How to get current user permissions using JIRA SOAP API? - api

I'm developing a JIRA Client using the SOAP API and I want to check in advance what features the user will have available.
For example I don't want to show a button to comment on an issue if the user doesn't have Add Comments RemotePermission.
I tried with getAllPermissions method, but it seems it gets all permissions int the application, not the ones that the user has.

Not easy. There is a method for checking comment permission in 4.4 but not for all permissions in general, IIRC.
http://docs.atlassian.com/rpc-jira-plugin/4.4/com/atlassian/jira/rpc/soap/JiraSoapService.html#hasPermissionToEditComment(java.lang.String, com.atlassian.jira.rpc.soap.beans.RemoteComment)
Better to go with REST if you can.

Related

How to get all JIRA notifications?

We use JIRA 7.0.4.
I'm trying to work out the best way to get notified of any comments/changes/anything on a JIRA ticket. Do I need to be a Watcher? A Participant? The Assignee? Or is it reliant on whether or not the comment is #Budfudder?
I'm having a hard time finding any definitive statements on this in the JIRA documentation.
Strange question. Notification that you receive depends on you permission browse issue and notification scheme in project settings. If you want recieve all notifications one of best practices this is create role named like Notificator and add all event to this role in notification scheme/browse permission in permission scheme.

moqui:In moqui how to access rest without sign any user

I've implemented an application using Moqui Framework. I provided url:http://localhost:8080/fvl-plus-runtime/rest/s1/example/examples
It is getting error like:
User [null] is not authorized for View on AT_REST_PATH [/example/loginexamples/{username}]
You can add ArtifactAuthz records for all users, like the ones already in place for admin users for the REST APIs. In general it is best to secure all API access, and that is how things are setup by default. There are various examples you can follow to see them in action, see the extensive comments in the rest.xml file (the XML Screen for the /rest path).
This feature as been added in commit #44272ba. You are now able to create a new REST service and set require-authentication=anonymous-view or anonymous-all.
See How to create a publicly accessible REST API in Moqui for more details.

Security Risks of having an API for registering a new user

I have this question in mind and I wanted to get other developer's opinion on this issue.
For creating a user (like in Facebook or creating an account in Gmail), some people suggested to have an public/private (means we don't tell developers how to use it) action in API for it. I, however, think it is a security risk as even if it is not documented, a hacker can simple see the calls and http requests when our front-end app is using that api action to create a new user (using a web debugger like fiddler) and can find the url to that action so simple ! like this POST ~/api/user/create
and then he/she can send thousands of requests to create user, users needs to be verified but still he/she is adding a lot of junk users in our database and puts a lot of pressure on our servers.
So the question is how do we handle this? Allow this only on our website or what?
Thanks
You can use CAPTCHA to verify that's a real user.

How do i send twitter direct messages on behalf of logged in user?

I have a twitter app with access level "Read, write, and direct messages"
I am using omniauth-twitter gem along with devise for letting users sign up and log into my site through twitter. All is fine till now.
It would be nice if the user is able to send direct messages to the his/her followers.
To fetch the list of followers I am using twitter gem. Now how do I let the user send the message he wants?
I have tried almost anything but all returns This application is not allowed to access or delete your direct messages error. This has been killing me for the past week
When I do Twitter.verify_credentials there is no error raised and a User object is returned. But when I call Twitter.direct_messages the above errors is raised. Am i missing something obvious here?
Thanks in advance.
Update: When I tried Twitter.direct_message_create() it worked like a charm! Would like to know as to why Twitter.direct_messages didn't work.
Check https://twitter.com/settings/applications to make sure that DM permissions are actually authorized. If not revoke and reauthorize. Make sure the OAuth tokens the account has granted to the app actually include DM access. Sometimes an app will not have DM acces, OAuth tokens will get authorized then DM access gets added to the app settings and the OAuth token for the account doesn't have DM access authorized.
To answer your update question:
Update: When I tried Twitter.direct_message_create() it worked like a
charm. Would like to know as to why Twitter.direct_messages didn't
work.
Twitter.direct_message(id)
Is used to retrieve existing DMs, whereas:
Twitter.direct_message_create(user, text)
is used to send a DM.
See here: http://rubydoc.info/github/jnunemaker/twitter/master/Twitter/Client/DirectMessages
As an update to #auxbuss's answer, the method has been renamed to:
Twitter.create_direct_message(user,text,options={})
The documentation has also moved:
http://rubydoc.info/github/sferik/twitter/master/Twitter/REST/DirectMessages.

How can I customize a twitter client in objective c

I am designing a twitter iPhone app for my school. I wanted to moderate the users who can access the school account. In simple terms i do not want to use the original twitter server but make it local to only few users. Simply lets say a twitter for class. This will be running on our server and only few people can access it. I am very cofused about this any open sugeestions would help me.
Please help
Simplest way - twitter allows "protected profiles", where only users you are following can see your updates.. This is basically a whitelist of people who can see your statuses..
If you wish to allow multiple users to post from the same account, without hardcoding the twitter account into the application.. you could create your own API, essentially just a proxy for the twitter API..
You could then add your own level of authentication over this, so each user would have their own account (and you don't give out the shared account's login details)
In pseudo code, the application would be something like..
if request['username'] not in ['bob', 'alice']:
raise AuthError
if request['password'] != ['theuserspassword']:
raise AuthError
twitter_api = TwitterLibrary.login("sharedaccount", "secretpassword")
switch request['api_method']:
case "getPublicTimeline":
return twitter_api.getPublicTimeline()
case "postStatus":
return twitter_api.postStatus(request['something'])
Final option I can think of - you could run your own Twitter-like site.. There are plenty of "twitter clones", such as status.net (which is the code that runs identi.ca)
status.net and several other similar projects have Twitter-compatible API's, so you could quite easily take an open-source client (NatsuLiphone for example), and, with permission, rebrand and modify it to use the URL of your own site.
I'm not exactly sure what you mean by "not want to use the original twitter server". If you only want a few people to see the updates from that classes twitter account you could protect the updates and only allow students to follow the account.
However, this should help you create/customize your own twitter iPhone application. This is a link to Stanford's CS-193P course on Cocoa Development. The assignments in the class are creating and customizing a twitter client. All of the project files are available online.
http://www.stanford.edu/class/cs193p/cgi-bin/index.php
I hope this helps.
Create a regular twitter app that requires credentials, don't hard code the credentials in the app. Problem solved. Anybody could get the app on their phone, but only people previously authenticated on twitter would be able to actually use it. If you want to use Oauth you have do this anyway.