Using postman I query:
query MyQuery {
users {
nodes {
id
email
}
}
With an authenticated request (and admin rights), I get:
{
"data": {
"users": {
"nodes": [
{
"id": "dXNlcjox",
"email": "..."
},
{
"id": "dXNlcjoz",
"email": ".........."
},
{
"id": "dXNlcjoy",
"email": "................."
}
]
}
},
"extensions": {
"debug": []
}
}
which returns all users and that's ok
BUT !!!
with a public request I get:
{
"data": {
"users": {
"nodes": [
{
"id": "dXNlcjox",
"email": null
}
]
}
},
"extensions": {
"debug": []
}
}
Why is the node with: "id": "dXNlcjox" exposed to a public request ?
Is this a security concern ?
Actually, this is ok.
Quoting from WP GraphQL page:
WPGraphQL follows WordPress access control rights, and only exposes data publicly that WordPress already exposes publicly. Users that have published posts are considered public entities in WordPress. Users that have not published posts are considered private and will not be included in public GraphQL requests, but will be included in GraphQL requests made by authenticated users with proper capabilities to see the users.
Fields, such as user email addresses, are also protected by WPGraphQL and only exposed to authenticated requests by users with proper capabilities to see the data.
This certain node: "id": "dXNlcjox" happens to be the admin which for wordpress, his existence is a public information (even if his email is not).
Related
I have a user's refresh token with these scopes:
'https://www.googleapis.com/auth/analytics https://www.googleapis.com/auth/analytics.edit https://www.googleapis.com/auth/analytics.readonly https://www.googleapis.com/auth/analytics.manage.users’’
The user has a few accounts and a forbidden error occurs for XXXX2 account when I try to give access to an account to another user(you can see at the below code and account list json). I checked this account's effective permission field, I see that it is an empty array as you can see below as well.
In my opinion, this error reason is that this user does not have ‘manage_users’ permissions for this account(XXXX2), so this is an expected error, isn't it?
PS: I can link XXXX1 properly with the below code.
My code :
linkAccount = self.service.management().accountUserLinks().insert(
accountId=accountId,
body={
'permissions': {
'local': [
'EDIT',
'MANAGE_USERS'
]
},
'userRef': {
'email': email}}).execute()
User Account list :
{
"id": "XXXX1",
"kind": "analytics#account",
"selfLink": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX1”,
"name": "XXXX1",
"permissions": {
"effective": [
"COLLABORATE",
"EDIT",
"MANAGE_USERS",
"READ_AND_ANALYZE"
]
},
"created": "2014-02-17T17:52:10.911Z",
"updated": "2019-06-04T16:06:12.717Z",
"childLink": {
"type": "analytics#webproperties",
"href": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX1/webproperties"
}
},
{
"id": "XXXX2”,
"kind": "analytics#account",
"selfLink": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX2”,
"name": "XXXX2",
"permissions": {
"effective": []
},
"created": "2015-07-02T19:11:16.307Z",
"updated": "2019-03-05T21:16:19.552Z",
"childLink": {
"type": "analytics#webproperties",
"href": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX2/webproperties"
}
}
Error Code :
<HttpError 403 when requesting https://analytics.googleapis.com/analytics/v3/management/accounts/XXXXX/entityUserLinks?alt=json returned "User does not have permission to perform this operation.". Details: "User does not have permission to perform this operation."
I would check what access the currently authenticated user has to the account in question.
If the user you are authenticated with only has read access. To the Analytica account there not going to be able to give your application the ability to add another user.
I'm using LinkedIn API to upload media to my Linkedin personal profile. I start with registring my image and I get a successful response.
REQUEST
{
"registerUploadRequest":{
"owner":"urn:li:person:xxx",
"recipes":[
"urn:li:digitalmediaRecipe:feedshare-image"
],
"serviceRelationships":[
{
"identifier":"urn:li:userGeneratedContent",
"relationshipType":"OWNER"
}
],
"supportedUploadMechanism":[
"SYNCHRONOUS_UPLOAD"
]
}
}
RESPONSE
{
"value": {
"uploadMechanism": {
"com.linkedin.digitalmedia.uploading.MediaUploadHttpRequest": {
"headers": {
"media-type-family": "STILLIMAGE"
},
"uploadUrl": "xxxx"
}
},
"mediaArtifact": "urn:li:digitalmediaMediaArtifact:(urn:li:digitalmediaAsset:xxx,urn:li:digitalmediaMediaArtifactClass:feedshare-uploadedImage)",
"asset": "urn:li:digitalmediaAsset:xxx"
}
}
Next step I uploaded my image using curl with a valid access token and the uploadUrl
I get a 201 HTTP response but I see nothing in my LinkedIn profile.
also when I check the status of my upload it shows me a success message.
