Try the fastest and simplest way to install ONLYOFFICE

[API] Admin privilege

Tech support for Enterprise Version

[API] Admin privilege

Postby dsi-lille » Tue Jul 04, 2017 8:55 am

Hello,

i try with the API (using this method) and with the admin portal account to change share settings from a file that belong to one of our user.
But i get a 403 Forbidden :-/

Am i missing something ?
We need to manage a lot of files and users, it's really important for us to have the possibility to change this kind of thing (delete files, change share settings, copy files...) with an admin account

thanks for your answer and your help
dsi-lille
 
Posts: 106
Joined: Mon Jul 11, 2016 1:47 pm

Re: [API] Admin privilege

Postby Maxim » Wed Jul 05, 2017 7:49 am

Hello dsi-lille!
PUT api/2.0/files/file/{fileId}/share
Content-Type: application/x-www-form-urlencoded
Body: share[0].ShareTo={UserId}&share[0].Access={Right}
where Right - value share from FileShare.cs
Maxim
 
Posts: 1003
Joined: Tue Oct 11, 2016 2:34 pm

Re: [API] Admin privilege

Postby dsi-lille » Wed Jul 05, 2017 12:13 pm

Hello Maxim,

thanks for your answer.
That's what i did but i still have the problem.

Error from web.api.log :

2017-07-05 14:06:07,105 ERROR [Threadpool worker] ASC.Api - method error: https://172.18.0.4/api/2.0/files/file/27/share - Server error
System.InvalidOperationException: Vous n'avez pas l'autorisation suffisante pour effectuer l'opération ---> System.Security.SecurityException: Vous n'avez pas l'autorisation suffisante pour effectuer l'opération
at ASC.Web.Files.Utils.FileSharing.SetAceObject (System.Collections.Generic.List`1[T] aceWrappers, ASC.Files.Core.FileEntry entry, System.Boolean notify, System.String message) [0x00038] in <5801b783fa1547fc8cbf30488176ca2a>:0
at ASC.Web.Files.Services.WCFService.FileStorageServiceController.SetAceObject (ASC.Web.Files.Services.WCFService.AceCollection aceCollection, System.Boolean notify) [0x00097] in <5801b783fa1547fc8cbf30488176ca2a>:0
--- End of inner exception stack trace ---
at ASC.Web.Files.Services.WCFService.FileStorageServiceController.SetAceObject (ASC.Web.Files.Services.WCFService.AceCollection aceCollection, System.Boolean notify) [0x000e8] in <5801b783fa1547fc8cbf30488176ca2a>:0
at ASC.Api.Documents.DocumentsApi.SetFileSecurityInfo (System.String fileId, System.Collections.Generic.IEnumerable`1[T] share, System.Boolean notify, System.String sharingMessage) [0x0006f] in <aefa31ff7c5e4bc0b8bf728da8dd062e>:0
at (wrapper managed-to-native) System.Reflection.MonoMethod:InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&)
at System.Reflection.MonoMethod.Invoke (System.Object obj, System.Reflection.BindingFlags invokeAttr, System.Reflection.Binder binder, System.Object[] parameters, System.Globalization.CultureInfo culture) [0x00038] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
dsi-lille
 
Posts: 106
Joined: Mon Jul 11, 2016 1:47 pm

Re: [API] Admin privilege

Postby Maxim » Wed Jul 05, 2017 2:00 pm

Hello dsi-lille!
It needs authentication i suppose according to this
Code: Select all
Server error
System.InvalidOperationException: Vous n'avez pas l'autorisation suffisante pour effectuer l'opération
Maxim
 
Posts: 1003
Joined: Tue Oct 11, 2016 2:34 pm

Re: [API] Admin privilege

Postby dsi-lille » Thu Jul 06, 2017 7:23 am

Hello Maxim,

i know, i'm authenticated with a token.
If i don't pass a token i get a 401 Unauthorized and not a 403 error.

I did few more testing, if i use the same method on a file when the owner is the portal admin : it works (a little reminder : i use the portal admin account to connect to the API)
But when the file owner is a different user i get a 403.

It's seems that it's not possible to manage user's file with an admin account...
But like i said :

We need to manage a lot of files and users, it's really important for us to have the possibility to change this kind of thing (delete files, change share settings, copy files...) with an admin account


Thanks a lot for your help,
Yoann
dsi-lille
 
Posts: 106
Joined: Mon Jul 11, 2016 1:47 pm

Re: [API] Admin privilege

Postby Maxim » Fri Jul 07, 2017 9:08 am

Hello Yoann!
So as we understood you correctly you want to share someone's files from folder "My documents"...to do that you need to use owner's token or you need to do that (to share) from folder "Common documents".
Maxim
 
Posts: 1003
Joined: Tue Oct 11, 2016 2:34 pm

Re: [API] Admin privilege

Postby dsi-lille » Mon Jul 10, 2017 8:03 am

Hello Maxim,

yes, right now i want to share someone's files from folder "My documents".
But if i want to delete a file the problem will be the same.

How can i use an owner's token without knowing the owner's password ?

What i need, is the possibility for an admin to do admin task : like modifying file share setting or deleting files and this for any users

Thanks a lot for your help,
Yoann
dsi-lille
 
Posts: 106
Joined: Mon Jul 11, 2016 1:47 pm

Re: [API] Admin privilege

Postby Maxim » Tue Jul 11, 2017 7:18 am

Hello Yoann!
... like modifying file share setting or deleting files and this for any users..

Unfortunately there is no way to do that except the way i described above.
Maxim
 
Posts: 1003
Joined: Tue Oct 11, 2016 2:34 pm

Re: [API] Admin privilege

Postby dsi-lille » Wed Jul 12, 2017 8:04 am

Hello Maxim,

Unfortunately there is no way to do that except the way i described above.

It's a problem for us, we have different case where we need such feature :
- Delete files from users who have not an account anymore (when we delete an account, the users files remains)
- Delete old files not updated since a long time (we have around 2k users and onlyoffice is not a stockage area)
and so on...

Is there a way to generate a specific user token with an admin account ?
If not, is it possible to add a feature like this to the authentication method (https://api.onlyoffice.com/portals/meth ... entication) like an "Act As" parameter.

Thanks a lot for your help,
Yoann
dsi-lille
 
Posts: 106
Joined: Mon Jul 11, 2016 1:47 pm

Re: [API] Admin privilege

Postby Maxim » Thu Jul 13, 2017 8:52 am

Hello Yoann!
We know about this problem and our developers are working on it!
We plan to implement the feature that will allow to transfer to another user documents of deleted user while user deleting.
Maxim
 
Posts: 1003
Joined: Tue Oct 11, 2016 2:34 pm

Next

Return to Enterprise Version

Who is online

Users browsing this forum: No registered users and 2 guests