I have one account in docusign which has 3 users for it. We have a requirement of retrieving templates of users for that account. The Template:List API is retrieving all the templates of the account. There is also one path parameter named user_id but it is not retrieving the templates of particular user account instead it is retrieving all templates.
Is there any way through Rest API we will retrieve list of templates of user account?
If there Please provide the Rest API details or link.
From my own testing, it appears you're right. This could be a bug, I'm not sure and I'll follow up but this may take time.
Two possible workaround.
Make the API call in the context of the user that you wish you get templates. Basically, you'll need to obtain an accessToken for the API for that user. With JWT that is very simple, just use the userID when you ask for the token (but you do have to get consent).
Filter the list of templates you get. The list does include information about the owner of the template (again, userID) but you'll get all of them and have to do the work to find the ones you want.
(Update 5/26/2020: confirmed with engineering this is a bug. It is tracked under TT-3290).
(Update 6/23/2020: bug was resolved, will be deployed shortly)
Related
I am looking to create a login that verifies a user account via the graph api and also verifies they are a microsoft partner via the partner api. I can easily get one grant or the other but can't seem to get both to work in one grant. I would rather not force the user to approve two different app approval boxes.
Is this possible:
scope=https%3A%2F%2Fapi.partnercenter.microsoft.com/user_impersonation%20https%3A%2F%2Fgraph.microsoft.com/openid+profile+email
as per the limitations of azure ad, I don't believe you can request multiple scopes from different external resources like you're doing there. you will have to do two different requests. the token should stack with the resources, but you cannot call them both in one go. so no, that scope= you provided probably won't work or will only return the first scope.
Similar type question for reference.
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1390
I have setup my web api to use policy based authorization. I can have permissions like invoice:list, invoice:edit, invoice:delete, order:list, order:edit and so on.
Now, I need to return different sets of data depending on the user that is logged in. For example an user can retrieve all invoices (sales manager for example) and others just the ones created by them.
Would it be a good way to do it, add a bit more information to the claim like -> inovice:list:all, invoice:list:own, etc...? And add differnt filters to the final query depending on the "all" or "own" part?
What other alternatives can be implemented to solve this problem?
Cheers.
I'm new to Piranha CMS and just trying to get my head around it. I'm using the MVC implementation and I need to do the following:
I need to extend the User with a property that stores an account number.
I need a page that is only accessible once the user logs in
On this page, I need to call a REST API on another server, using the account number a parameter, to retrieve a list of documents that the user has stored on this server.
When the user clicks the document, it will be downloaded as a PDF using the REST API once again
I just need general guidance on how to do this. How do I store the account number against the user (and manage this) and do I need to create a new Region that will show the list of documents from the remote server. Is there an example of creating a new Region anywhere and maybe returning a list from SQL that I can adapt?
Any help gratefully received.
Thanks in advance
Mike
The easiest way is to implement an extension with your custom fields that you attach to the user where you store this information.
When editing a page, go in under "settings" and select which groups should have access to your page. For this purpose I suggest creating a new group for site users that are not admins.
This should be easily implemented in either the controller or model for your page. When the user is logged in "User.Identity.Name" is the user id. Get the user, load the extensions & use the account number.
See number three.
Regards
I am new to REST APIs, I am actually not looking for any workarounds, I just need to clear my concept because I know I am missing some very important information which can easily solve my problem.
For E.g I made a small website, let's say using angular.js, where I will list some information or some items.
Consider it as an open website for now, everyone is getting same list. Anyone can come to the page and see the list of items. Simple.
Lets say the URL to this list is
https://www.example.com/api/list/v1
Result returned
1. abc
2. cde
3. efg
4. hij
Perfect!
Now my site got traffic, and I decided to implement user thing on my website, so that every user can only see his own information.
So I changed the rest api url to this:
https://www.example.com/api/list/v1/12345
where 12345 is userid.
The user with the user id came on the website, logged in, and browsed the list, by chance he went to the source of the page, and he found the url to list information.
He copied the url and started to use different user id's, he might get lucky any time.
I am not talking about implementing any type of security up til now, there must be several ways to secure it.
My main concern is that isn't it a large security hole, or we can call it an invitation, for injections?
So I just want to clear my understanding, where I am wrong?
Thanks
This is not some security loophole. This is the way it is supposed to work.
Let's put aside the case of APIs. Consider the simple example::
I have a url: www.example.com/jobs/
This will list all the jobs on my website. No authentication or permission of any sort is required to access this data. I am providing it to every user that visits my website. Now I need a way to figure out if the user visiting my website wants to filter the jobs available on my website. So I provide this option in url kwargs. This will look something like::
www.example.com/jobs/java/
So, now the list will contain the data only for Java jobs. Plain and simple.
Now some day I decide that I will let only the registered users to view Java Jobs. So, I introduce a new check in my View that lets you access the java jobs only if you are logged into my website. Otherwise it redirects you to the login page. Depending on the requirement, you put restrictions on the data being sent to the user.
Same is the case with APIs. If you allow the data to be available to any user that uses the API, there is a flaw with your design and not with the concept of APIs. APIs are just the implementation of your logic.
If you don't want a user with id 12345 to access the data of a user with id 123, you have got to restrict the permissions on the API code. You have got to handle themselves. The API will respond to your code.
Hope this clears out everything.
I'm writing a Rally app using REST service calls and JQuery. I'd like to customize app behavior to the current user, i.e., show their default project. Is there a way to get a username or ID for the current auth session? The closest I've found is this website url, which redirects to the userid (if you request it while logged in).
https://rally1.rallydev.com/#
But is there a real way to do it? A REST call would be nice, but I guess that's not RESTful?
You can make a request to https://rally1.rallydev.com/slm/webservice/1.38/user.js and it will return results for the currently logged in user.
Include UserProfile and DefaultProject in your fetch and any other fields on Project, Workspace, WorkspaceConfiguration and UserProfile objects and you should be able to get most of the info you're looking for.
If you're using SDK 2 some of this information is already available in the current context:
Rally.environment.getContext().getUser();