{"recipes":[{"recipe":"urn:li:digitalmediaRecipe:feedshare-image","status":"AVAILABLE"}],"serviceRelationships":[{"relationshipType":"OWNER","identifier":"urn:li:userGeneratedContent"}],"mediaTypeFamily":"STILLIMAGE","created":1606729082880,"id":"C4D22AQE6h5xe3HYYiQ","lastModified":1606729322981,"status":"ALLOWED"}
So why I can't see my upload in the Linkedin timeline, please? I tried with both image and video but nothing is shown in my newsfeed.
Also, I checked my access token and it contains necessary permission: r_liteprofile, w_member_social
Uploading an asset does not make it available on your profile.
Assets API only uploads the image/video and stores it on LinkedIn platform. You can however use this asset to create a UGC Post to see it on your personal/company profile.
To do that, you'll have to use the ugcPosts API. ie call POST https://api.linkedin.com/v2/ugcPosts with
"media": "urn:li:digitalmediaAsset:XXX", from the Assets API response in the payload.
Example:
{
"author": "urn:li:organization:5590506",
"lifecycleState": "PUBLISHED",
"specificContent": {
"com.linkedin.ugc.ShareContent": {
"media": [
{
"media": "urn:li:digitalmediaAsset:XXX", // from the Assets API response
"status": "READY",
"title": {
"attributes": [],
"text": "Sample Video Create"
}
}
],
"shareCommentary": {
"attributes": [],
"text": "Some share text"
},
"shareMediaCategory": "VIDEO"
}
},
"targetAudience": {
"targetedEntities": [
{
"locations": [
"urn:li:country:us",
"urn:li:country:gb"
],
"seniorities": [
"urn:li:seniority:3"
]
}
]
},
"visibility": {
"com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
}
}
Reference: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/shares/ugc-post-api#sample-request
I have a firestore database on a firebase project. I want to make rest request for filtering or querying data with postman. I'm using "https://firestore.googleapis.com/v1/projects//databases/(default)/documents/" to get the data in a known path in my database. Here is a sample of my database structure:
users > xxxxx > messages > yyyyy> "sent":"true"
where "users" and "messages" are collections, "xxxxx" and "yyyyy"are autogenerated document ids (xxxxx is autogenerated user id)
What I want to do is to find the "xxxxx"s (users) which have >"sent":"true"< data.
I get success if I know the "xxxxx" and "yyyyy" but I don't know them because they are autogenerated and different from each other in my database and don't know how to do it.
You need to run a Query, as explained here in the documentation of the REST API.
Since you want to query all the messages sub-collections of different user documents, you need to "simulate" a Collection Group Query in your StructuredQuery. The way to do that is to set the allDescendants element to true in the CollectionSelector.
So, issuing a POST HTTP Request on the following URL will do the trick:
var URL = "https://firestore.googleapis.com/v1/projects/<your-project-id>/databases/(default)/documents:runQuery";
The body of the POST Request shall contain:
"structuredQuery": {
"from": [{
"collectionId": "messages",
"allDescendants": true
}],
"where": {
"fieldFilter": {
"field": {
"fieldPath": "sent"
},
"op": "EQUAL",
"value": {
"stringValue": "true",
}
}
}
}
Note that you need to add a single field index to your Firestore DB, as follows:
Note also that, if your field sent is of type Boolean (and not String as shown in your question), you need to use a booleanValue element in your Value JSON element.
I am unable to get this to work for some reason.
I have a Collection called dzs which has some documents with auto generated id's.
I want to query and find a document with a specific email address.
When I try this in Postman, it returns (Error 400 Bad request)
"structuredQuery": {
"from": [{
"collectionId": "dzs",
"allDescendants": true
}],
"where": {
"fieldFilter": {
"field": {
"fieldPath": "email"
},
"op": "EQUAL",
"value": {
"stringValue": "123#123.com",
}
}
}
}
Add the parent collection/document path to the URL:
var URL = "https://firestore.googleapis.com/v1/projects/<your-project-id>/databases/(default)/documents/users/xxxxx:runQuery";
Then make the collectionId "messages" and allDescendents false:
"structuredQuery": {
"from": [{
"collectionId": "messages",
"allDescendants": false
}],
"where": {
"fieldFilter": {
"field": {
"fieldPath": "sent"
},
"op": "EQUAL",
"value": {
"stringValue": "true",
}
}
}
}
Source
I'm trying to migrate my app from LinkedIn API v1 to v2. I'm currently looking at sharing images (natively) to my personal LinkedIn profile.
