I get a response 'Not authorized to create: TestCase" - rally

I used Rally API to create a test case. I was able to create test cases with out any issues. However when I used a different login user to create the test case, Rally gives me the following response:
{"CreateResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": ["Not authorized to create: TestCase"], "Warnings": ["It is no longer necessary to append \".js\" to WSAPI resources."]}}

There is no indication that this is anything other than a permission issue. Make sure that the new user is not a read-only user and make sure this user has editor rights in the project where you are creating a test case. There are no special API permissions. If you can create a test case in a project using UI you should be able to create a user in the same project with WS API.

You can set a project reference: -
JsonObject newObj = new JsonObject();
newObj.addProperty("Project", "789900"); // replace with actual project id
NOTE The project ID can be found in the Rally URL itself (if you are pointing to the required project)

Related

Http delete request to Google Directory API returning 412 Precondition is not met: location If-Match

I have been using Postman to send http requests to Google's Directory API. The GET request works fine (which shows that the admin token as well works fine) to get info for a user.
But, what I need to do is delete the user, and when I try this, I get the following back:
{
"error": {
"code": 412,
"message": "Precondition is not met.",
"errors": [
{
"message": "Precondition is not met.",
"domain": "global",
"reason": "conditionNotMet",
"location": "If-Match",
"locationType": "header"
}
]
}
}
I was presupposing that I was missing the etag, which is what I added from the user, but it did not work. I also tried adding "*" to the If-Match tag, and that did not work either. Maybe there is a way with a put or patch request?
The API reference is this: https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/delete
The API does not work on Google's reference page either. I have also tried this in multiple domains where I am the super-admin so the error is not related to a specific super-user or domain.
I have also made sure, in multiple tests, that the user I am trying to delete is not an admin of any type.
I am adding images below to show that the GET api works fine. So I just need to know how to format the API request to be able to delete the user.
Ok, after talking directly to Google and even seeing that Jay Lee (author of GAM) ran into the same problem, we found out that you can't delete a user if:
It has a license of some sort
It's an admin
It has a Google Vault retention rule applied
To be able to delete a user from now on, you must remove all these things (licenses, admin privileges, Vault retention rules) or you must transfer the information of that user to another user (along with whatever else Google asks you to remove beforehand).
The "Precondition is not met" is vague and Google should change this, but it means that one of the three things above have not been removed yet.
Below I am adding multiple links to confirm what I mentioned above as well as the APIs you need to use on users before being able to delete them.
https://groups.google.com/g/google-apps-manager/c/83kR-4MoPk0?pli=1
https://github.com/GAM-team/GAM/releases?gam-releases
https://developers.google.com/admin-sdk/data-transfer/reference/rest/v1/transfers#DataTransfer
https://developers.google.com/vault/guides/holds#python
https://developers.google.com/vault/reference/rest/v1/matters.holds.accounts/list

How to achieve the Dropbox equivalent of long-lived token now that they're gone (dropbox-sdk-js, Meteor, React)

