How Do I Select A Sub-Field For A User? - azure-active-directory

I am trying to get information about users from Microsoft Graph Explorer. The default query gives me way too much info per user https://graph.microsoft.com/beta/users
Therefore, I am getting a subset of data using $select https://graph.microsoft.com/beta/users?&$select=id,displayName,identities which looks like this:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#users(id,displayName,identities)",
"value": [
{
"id": "06609x07-2b89-5l92-8egg-5666a36uu26w",
"displayName": "Joe",
"identities": [
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "joe.bloggs#contoso.com"
},
{
"signInType": "userPrincipalName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "06609x07-2b89-5l92-8egg-5666a36uu26w#contoso.onmicrosoft.com"
}
]
}
]
}
Is it possible to modify the select so that it doesn't return the whole identities block but just returns the issuerAssignedId field instead (ideally just the first one)?

It seems impossible to return only issuerAssignedId field with $select.
That describes the operation of $select. There is no mention of $select in the properties.
Use the $select query parameter to return a set of properties that are
different than the default set for an individual resource or a
collection of resources. With $select, you can specify a subset or a
superset of the default properties.
On the other hand, the issuerAssignedId just supports $filter, see here.

Related

Azure Cognitive Search query specific data source

I have a Azure Cognitive Search set up with two DataSources, two Indexers indexing those DataSources and one Index.
I'd like to be able to able to query/filter by DataSource. Is that possible?
This is certainly possible. You'd just need to find a way to get a field in the index that contains the name of the data source. The best way to do this depends on the data source you're using--for example, if you're using a SQL data source, you might just be able to edit the query to return the value whereas that wouldn't work for blob storage.
Another option that would work for all data sources would be to include a skillset with a conditional skill which you can use to set a default value for a field.
Off of #Derek Legenzoff serve this is how I did it...
Add all your datasources
Create skillsets for each one data source with the following skill
{
"#odata.type": "#Microsoft.Skills.Util.ConditionalSkill",
"name": "#1",
"description": "",
"context": "/document",
"inputs": [
{
"name": "condition",
"source": "= true"
},
{
"name": "whenTrue",
"source": "= 'Production'" //name of your environment
},
{
"name": "whenFalse",
"source": "= ''"
}
],
"outputs": [
{
"name": "output",
"targetName": "Env"
}
]
}
Create single index for your data model and add a Env field, and it's filterable and queriable
Create indexers for each one of your data sources that point to the index from step 3 and datasource from step 1
IMPORTANT: make sure you indexers have the following code in the defnition.
"outputFieldMappings": [
{
"sourceFieldName": "/document/Env",
"targetFieldName": "Env"
}
],
This will connect the product of the skill to the index

Get member emails when using delta on group

I'm trying to use the graph API to get a list of users which have been added to a specific group using the delta feature so I reduce the amount of data that passes through.
However, when I $expand on the members property, I'm only getting the id, and not the specific properties I need (mail and some other details) - despite the fact I'm $selecting it.
The url I'm using for the query is
https://graph.microsoft.com/v1.0/groups/delta?$expand=members($select=id,mail)&$select=members&$filter=id eq '<myGroupId>'
And the data I'm getting returned is:
[...]
"value": [
{
"id": "xxxxx-xxxx-xxx-xxx-xxxxx",
"members#delta": [
{
"#odata.type": "#microsoft.graph.user",
"id": "xxxxxxxxxxxxxxxxxxxx"
},
{
"#odata.type": "#microsoft.graph.user",
"id": "xxxxxxxxxxxxxxxxxxxxx"
},
I want my members#delta to include the details of the member so I don't have to query for them seperately.
According this members#delta property contains only the ids of member objects in the group.

