I need a way to identify users. I have a Google site that is users access via their gmail accounts. My site is designed to allow users to view any data, but edit only their own data. This works fine for me as I'm the owner of the site and publisher of the scripts, but Session.getActiveUser().getUserLoginId() returns null for anyone else.
Please provide me the solution about this problem. Any link / any piece of code?
I suppose, that the script is deployed with the Execute the app as: combobox set to me. Please check it and change the combobox value to User accessing the web app.
Related
I wrote an app script which provides a web UI for data entry into a team calendar. I published it using G-Suite super admin account and added it as Trusted App under Security/API Permissions. "Trust domain owned apps" is checked under "Internal App Settings".
When a G-Suite user in our organization tries to access the app, he sees
"The developer of ShiftSchedulingApp, admin#_our_organization_.org, needs your permission to access your data on Google."
Those brave enough to click "Review Permissions" are taken to the next message:
"ShiftSchedulingApp wants to access your Google Account. See, edit, share, and permanently delete all the calendars you can access using Google Calendar"
Of course nobody wants to risk losing all the calendars on their Google Account and this is where it ends.
How do I get rid of this misleading message? It's not Google account, it's their organization account on G-Suite. It's not all their calendars, it's the shared team calendar only. It's adding data, not permanently deleting calendars. It's published by their administrator in their G-Suite, not an unknown 3rd party.
I spent days trying to make this message go away but no luck. App must be executed as an accessing user and not as publishing user because their user ID determines what shifts they can fill on a calendar.
I'd appreciate any hints pointing me the right direction.
I experimented with variations of the two-app approach as suggested.
The app which provides the UI needs to read the calendar to display available shifts - so I can't get away from the user authorization prompt.
Another variation I tried was having one app do everything and run as me, and another do nothing but return Session.getActiveUser(). I tried calling the 2nd one from the 1st one on the client side via XMLHttpRequest. It would be ideal for my needs - but I hit CORS error as apps URL is script.google.com but it actually gets redirected to script.googleusercontent.com. There doesn't seem to be a way to set CORS in Google App Script.
Although I was not able to find a way to avoid prompting users for authorization when executing the app as accessing user, it turns out my reasons for doing that were based on a false premise.
I chose to publish app as accessing user because I thought that's the only way to get accessing user Id - which is true for non-G Suite accounts.
However, when app is published by a G Suite account, the app can get accessing user ids within the same G Suite domain even when it's set to execute as publishing user.
Thanks Niek and TheMaster for your help!
If you just need user ID, why do you ask for all those permissions?
Possible Solutions:
2 web-apps- One running as you and another as user accessing (with only profile) permission. The second one will be the actual web interface and POST necessary information to the first one with privileges. OR
Implement your own web-app Google-sign in1
Use the least permissive2 scope3
I'm not very used to Apostrophe and currently checking out that CMS.
What I want to do is implementing a user login at the frontend.
I tried using the apostrophe-user module but users that were created using that module are able to login to the backend and I don't want them to be able to do this.
Is it somehow possible to achieve what I want to do?
Thank you very much in advance!
Edit: I'm also using apostrophe-headless
You can use apostrophe-groups to create a sub group of users with specific permissions and then check those permissions in various places (like templates) to show or not show certain admin experiences.
https://apostrophecms.org/docs/tutorials/intermediate/permissions.html
You could further customize the login experience of these users by tapping in to the apostrophe-login, redirecting them to a special part of the website, etc https://apostrophecms.org/docs/modules/apostrophe-login/index.html
I'm new to Piranha CMS and just trying to get my head around it. I'm using the MVC implementation and I need to do the following:
I need to extend the User with a property that stores an account number.
I need a page that is only accessible once the user logs in
On this page, I need to call a REST API on another server, using the account number a parameter, to retrieve a list of documents that the user has stored on this server.
