Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How to get user profile image via API

Questions
Tags
Users
Badges
Aaron Allsbrook
(71257) Oct 15 '12, 7:13 p.m.
 I have been working to externalize information about my users on an RTC 3.0.1 system via API.  When I make a call to https://<HOST>/jazz/oslc/ I get back a nice response that includes

<rtc_cm:User rdf:resource="https://<HOST>/jazz/oslc/users/_tKYZEArvEd-_CvlJWZEkGw">
<rtc_cm:userId>aaron</rtc_cm:userId>
<dc:title>Aaron</dc:title>
<rtc_cm:emailAddress>aaron@<HOST>.com</rtc_cm:emailAddress>
<rtc_cm:photo rdf:resource="https://<HOST>/jazz/resource/content/_xD8j4BV3EeKkj9-_5VhsPg"/>
<dc:modified>2012-10-13T20:51:31.293Z</dc:modified>
<rtc_cm:modifiedBy rdf:resource="https://<HOST>/jazz/oslc/users/_KGRY4CFWEdq-WY5y7lROQw"/>
</rtc_cm:User>

When I attempt to load the photo via its rdf:resource I first get a 400 back from the server and then get stuck with an HTML response (not image) that says

You have followed a direct link to content hosted in a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. If you would like to access the content, please use the link below.

On the page there is also a link to "Download content" .  Clicking that link seems to set a cookie in the environment that says its ok to load that image from there on out (or its being statically cached by the browser).  

The question is, is there a way to programmatically get past this html intercept response and actually retrieve the image with out a user click.   

The only thing I am noticing is that it appears the reference to the link in the response message is relative ( /resource/content/_asdfasdfasd versus my link which is https://<SERVER>/jazz/osls/resource/content/_asdfasdfasdf

The other thing that may be an issue is the referrer value obviously changes on the headers.  Spoofing the referrer looks to be not a good thing.

so, is it possible to load the user photo programatically?  If not, what is the use case where this user information is valuable.  

1

0 votes

Comments
Aaron Allsbrook
Oct 16 '12, 3:41 p.m.

Tried some additional testing today with RTC 4.  It appears to not have the security prevention intercept on it there.  Consequently I am able to pull the images correctly in RTC 4.  


Perhaps this is a bug in RTC 3?

Mike Shkolnik
Sep 05 '13, 5:52 p.m.

Aaron, I am having the same issue trying to pull photos from RTC 4.0.1 through the API. I have tried two different methods. The one you show above, which is based on a resource ID of the photo, and this method, based on the itemId of the user:

https://SERVER:PORT/jazz/service/com.ibm.team.apt.internal.service.rest.IResourcePlanningRestService/workEnvironment?contributorId=USERITEMID

Unfortunately, I get the same results with both methods, the "you have found a direct link" error. Were you ever able to solve this?



Mike Shkolnik
Sep 05 '13, 5:56 p.m.

Just tried a third method - same result:

https://SERVER:PORT/jts/users/photo/USERID

Lukas Steiger
Jul 25 '17, 3:23 a.m.

 Have you ever found a solution on this?
I'm facing the same issue...

3 answers
6,548 views
0 votes

Accepted answer

Permanent link
Lukas Steiger
(3131628) Jul 25 '17, 6:47 a.m.

 If you are writing a Jazz Plugin (e.g. a Dashboard Viewlet), you can use the following code to access a users profile (userId is the standard Jazz User ID that is used for the login as well, e.g. ADMIN):


        getProfileImage: function(userId) {
            var Util = com.ibm.team.dashboard.web.util.internal.Util;
            var SERVICE_PHOTO_ID = "com.ibm.team.dashboard.viewlets.service.internal.members.IMemberPhotoService";
            return Util.getServiceURL(SERVICE_PHOTO_ID, null, {userId: userId});
        },

Ralph Schoon selected this answer as the correct answer

0 votes

Comments
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jul 25 '17, 3:28 p.m.

Glad you found it.

2 other answers

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) edited
Oct 16 '12, 9:03 a.m.
Hi, It should be possible using the plain java client libraries. The Eclipse user editor does it. I don't know how the REST API does it, but I have (untested) code that should do it for the Plain Java Client libraries.
 

0 votes

Comments
Aaron Allsbrook
Oct 16 '12, 9:13 a.m.
Hi Ralph - Thanks for the response,

Although I would love to write it in java, I need to execute everything in javascript.  Consequently I need the REST API. 


Any other ideas?

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) Jul 25 '17, 3:25 a.m.

See https://rsjazz.wordpress.com/2013/01/08/maintaing-user-photos-with-the-plain-java-client-libraries/

0 votes

Comments
Lukas Steiger
Jul 25 '17, 3:32 a.m.

 Thank you Ralph, but I'm unfortunately limited to JavaScript based solutions...

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jul 25 '17, 3:45 a.m.

The URI I get for the Photo is

https://server:port/rtc/service/com.ibm.team.repository.service.internal.IMemberPhotoService?contributorItemId=_SLSW8JQLEd-DaZzUk6UM4g&etag=_t0j6YuloEeKAzb0FcRrWoQ

Lukas Steiger
Jul 25 '17, 4:21 a.m.

 And how do you get the ItemID of the user, without using RTC SDK? OSLC lacks the ability to query the itemID of the user, I only get the jazz ID

Lukas Steiger
Jul 25 '17, 6:48 a.m.

Thank you Ralph for your suggestion. I was unable to use the one you have suggested, but I found a service that accepts a userId. See my answer below....

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,936
× 7,494

Question asked: Oct 15 '12, 7:13 p.m.

Question was seen: 6,548 times

Last updated: Jul 25 '17, 3:28 p.m.

Confirmation Cancel Confirm