For a while now I've been using dropbopx-sdk-js in a Meteor application without any trouble.
My Meteor app simply uses Dropbox to fetch images to be used in product cards. These files are synced now and then and that's it. By synced what I mean is they are scanned, shared links created or obtained, and some info is then saved in Mongo (name, extension, path, public link)
End users do not remove nor add files, nor are the files related to an end user specific account.
To achieve this, I created (in the far past) an App in the Dropbox App Console, generated a permanent token, and used that token in my Meteor app to handle all the syncing.
Now I've tried to replicate that very same thing in a new similar project, but found that the permanent tokens have been recently deprecated and are no longer an option.
Now, checking Dropbox's Authentication Types it seems to me like "App Authentication"
"This type only uses the app's own app key and secret, and doesn't
identify a specific user or team".
is what I'm after. I can safely provide app key and secret in the server exclusively, as the client will never need those. The question is how do I achieve such kind of authentication? Or for that matter, how do I achieve an equivalent of the long-lived token for my app, ultimately meaning that end users don't actually need to know Dropbox is behind the scenes in any way (and they surely don't need dropbox accounts to use this app nor should be prompted with any Dropbox authentication page)
In the js-sdk examples repo, I only found this example using app key and secret. Yet afterwards it goes through the oauth process in the browser anyways. If I don't do the oauth part, I get an error
"error": {
"name": "DropboxResponseError",
"status": 409,
"headers": {},
"error": {
"error_summary": "path/unsupported_content_type/...",
"error": {
".tag": "path",
"path": {
".tag": "unsupported_content_type"
}
}
}
}
as a result of calling
dbx.filesListFolders({ path: '', recursive: true }):
If I replace the initialization of the dbx object with a generated token everything works out. However eventually the token expires and I'm back in square one.
Any ideas what may I be missing?
The short answer is:
You need to obtain a refresh-token. You can then use this token for as long as you want. But in order to get it is necessary to go through at least one oauth flow in the browser. Then capturing the generated refresh-token in the backend. Then store it and use it to initialize the API. So it's kind of "hacky" (IMO).
For example, you can use the mentioned example code, and log/store the obtained refresh token in this line (as per Greg's accepted answer in the forum). Then use that value as a constant to immediately call the setRefreshToken method (as done in that very same line) upon initialization.
The long answer is:
ClientId + Client secret are not enough to programmatically generate a refresh token.
Going through the oauth flow at least once is mandatory to obtain a refresh token
If you want to hide such flow from your clients, you'll need to do what the short answer says.
The intended flow of usage according to Dropbox is: each user access his own files. Having several users accessing a single folder is not officially supported.
The longer answer is:
Check out the conversation we had in the dropbox forum
I suggested to replace the "Generate Access Token" button in the console for a "Generate Refresh Token" button instead. At least it made sense to me according to what we discussed. Maybe if it gets some likes... ;).

Video Indexer Render Project API not working

I am trying to render a project I created using the Video Indexer "Create Project" API call, but I am getting the following error:
{
"ErrorType": "USER_NOT_ALLOWED",
"Message": "Token is authorized to access only a video. Trace id: '6a0bd50f-d25e-405f-b853-86847c8a1bca"
}
I'm following the following steps from the API documentation:
Create a project:
https://api.videoindexer.ai/{location}/Accounts/{accountId}/Projects[?accessToken]
This returns the new project information and 200 Ok status code.
Get the project access token by sending a GET request to:
https://api.videoindexer.ai/Auth/{location}/Accounts/{accountId}/Projects/{projectId}/AccessToken[?allowEdit]
An access token is returned successfully.
Send a POST request to render the video:
https://api.videoindexer.ai/{location}/Accounts/{accountId}/Projects/{projectId}/render[?sendCompletionEmail][&accessToken]
** for the access token parameter, I am passing in the project access key in all cases
However, the documentation for this API doesn't specify the schema for the body of the call, so when I send an empty body, it returns the error:
{
"ErrorType": "USER_NOT_ALLOWED",
"Message": "Token is authorized to access only a video. Trace id: '6a0bd50f-d25e-405f-b853-86847c8a1bca"
}
I have also tried a different approach of calling the Project widget and using the "Render" button that the widget provides, but I can neither save nor render the videos that show up in the project.
My end goal is to be able to edit the videos and render the selected video ranges.
Any advice regarding this issue is welcome.
Rendering a project is an operation that requires access to other videos in your Video Indexer account (the videos that are included in the project).
Therefore, make sure you use an account access token (obtained with allowEdit=true) for step 3, or just use the same token you used to create the project from step 1.