When the user clicks the document, it will be downloaded as a PDF using the REST API once again
I just need general guidance on how to do this. How do I store the account number against the user (and manage this) and do I need to create a new Region that will show the list of documents from the remote server. Is there an example of creating a new Region anywhere and maybe returning a list from SQL that I can adapt?
Any help gratefully received.
Thanks in advance
Mike
The easiest way is to implement an extension with your custom fields that you attach to the user where you store this information.
When editing a page, go in under "settings" and select which groups should have access to your page. For this purpose I suggest creating a new group for site users that are not admins.
This should be easily implemented in either the controller or model for your page. When the user is logged in "User.Identity.Name" is the user id. Get the user, load the extensions & use the account number.
See number three.
Regards
I want to make an application witch involves logging into google. It is basically a small application to always have your gmail with you without always having to go to the web browser and log in. Basically what I want to do is, when the person signs into their google account (or the page url changes) I want the webbrowser to refresh and go to a new point in the form and create an animation using a timer. I dont need help with the animation, I just need to know how to link it together with the person signing into google. And also, If it's possible I would like to have the person log in without the actual google web interface, but with 2 textboxes and a button. I am using Visual Studio 2008 and help with my application would be greatly appreciated!
One of the great things about GMail is that it gives you Pop3 access to the mailbox. Your application should be able to use Pop3 to login to the mailbox directly and not require the user to use the google web page (or any web page) at all.
This would be much more secure and fault tolerant than highjacking a browser session or scraping a web page for emails (as your application would break as soon as google updated the gmail app or the user changed their preferences).
You should be able to find numerous Pop3 tutorials, libraries and samples on the net (and most probably here on SO).
If you still insist to use the web browser control, you should investigate crafting your own HTTP-Post query to the page that takes the GMail login. Once you craft the correct message (including the user's username and password as the appropriate POST variables) you should be able to login directly.
Finally, you might want to have a look around on code.google.com as I'm certain this has been done before and you will most likely be able to find some sample code (whichever way you go).
Good Luck!
I am designing a twitter iPhone app for my school. I wanted to moderate the users who can access the school account. In simple terms i do not want to use the original twitter server but make it local to only few users. Simply lets say a twitter for class. This will be running on our server and only few people can access it. I am very cofused about this any open sugeestions would help me.
Please help
Simplest way - twitter allows "protected profiles", where only users you are following can see your updates.. This is basically a whitelist of people who can see your statuses..
If you wish to allow multiple users to post from the same account, without hardcoding the twitter account into the application.. you could create your own API, essentially just a proxy for the twitter API..
You could then add your own level of authentication over this, so each user would have their own account (and you don't give out the shared account's login details)
In pseudo code, the application would be something like..
if request['username'] not in ['bob', 'alice']:
raise AuthError
if request['password'] != ['theuserspassword']:
raise AuthError
twitter_api = TwitterLibrary.login("sharedaccount", "secretpassword")
switch request['api_method']:
case "getPublicTimeline":
return twitter_api.getPublicTimeline()
case "postStatus":
return twitter_api.postStatus(request['something'])
Final option I can think of - you could run your own Twitter-like site.. There are plenty of "twitter clones", such as status.net (which is the code that runs identi.ca)
status.net and several other similar projects have Twitter-compatible API's, so you could quite easily take an open-source client (NatsuLiphone for example), and, with permission, rebrand and modify it to use the URL of your own site.
I'm not exactly sure what you mean by "not want to use the original twitter server". If you only want a few people to see the updates from that classes twitter account you could protect the updates and only allow students to follow the account.
However, this should help you create/customize your own twitter iPhone application. This is a link to Stanford's CS-193P course on Cocoa Development. The assignments in the class are creating and customizing a twitter client. All of the project files are available online.
http://www.stanford.edu/class/cs193p/cgi-bin/index.php
I hope this helps.
Create a regular twitter app that requires credentials, don't hard code the credentials in the app. Problem solved. Anybody could get the app on their phone, but only people previously authenticated on twitter would be able to actually use it. If you want to use Oauth you have do this anyway.