policy on exchange online . The restriction is for a security group and the mailbox folder i am trying to access is a member of that security group. get and post methods are working fine only problem is with patch . I need to mark some emails as read after processing them.
r2 = requests.patch(request_url2,
data=json.dumps(request_body2),
headers={'Content-Type': 'application/json','Authorization': 'Bearer ' + result['access_token']})
pastebin_url2 = r2.text
print("The pastebin URL is:%s"%pastebin_url2)
the same API works fine from graph explorer has anyone tried using python msal and requests...any help appreciated
Looks like the message Id changes after moving message to a different folder
so i changed my code to first mark the message as Read in Inbox and then move to a another folder instead of the other way around. I tried with ImmutableId but it also changes after moving message to different folder.
Recently found some weird case when trying to use mgt people picker to search my tenancy Azure AD user with below tag.
<mgt-people-picker type="any" transitive-search="true"></mgt-people-picker>
Following is summary of info used:
a) Single tenant, does not allowed personal Microsoft account.
b) All API permission requires are granted in application and in app registration.
"User.Read",
"User.ReadBasic.All",
"People.Read",
"People.Read.All",
"Contacts.Read",
"Directory.Read.All",
"User.Read.All",
"Member.Read.Hidden",
"Domain.Read.All",
"User.ReadWrite.All",
"APIConnectors.Read.All"
c) admin consent is given.
d) I'm using api/proxy to connect.
Somehow, I only can found some of the users, some of the users was not found. From mgt people picker UI, i just enter three to four character or full email address to search it but the return result is not correct. And i found that when it return incorrect result it have error on retrieving photo values. Sample error as below
I have tried to use Graph Explorer to test it. Apparently, it is also cannot return the correct result match. But only using following query test, it is able to return the correct user to me. but when using mgt people picker, it cannot. Any advise are much appreciated. I'm just guessing it is something related to Azure AD user profile settings or it is something related to my application configuration or something else. Hope can some clues for me to resolve this issue. For your information, I have all admin rights to access all resources in my organization Azure environment. If there is information that I have missing, please do let me know, I will edit the post to include it.
https://graph.microsoft.com/v1.0/users/<email address>
Test result by using Graph Explorer as reference, which only return partial only (majority not return):
In order to fix this issue that /me/people endpoint does not able to show relevant search result. I have did following code changes in my api/proxy to intercepting the process before sending the request to MS Graph as below. This maybe is a workaround to make it works. In future, if there is better option, I will make a change on it.
Hope this can help someone who faced the same issue as I'm.
var url = $"{GetBaseUrlWithoutVersion(_graphClient)}/{all}{qs.ToUriComponent()}";
if(url.StartsWith("https://graph.microsoft.com/v1.0/me/people?$search="))
{
string url2 = #"https://graph.microsoft.com/v1.0/users?$count=true&$filter=startsWith(displayname,%27{0}%27) or startsWith(userPrincipalName,%27{1}%27)";
Uri searchUri = new Uri(url);
string paramSearch = HttpUtility.ParseQueryString(searchUri.Query).Get("$search").Replace('"', ' ').Trim();
//we do not want to search for any email address, just for custom search only
if(!string.IsNullOrEmpty(paramSearch) && !paramSearch.Contains("#xxx"))
{
url = string.Format(url2, paramSearch, paramSearch);
}
}
Good evening ppl at Microsoft!
I have an Mobile App Service at Microsoft Azure Located at South Central US named CeneamApp.
My backend is configured in a way so that my user can access only the data they capture, by making use of stable user ids.
so I had followed Adrian Hall book to create an a user id (https://adrianhall.github.io/develop-mobile-apps-with-csharp-and-azure/chapter2/authorization/)with the following format sid:{identifier}as described here: (https://github.com/Azure/azure-mobile-apps-net-server/wiki/Understanding-User-Ids).
now all my userid had been changed and my user cant access their previous data capture by them, because somehow the provider or issuer or whatever is going on, doesnt let me retrieve a user id as described by the github project team wiki (in the previous link). so instead i receive a new userid but seem to be a random number:
I'm adding screenshot of the essential part of my code at my backend project which i debugged so i could understand whats going on and my dummy database where you can see an stable_id save on it and the new suppose stable_ids the next two rows.
