I try to use Philips Hue API to create groups for each user. The document here: Philips Hue API As in this document states:
2.2. Create group
This method is not supported in the 1.0 version of the API. It is scheduled for release in the next version of the API.
This point makes me feel confusing. If currently API doesn't support create group, how other operations (such as view group, change attributes ...) can happen. Do I misunderstand something ?
Moreover, if we create a group, does this group share over all users, or for only one user that create this group. ?
Thanks :)
The documentation is not up to date; the API version is currently at version 1.3.0.
You can create groups if your Hue bridge is connected to the internet and you have updated it.
To do so, send this POST command to /api/username/groups/ where username is the username you have created to access the API.
{
"name":"Test",
"lights": ["1","2"]
}
lights is the array of lights you wish to associate this group with.
name is the friendly name for this group.
To change a group's name or lights associated with it:
send PUT commands to /api/username/groups/id/
id is the ID of your newly created group
To delete a group:
send an empty DELETE command to /api/username/groups/id/
Because this portion of the API is undocumented, it may be subject to change or removal, or may present instability in your Hue system. Use the group API at your own risk.
send commands to groups the same way you would send them to an individual light (change colors, turn on/off, etc.)
Group 0 controls ALL lights.
Groups are accessible by all users.
Related
As you can see my question above, I was wondering if it is possible to retrieve the assigned groups of an Azure Active Directory (AAD) based user via Microsoft GraphAPI.
My situation is, that I have an ASP.NET MVC project with Microsoft Azure enabled. My goal is, that an Azure user can login on my website with it's Azure account.
The idea is, that an azure user is an admin or an user (depending on the azure groups) and depending of this role group, the user can view more or less of my webpage.
For example:
When Peter logs in with his azure account on my webpage, he should only be able to see:
Add new Document
Edit Document
Remove Document
because he is only assigned as "User" in Azure Active Directory.
But when Sabrina logs in with her azure account on my webpage, then she should be able to do the same as Peter, but she also can see:
Manage Products
Add new customer
etc.
because she is been assigned as an admin in Azure Active Directory.
My problem is, that I did not find out how I retrieve the assigned group of an user with Microsoft GraphAPI. The part, which user can see or not after I got the roles is not a big deal.
I already tried this API call:
https://graph.microsoft.com/v1.0/me/
But it seems, that the response of this call does not include the actual assigned group of that user.
Do you think it is possible to retrieve the assigned group of an azure user? Is this even possible? Or do I have to do something else to retrieve these information?
I hope you understand my point and I am also looking forward for any response. Thanks in advance!
Add /memberOf to the URL to receive the groups a user is member of.
https://graph.microsoft.com/v1.0/me/memberOf
Here's a link to the specific graph api - https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups
Take a look at this sample application on Github. It does something very similar with a task tracker application, where different users are able to perform different actions based on the group they belong to -
https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims/blob/master/README.md
Also, in cases where a user is a member of too many groups, you get back an overage indicator and have to make a separate call to get all groups. Read about “hasgroups” and “groups:src1” claims here - https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens
According to your system architecture, if some user has too many joined groups, the API https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups will return too many groups.
But if the groups with permissions in your system are not too much, you can use this API: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_checkmembergroups to check if the current user is the member of specified groups.
It is not good idea to use this API: https://graph.microsoft.com/v1.0/me/memberOf. Because it returns only the groups that the user is a direct member of, but security group can be member of security group.
I am trying to setup an Azure TTS node in my flow but the form fields are a bit confusing... I am wondering if the problem is setup, or flow, or data, but without being able to isolate at least one of them it is quite hard to define where to attack!
this is the scenario:
Fields on NodeRED UI:
- Subscription (Get key)
- Application ID
- User Agent
Fields on Azure Portal:
- Subscription ID
- Access Keys
- Resource Group
Maybe another information I can't figure out where to find???
Any help would help me tremendously!
Ok, so after a couple days trying to figure that out I finally understood the relation between the forms fields of this node and the information available in my Azure account.
in Node-RED:
Subscription (Get key): put here the KEY (you may have 2 of them, but only the first worked for me)
Application ID: you can create whatever alpha-numeric sequence to uniquely identify your application (numbers and letters only!)
User Agent: whatever name you want (more intuitive) may work here
That's all!
I have an existing notification feed, but I'm looking at possibly migrating over to GetStream.
Currently, I'm using Laravel Notifications, to notify users and other objects.
I currently have something like the following:
1) Users
2) Groups
3) Group Members
So, when I CRUD a group, I simply notify all members of the group and also the group ($group->notifications returns a collection), which works fine.
