The browser console shows the records the collection has, but when I try Tasks.remove({}); in the browser console I get some error:
errorClass {error: 403, reason: "Not permitted. Untrusted code may only remove documents by ID.", details: undefined, message: "Not permitted. Untrusted code may only remove documents by ID. [403]", errorType: "Meteor.Error"}
Any idea how to remove all the documents from the collection including the _id(s)? Thanks
Meteor.subscribe('tasks');
Meteor.publish('tasks', function(){
return Tasks.find();
});
You can only remove multiple documents at once on the server as documented on the Meteor site.
So to clear the collection you'll need to do this in server code, and create a method if you need to call this from the client.
Related
I am trying to obtain an access token for use with Google APIs using the up-to-date expo-auth-session package.
It works fine to fetch an id_token via useAuthRequest({responseType: "id_token", ...}) or useIdTokenAuthRequest({...})
However, when trying useAuthRequest({responseType: "code", ...}), I get the following error:
[Unhandled promise rejection: Error: The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.]
Does anyone know what is missing from the request? I am using the Expo Go app currently, so I'm not sure if that prevents obtaining an access token. Currently digging through the package's source code...
Add the following two props to useAuthRequest
shouldAutoExchangeCode: false,
clientSecret: 'any_bogus_value!'
shouldAutoExchangeCode will prevent the code from being exchanged and send it back to you in the response.
clientSecret will simply trigger and if check to be true in the providers source code that will avoid that error you specified being returned.
Note that in general it is not a good practice to avoid errors, but in this case, I feel like the error is being shown in error itself!
Good afternoon. I am trying to write a function that will read the comments on a jpg file in google drive. However, when I try to run it it gives me the following error:
An error occurred:
<HttpError 403 when requesting https://www.googleapis.com/drive/v2/files/1SbB4VwCIhaS9mdJ_xqcyjenZfxxrpTsY/comments?alt=json returned "Insufficient Permission: Request had insufficient authentication scopes.". Details: "[{'domain': 'global', 'reason': 'insufficientPermissions', 'message': 'Insufficient Permission: Request had insufficient authentication scopes.'}]">
def retrieve_comments(service, file_id):
"""Retrieve a list of comments.
Args:
service: Drive API service instance.
file_id: ID of the file to retrieve comments for.
Returns:
List of comments.
"""
try:
comments = service.comments().list(fileId=file_id).execute()
return comments.get('items', [])
except errors.HttpError as error:
print('An error occurred: %s' % error)
return None
SCOPES = ['https://www.googleapis.com/auth/drive.file', 'https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/drive.file', ]
credentials = Credentials.from_authorized_user_file('token.json', SCOPES)
service = build('drive', 'v2', credentials=credentials)
print(retrieve_comments(service, '1SbB4VwCIhaS9mdJ_xqcyjenZfxxrpTsY'))
Update: this is what my token.json file looks like:
{"token": "ya29.a0ARrdaM-lbQRcrOHcWXHXVCZ--FHEBFmhetZy5mtKyE-KYg7kkqc7DCB3ELoGWm7DSFFqZ5n7MZ2qtpomhhhh3YjyPlDmFNiBFqW8jfzQcq2bUboJVHWly7w5KajgYBW6vXfpUG7XB-NiSRIGbgGXg7pADS9E", "refresh_token": "1//03RuSdM4_a83LCgYIARAAGAMSNwF-L9Ir99uSssRC7-EDBGOchESXQuY8uQh3BIAUSnUFmT60dipjtvqGslz9wyAl_OnLkoLWdko", "token_uri": "https://oauth2.googleapis.com/token", "client_id": "936594993582-hm55manlg9g4hkdeeisq6i4ogqk6are2.apps.googleusercontent.com", "client_secret": "irvWegrf57dztuP6_OigoGIT", "scopes": ["https://www.googleapis.com/auth/drive.metadata.readonly", "https://www.googleapis.com/auth/drive.file"], "expiry": "2021-08-19T12:26:14.658525Z"}
This is how my code looks like. any ideas why this might be happening and what I can do to solve it?
Edit: For anyone who runs into the same problem, remember the scopes in the quickstart must be the same as the ones in your python file.
Insufficient Permission
Means that the user you are authenticated with does not have permission to do what you are trying to do, or that user has not granted your application permission.
You are trying to use comments.list this method requires that you have been authorized with one of the following scopes
Now you appear to be using the following scopes
'https://www.googleapis.com/auth/drive.file', 'https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/drive.file',
Im not sure why you have drive.file twice, but lets ignore that for now.