Insufficient Privileges when trying to display user photos on external sites

I have this situation. Im trying to display user photos from an external site, all the configurations about remote sites are already set. I created a connected app in org A and from org B i'm retrieving the users from org A.
All of this works however i cannot show the photos from those users because for that to happen i have to be able to use the ConnectApi.UserProfiles.GetPhoto method which i'm doing right now but i keep getting the "insufficient privileges" error. I tried getting the AccessToken through postman like this
This redirects me to the login site so i can log into my org with my credentials. After that i get an AccessToken.
Next up, i want to be able to get the photos from users from the external site with the AccessToken, However i'm still getting the same error message "Insufficient Priviledges". Am i missing something? thanks in advance
According to: https://sforcenotes.blogspot.com/2015/10/solution-to-display-salesforce-user.html?showComment=1596211057195#c5848226245946017759
The solution is fairly easy but this does not work
I'm bit lost. You have some app that wants to log in to Salesforce and pull images from it? Or do you want to call out from Salesforce and pull images from external app? For first one you likely need "connected app". But you need "remote site settings" or "named credentials" only for calling out.
I'm assuming it's option 1.
There are lots of ways to log in to SF, SOAP API (just username + password), REST API (lots of OAuth2 options, with username+pass or username + JWT or just OAuth2 client id and user logs in to SF interactively, you don't see the password)... Sounds like you're past this stage?
A successful login response will look bit like that (depends on method used):
{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P",
"issued_at":"1278448832702",
"instance_url":"https://yourInstance.salesforce.com/",
"signature":"0CmxinZir53Yex7nE0TD+zMpvIWYGb/bdJh6XfOH6EQ=",
"access_token":"00Dx0000000BV7z!AR8AQAxo9UfVkh8AlV0Gomt9Czx9LjHnSSpwBMmbRcgKFmxOtvxjTrKW19ye6PE3Ds1eQz3z8jr3W7_VbWmEu4Q8TVGSTHxs",
"token_type":"Bearer"}
You're supposed to take from it the access_token (that's your session id. It'll always start with org's id, compare with Setup -> Company information) and instance_url (that's where you're supposed to send any subsequent requests. No more calling the login gateways: login.salesforce.com, test.salesforce.com or mydomain.my.salesforce.com). If you're getting "Insufficient Privileges" I think you didn't change the endpoint.
You can test you logged in OK by sending a GET to the id endpoint you received. It'll give you OpenId info about your user.
Here's my GET to fetch OpenId data with the "Authorization: Bearer " request
So another GET with same header and I have my ugly mug:
If you want somebody else's picture - query similar to /services/data/v48.0/query?q=SELECT SmallPhotoUrl, FullPhotoUrl FROM User WHERE Id = '005...' should work. Check User fields.
{
"totalSize" : 1,
"done" : true,
"records" : [ {
"attributes" : {
"type" : "User",
"url" : "/services/data/v48.0/sobjects/User/(redacted)"
},
"SmallPhotoUrl" : "https://(redacted)/profilephoto/7293L0000008Tfq/T",
"FullPhotoUrl" : "https://(redacted)/profilephoto/7293L0000008Tfq/F"
} ]
}
The key thing is to use the new endpoint and pass the session id in the header. You might even find it easier to use Chatter API to pull photos (also REST-based)

MS Graph API: microsoft.graph.createLink not creating anonymous view links

I'm using graph API to iterate over a folder in OneDrive for Business. I'm attempting to generate "anonymous view" links for each item in the folder using the following call:
/v1.0/users('user-guid')/drive/items/item-id/microsoft.graph.createLink
with the body:
{
"type": "view",
"scope": "anonymous"
}
This works correctly for items that have already been given the "View link- no sign-in required" permission via the OneDrive UI. However, executing this call against an item that doesn't have this sharing option already set, results in the following return message:
{
"error": {
"code": "unauthenticated",
"message": "The caller is not authenticated.",
"innerError": {
"request-id": "1c3600ec-4861-4be4-9a7b-74264f488a80",
"date": "2016-03-13T02:30:10"
}
}
}
I know that this is not an authentication issue because my token works fine for all other calls (and calls against items that already have their file sharing set). I get the same behavior from the Microsoft Graph Explorer tool. If I manually set the "View link - no sign-in required" permission in OneDrive this call executes perfectly. My credentials for the API call are the same credentials I'm using to set the permissions in the OneDrive UI.
The documentation for microsoft.graph.createLink states
The createLink method will create a new sharing link if the specified link type doesn't already exist. If a sharing link of the specified type already exists for the app, the existing sharing link will be returned.
Any ideas what's going wrong here?
The url should be simply /createLink (without the microsoft.graph prefix):
POST /me/drive/items/{item-id}/createLink