Looking through the GetStream docs though, it seems there is a concept of 'followers'.
Does this mean, that all members of a group need to be followers of each other to see all notifications?
What about other objects, like, retrieving a feed for a Group? Do i need another Group Type in the dashboard to save activities to?
So, If I Person A and Person B are members of Group 1, When Person A saves Group 1, I'd like Person A, to see something like:
You saved Group 1
and Person B will see:
Person A saved Group 1
When I view the Group page, I'd like to pull in the activities that have happened to that Group.
Is this possible?
Thanks
Does this mean, that all members of a group need to be followers of each other to see all notifications?
Probably not. Stream allows you setup feed groups, following relationships, and use "targeting" to send activities to different feeds.
Based on the use case you described, you're probably best off with two Feed Groups, e.g. group and user_timeline. You can give each user their own user timeline feed and set it to follow other group feeds as appropriate.
When a user does something involving the group, an activity can be added to the group feed. This activity then propagates out to all users who follow the group.
What about other objects, like, retrieving a feed for a Group? Do i need another Group Type in the dashboard to save activities to?
You can always create multiple feed groups for a given app. The example with two groups is probably sufficient for your use case but you could go further with 3 groups...
user: User events posted to this feed. This feed will handle specific and non-group specific activities. If the activity relates to a group, the "to" field can be populated with the group feed name and this will cause the activities to be copied to that feed (and in turn propagated to it's followers).
user_timeline: Retrieved by users. Follows group feeds. User's may also follow another user's user_timeline feed in order to receive all events by that user (e.g. an asymmetrical follow like Twitter / or symmetrical follow like Facebook)
group: Receives user generated activities via the 'to' targetting. System/admin generated activities may also be add directly to the feed.
Hi i have a group system and i'd like to add some security to it.
Users can belong to multiple groups and id like to know the best way to authorize people to see the groups only if they are in it. If they aren't i want to redirect them to a another page, which is different according to the group.
For now i created a service but i have to use it in every controller...
I've heard of multiple things but not sure if they are appropriate for my situation.
Thanks for your help
There are several different ways to do this depending on the approach/complexity. Here are a few:
1) Use Symfony ACLS. When a user is added to a particular group, you can use the symfony ACL system to grant them view access to that group, and then later check isGranted() against that group to see if they have view permissions.
2) Create a custom voter
http://symfony.com/doc/current/cookbook/security/voters.html#creating-a-custom-voter
3) If the number of groups is limited in number, you could even use Doctrine query filters to automatically add a where clause to all queries where the group_id is in a list of allowed groups for that user. You can bypass this for all admin users. http://doctrine-orm.readthedocs.org/en/latest/reference/filters.html
We have a Salesforce app where we have some custom objects and want to expose the various custom object rcords to customers.
We need to ensure that customers can see only the records belonging to their Account. Because of the way these records are setup(owned by various system users at different levels of processing), we cannot use owner based sharing...and cannot use criteria based sharing since its not dynamic(I cant use criteria based sharing to say "Share this record with all customer portal users who belong to the same Account as the record" at runtime).
So I know I have to use Apex based sharing. I have read up on the sharing objects and the sharing table. But how would I approach this.
I can write a trigger which upon inserting will create a share object and get all userids who belong to the customer portal group and whose account equals the account of the record and associate them with the share object of the record.
But I feel this is overkill correct? Lets say there are 5 users from one of our customers and lets say there are 500 records created a day...that means 2500 share objects a day just for 1 customer...for 10 customers this can go upto 25000...and scale in this way...
Am I right here?
Another problem would be if a new person joined that customer team..unless another process updates the sharing on older records, he/she cannot see the older records.
So is there a better/elegant way to do this? I thought of adding a share object to the group...but there is just one group "Customer portal group" and how do I associate the group with the account of the users?
I will appreciate any thoughts about this.
You should take a look at high-volume customer portal users. They're much cheaper relative to standard customer portal users and should meet your needs. Unlike regular users they have a totally different sharing concept. In a nutshell if they own an object they can see, if not they can't. You can then extend this based on whether a contact or account lookup on the object matches the logged in user.
Read up on this documentation:
License Types (scan to High Volume Customer Portal)
Granting High-Volume Portal Users Access to Records (login required)
You can use groups for sharing to avoid creating so many sharing records. You would have one group per account and one sharing record per account. Instead of managing thousands of sharing records you would have to manage hundreds of groups.
I haven't tried this approach with this many groups, but I read some time ago that it should work (someone posted using a LOT of groups for sharing). If you do try this, please tell us if it worked OK.