As you can see you appear to be using the proper scopes needed by this endpoint. What i suspect has happened is that you have already authorized the user using a different set of scopes and you then changed the scopes in your application. When you change the scopes you need to be sure that you have revoked the users access in your application and prompt the user to authorize your application again. You are probably running on a stored access token and or refresh token which have the old scopes.
The solution will be to simply force your application to authorize your user again, make sure the consent screen popsup.
I'm having issues with extracting channel messages from a Microsoft Team. I have a javascript app that crawls through all Teams in a organization and extract the number of messages from all channels in all the teams. It works wonderfully in that it return the correct amount of messages, the problem is that when the app try to fetch a message from a channel where no one have made a message in the channel there is an HTTP error with the ErrorCode 403 (forbidden). Even though the app is successful in that it delivers on what it is supposed to do, I can't have an application that sends 50 angry, red messages every time it makes a http call.
The call I am using is the following
https://graph.microsoft.com/beta/teams/{teamID}/channels/{channelID}/messages
Does anyone know if this is solvable? If not is it possible to check if a channel is empty? And if that is not an option; is there anyone to hide those dirty error messages from the console?
Edit #1
To call to the api I used:
let header = new Headers();
header.append("Authorization", "Bearer " + accessToken);
header.append("Content-Type", "application/json");
fetch("https://graph.microsoft.com/beta/teams/232808c2-d500-47b0-9ead-e238c5e2ab95/channels/19:69a01be632994d123014bbae1aa5db1e#thread.tacv2/messages", {method:"GET", headers: header})
Edit #2
I response object seems to be correct:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#teams('90baabba-1b5e-471c-a163-8a9b4b680de7')/channels('19%3A01c741f599e547f0b9b38296283b7fec%40thread.skype')/messages",
"#odata.count": 0,
"value": []
}
The problem is that in when I look in Google Chrome > Dev tools > Console, the fetch still displays the error:
GET https://graph.microsoft.com/beta/teams/4f460179-4691-42e5-8677-9101dcdb65fe/channels/19:3497f5b8f9f54149919631b32d21e608#thread.tacv2/messages 403 (Forbidden)
And when I console log the error it just displays as:
error: {code: "Forbidden", message: "Forbidden", innerError: {…}}
Only team members are allowed to read messages. Admins can do team management i.e. CRUD operations on teams, channels, tabs etc. They however cannot read messages. This is intentional and we do not have plans to change this in near future
I can get notes(real contents, not just metadata) from the evernote API. However, calling notestore->update() always gives me a EDAMUserException.
My php code is below, the arguments are self-explanatory:
//add text to note
//if append=true then the text will be appended to the end, else it will be appended to the start
public function addToNote($new_content, $access_token, $note_store, $note_guid, $append = true){
$note = $note_store->getNote($access_token, $note_guid, true, false, false, false);
$note->content +="<en-note>Note updated</en-note>";
$note_store->updateNote($access_token, $note);
}
I've already did a lot of searching before I asked here, and here are the things I know:
According to: https://dev.evernote.com/doc/articles/permissions.php it says that there are two types of api keys, one is the basic access and one is for full access, I have full access, this is proved by no exception was thrown during $note_store->getNote() call, and I did output the data from that call, I can actually get the contents of the note.
In the same page as 1: "Certain API functions are only available to official Evernote applications and services. These functions are described as such in the API Reference and will throw an EDAMUserException with the error code PERMISSION_DENIED if called by a third-party application." I read the API documentation here: https://dev.evernote.com/doc/reference/NoteStore.html#Fn_NoteStore_updateNote
It does not mention that it is blocked by default.
I think I figured out what was wrong. Evernote actually has its own DTD document format, if the "content" section of the note is not a valid document, then the request is denied. In my case it was not denied because my API key's access level, but because the "content" I gave was not a proper evernote format.
if I set:
$note->content='<!DOCTYPE en-note SYSTEM "http://xml.evernote.com/pub/enml2.dtd"><en-note><div>testing complete!!!</div></en-note>';
Then the note will be successfully updated.
However, for other users that are getting this exception and using the right format, it is most likely:
1.your api key does not have full access, choose the full access option while you request an api key.
2.usually you would start testing on the "sandboxed"(https://sandbox.evernote.com) version of their site, you need to register another account on the sandboxed site(you real evernote account doesn't carry over) and test with that account. If you do not do this, your account will not exist on the sandboxed account and anything you do will not work.
How can the client code of a Meteor app detect that a write operation (insert, remove, update) against a collection was denied, so that it can display an appropriate error message?
Collection.remove(id)
The console will display:
remove failed: Access denied
This is rather obvious, but Google didn't do a good job of surfacing the relevant documentation: you need to pass a callback parameter:
Collection.remove(id, function (error) {
if (error)
sAlert.error(error.toString());
});