Debugged code retrieving apparently a new userid from FACEBOOK could you confirm about this change? because I havent been able to understand this change.
Dummy Database with the lost userid and the new ones from other accounts database screenshot
if anyone has information about this odd behavior i would appreciate to enlight me, because this line of code:
principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
used to give me a user id with this format: "sid:{identifier}", now the format is a the screenshot shows.
Same situation here. About to go live and suddenly this. Interesting that only one Mobile App based in the UK datacenter is affected. Other 2 apps which are in production and plus another Web App are still fine.
The full solution can only be provided by Azure team. But I have a workaround and and idea:
1. Workaround.
In the base controller I read and parse the token from the header. The sid is in the subject of the token. The code is simple:
string _userSid;
public string UserSid
{
get
{
if (_userSid == null)
{
KeyValuePair<string, IEnumerable<string>> auth_header = Request.Headers.FirstOrDefault(h => h.Key.Equals("x-zumo-auth", StringComparison.InvariantCultureIgnoreCase));
string token = auth_header.Value.FirstOrDefault();
if (!string.IsNullOrEmpty(token))
{
var jwtToken = new JwtSecurityToken(token);
if (jwtToken != null)
{
_userSid = jwtToken.Subject;
}
}
}
return _userSid;
}
}
I use it instead of getting this from ClaimPrinciple as per manual. I checked the Mobile App Server code does a very similar thing.
2. Idea.
Azure Mobile Apps have this parameter:
MobileAppsManagement_EXTENSION_VERSION it is recommended to set to latest. I think if we downgraded it to previous version it would work until Microsoft finds and solves the problem. The only issue is that I do not know and could not find the version number. May be someone knows and can post here?
I cannot figure out the way how to simply retrieve all repositories for my user on gitlab.
I'm trying to use this npm package: https://www.npmjs.com/package/gitlab
So for gitlab: Repositories=Projects
Here is how I try to use the gitlab package:
options =
owned: true
simple: true
# membership: true
# maxPages: 1
# per_page: 1
try
projects = await gitlab.Projects.all(options)
printSuccess "checkAccess Success!"
log "typeof projects: " + typeof projects
log "projects.length: " + projects.length
olog projects
catch err
printError "checkAccess Error!"
olog service
olog err
return true
The request is a success. Just the projects is always an empty array.
The only way I receive projects is when I donot state owned:true.
Then the request takes some time and returns any public projects it finds.
Funny is when stating membership:true but not owned:true it still returns an empty array...
Also funny is that when trying
users = await gitlab.Users.all()
it always fails with 403 Forbidden.
I've created various accessTokens one of them even with access to all of the scopes. For all the same behaviour occurs.
I have created a private and a public repository for my user to test this. So it definately should find these.
I also assume that the accessTokens are not the problem, as I get "401 Unauthorized" when I use an invalid one and the empty array when I use my valid one.
Also I assume that my accessToken is identifying my user so gitlab should know that the task is to retrieve all projects within my users' scope which are owned by my user.
Does anyone know how it works. I really donot understand what is going on and why it just would not work. Also yet I did not find anything helpful inside the documentation: https://docs.gitlab.com/ee/api/projects.html
Finally found the problem.
When creating the gitlab access Object at first, it won't throw an error if the accessToken is null.
In this case we will not have a user and will have public access to repositories.
I am trying to perform OCR on pdf documents using google cloud vision API, i uploaded a pdf document into a cloud bucket and downloaded the oauth key file and added it in the script as below. But when i run the file, i get the permissiondenined: 403 error, can anyone please give me instructions on how to fix it, i did extensive google search and did not yield any results, i am surely missing something here.
#authenitcation file
os.environ["GOOGLE_APPLICATION_CREDENTIALS"]="mykeylocation/key1.json"
#method being called
operation = client.async_batch_annotate_files(requests=[async_request])
#error message
PermissionDenied: 403 Error opening file: gs://myocrbucket-vamsi/2017 Form 3W-2.pdf.
I have checked the older stack overflow questions and the links provided in answers are not active anymore.
Thanks in advance for your help.
Add your client_email to member of your bucket and give necessary role(s) for it, find it from your json key file.
Storage Bucket -> Permissions -> Add member