I'm following the official docs here: https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/share-on-linkedin#create-an-image-share
To register the image I made the following POST request: to https://api.linkedin.com/v2/assets?action=registerUpload
{
"registerUploadRequest": {
"recipes": [
"urn:li:digitalmediaRecipe:feedshare-image"
],
"owner": "urn:li:person:9PyfTxBTFY",
"serviceRelationships": [
{
"relationshipType": "OWNER",
"identifier": "urn:li:userGeneratedContent"
}
]
}
}
I got the success response:
{
"value": {
"uploadMechanism": {
"com.linkedin.digitalmedia.uploading.MediaUploadHttpRequest": {
"headers": {},
"uploadUrl": "https://api.linkedin.com/mediaUpload/C4D22AQEGOHxBzKUXvw/feedshare-uploadedImage/0?ca=vector_feedshare&cn=uploads&m=AQLhYJm0KOaTCgAAAWhSDplI-Lzlfh7lOsd8D5qBcz0aJ2bf1fwIfnh8ow&app=5212106&sync=0&v=beta&ut=0rKn179ebIA8A1"
}
},
"mediaArtifact": "urn:li:digitalmediaMediaArtifact:(urn:li:digitalmediaAsset:C4D22AQEGOHxBzKUXvw,urn:li:digitalmediaMediaArtifactClass:feedshare-uploadedImage)",
"asset": "urn:li:digitalmediaAsset:C4D22AQEGOHxBzKUXvw"
}
}
I successfully uploaded an image as binary using the returned uploadUrl:
curl -i --upload-file PATH_TO_FILE --header "Authorization: Bearer TOKEN" 'https://api.linkedin.com/mediaUpload/C4D22AQEGOHxBzKUXvw/feedshare-uploadedImage/0?ca=vector_feedshare&cn=uploads&m=AQLhYJm0KOaTCgAAAWhSDplI-Lzlfh7lOsd8D5qBcz0aJ2bf1fwIfnh8ow&app=5212106&sync=0&v=beta&ut=0rKn179ebIA8A1'
To confirm that the image is ready for use, I checked the status of the asset with the GET https://api.linkedin.com/v2/assets/C4D22AQEGOHxBzKUXvw which returned
{
"serviceRelationships": [
{
"identifier": "urn:li:userGeneratedContent",
"relationshipType": "OWNER"
}
],
"recipes": [
{
"recipe": "urn:li:digitalmediaRecipe:feedshare-image",
"status": "AVAILABLE"
}
],
"mediaTypeFamily": "STILLIMAGE",
"created": 1547564914979,
"lastModified": 1547564994321,
"id": "C4D22AQEGOHxBzKUXvw",
"status": "ALLOWED"
}
Based on the docs, I can now simply reference the asset URN in the UGC post.
This is the test image post I'm trying to share using the https://api.linkedin.com/v2/ugcPosts endpoint
{
"author": "urn:li:person:9PyfTxBTFY",
"lifecycleState": "PUBLISHED",
"specificContent": {
"com.linkedin.ugc.ShareContent": {
"shareCommentary": {
"text": "Testing LinkedIn image shares"
},
"shareMediaCategory": "IMAGE",
"media": [
{
"status": "READY",
"description": {
"text": "Some text"
},
"media": "urn:li:digitalmediaAsset:C4D22AQEGOHxBzKUXvw",
"title": {
"text": "Some title"
}
}
]
}
},
"visibility": {
"com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
}
}
But I keep getting the error:
{
"message": "Attempting to associate a ugc with an asset that's not owned by the author",
"status": 400
}
The above request works perfectly when trying to share a status update or a link attachment.
I haven't tried it with videos yet (similar approach) since I assume I will face the same problem. I haven't tried sharing as an organization either since I need to be accepted to the LinkedIn Marketing Developer Program first.
I can confirm that this has been fixed by the LinkedIn Developer Team. Follow the same steps as above and it should work perfectly, as long as the authenticated user has granted the w_member_social permission.
On the last request I now get 201 Created response with the header X-RestLi-Id containing the link to the new post urn:li:share:6494126499975700480.
https://www.linkedin.com/feed/update/urn:li:share:6494126499975700480
P.S. If you're re-trying an old request / registered upload, it won't work, so make sure you try it with a new asset. I believe the bug was when registering uploads.
I am trying to understand
https://developers.google.com/apis-explorer/#p/datastore/v1beta1/datastore.datasets.blindWrite
but I always get
503 Service Unavailable
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Backend Error"
}
],
"code": 503,
"message": "Backend Error"
}
}
Can you provide a example as simple as possible I can paste to verify it actually works?
I tried something like this.
{
"mutation": {
"insertAutoId": [
{
"key": {
"path": [
{
"kind": "person",
"name": "gert"
}
]
}
}
]
}
}
Assuming that you followed one of the first two activation flows described in the documentation. And created the project recently, an App Engine application should be already associated with your project.
You need to:
Click Authorize your request using OAuth 2.0
Leave https://www.googleapis.com/auth/userinfo.email scope checked
Add https://www.googleapis.com/auth/datastore under Add additional scopes (optional)
Click Authorize and grant the permission
Specify the datasetId parameter (same as your project-id)
Use insert or upsert instead of insertAutoId if the key is complete (kind w/ name or id).
Example:
POST https://www.googleapis.com/datastore/v1beta1/datasets/my-dataset-id/blindWrite...
Content-Type: application/json
Authorization: Bearer ...
X-JavaScript-User-Agent: Google APIs Explorer
{
"mutation": {
"insert": [
{
"key": {
"path": [
{
"kind": "Foo",
"name": "iamfoo"
}
]
}
}
]
}
}
200 OK
{
"kind": "datastore#blindWriteResponse",
"mutationResult": {
"indexUpdates": 1
}
}