How to ensure all items in a collection match a filter in Azure Cognitive Search

I have Azure Cognitive Search running, and my index is working as expected.
We are trying to add a security filter into the search, based on the current users permissions.
The users permissions are coming to me in as IEnumerable, but I am currently selecting just a string[] and passing that into my filter, then do a string.join, which looks like this.
permission1, permission2, permission3, permission4
In our SQL database, we have a view that is where the index is getting it's data from. There is a column on the view called RequiredPermissions, it is a Collection(Edm.string) in the index, and the data looks like this.
[ 'permission1', 'permission2', 'permission3' ]
The requirement is that for a record to return in the results, a user's permissions must contain all of the RequiredPermissions for that record.
So if we have a user with the following permissions
permission1, permission3, permission5
And we have the following records
Id, SearchText, Type, Permissions
1, abc, User, [ 'permission1', 'permission2' ]
2, abc.pdf, Document, [ 'permission1' ]
3, abc, Thing, [ 'permission1', 'permission3' ]
4, abc, Stuff, [ 'permission3', 'permission4' ]
If the user searched for 'abc' and these four results would come back, I need to $filter results that do not have the proper permissions. So I would expect the following results
Id, Returned, Reason
1, no, the user does not have permission2
2, yes, the user has permission1 and nothing else is needed
3, yes, the user has both permission1 and permission3
4, no, the user does not have permission4
If I run the following filter, then I get back anything that has permission1 or permission3, which is not acceptable, since the user should not see items Id 1 or 4
RequiredPermissions/any(role: search.in(role, 'permission1, permission3', ','))
If I run this filter, then I get nothing back, everything is rejected, because no records have permission5, and the user has it
RequiredPermissions/all(role: not search.in(role, 'permission1, permission3', ','))
If I try to run the search using 'all' and without the 'not' I get the following error
RequiredPermissions/all(role: search.in(role, 'permission1, permission3', ','))
Invalid expression: Invalid lambda expression. Found a test for equality or inequality where the opposite was expected in a lambda expression that iterates over a field of type Collection(Edm.String). For 'any', please use expressions of the form 'x eq y' or 'search.in(...)'. For 'all', please use expressions of the form 'x ne y', 'not (x eq y)', or 'not search.in(...)'.\r\nParameter name: $filter
So it seems that I cannot use the 'not' with 'any', and I must use the 'not' with 'all'
What I wish for is a way to say that a user has all the permissions in their list that is in the RequiredPermissions column.
I am currently just working in Postman using the RestApi to solve this, but I will eventually move this into .Net.
Your scenario can't be implemented with Collection(Edm.String) due to the limitations on how all and any work on such collections (documented here).
Fortunately, there is an alternative. You can model permissions as a collection of complex types, which allows you to use all the way that you need to implement your permissions model. Here is a JSON example of how the field would be defined:
{
"name": "test",
"fields": [
{ "name": "Id", "type": "Edm.String", "key": true },
{ "name": "RequiredPermissions", "type": "Collection(Edm.ComplexType)", "fields": [{ "name": "Name", "type": "Edm.String" }] }
]
}
Here is a JSON example of what a document would look like with its permissions defined:
{ "#search.action": "upload", "Id": "1", "RequiredPermissions": [{"Name": "permission1"}, {"Name": "permission2"}] }
Here is how you could construct a filter that has the desired effect:
RequiredPermissions/all(perm: search.in(perm/Name, 'permission1,permission3,permission5'))
While this works, you are strongly advised to test the performance of this solution with a realistic set of data. Under the hood, all is executed as a negated any, and negated queries can sometimes perform poorly with the type of inverted indexes used by a search engine.
Also, please be aware that there is currently a limit on the number of elements in all complex collections across a document. This limit is currently 3000. So if RequiredPermissions were the only complex collection in your index, this means you could have at most 3000 permissions defined per document.

Fetch partial documents from couchdb

I'm using couchdb to store large documents, which is causing some trouble when fetching them to memory. I do realize the database is not meant to be used this way. As a fallback solution, is it possible to fetch partial documents from the database, without creating a view?
In example, if a document has the fields id, content and extra_content, I would like to retrieve only the first two.
Thank you in advance.
If you are using CouchDB 2.x, you can use /db/_find endpoint as a mechanism to retrieve part of the doc.
POST /db/_find
{
"selector": {
"_id": "a-doc-id"
},
"fields": [
"_id",
"content"
]
}
You'll get only the set of fields you have specified in the query
This is not possible prior to CouchDB 2.x. For CouchDB 2.x or greater, see JuanjoRodriguez's answer.
But one possible work around for any version of CouchDB would be to take advantage of file attachments, which by default are excluded from a fetch. If some of your data isn't always needed, and doesn't need to be included in indexes, you could potentially store it as (JSON) attachments, rather than as part of the document directly:
{
"id": "foo",
"content": "stuff",
"extra_content": "other stuff"
}
becomes:
{
"id": "foo",
"content": "stuff",
"_attachments": {
"extra_content": {
"content_type": "application/json",
"data": "ZXh0cmEgc3R1ZmYK"
}
}
}

JSON Schema: verifying object's values, without keys

Not to confuse anybody, I'll start with validating arrays...
Regarding arrays, JSON Schema can check whether elements of an (((...)sub)sub)array conform to a structure:
"type": "array",
"items": {
...
}
When validating objects, I know I can pass certain keys with their corresponding value types, such as:
"type": "object",
"properties": {
// key-value pairs, might also define subschemas
}
But what if I've got an object which I want to use to validate values only (without keys)?
My real-case example is that I'm configuring buttons: there might be edit, delete, add buttons and so on. They all have specific, rigid structure, which I do have JSON schema for. But I don't want to limit myself to ['edit', 'delete', 'add'] only, there might be publish or print in the future. But I know they all will conform to my subschema.
Each button is:
BUTTON = {
"routing": "...",
"params": { ... },
"className": "...",
"i18nLabel": "..."
}
And I've got an object (not an array) of buttons:
{
"edit": BUTTON,
"delete": BUTTON,
...
}
How can I write such JSON schema? Is there any way of combining object with items (I know there are object-properties and array-items relations).
You can use additionalProperties for this. If you set additionalProperties to a schema instead of a boolean, then any properties that aren't explicitly declared using the properties or patternProperties keywords must match the given schema.
{
"type": "object",
"additionalProperties": {
... BUTTON SCHEMA ...
}
}
http://json-schema.org/latest/json-schema-validation.html#anchor64

Resources