It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,880
×10,915
×7,474
×4,320

question asked: Oct 15 '12, 7:13 p.m.
question was seen: 6,454 times
last updated: Jul 25 '17, 3:28 p.m.

Related questions

How to get user profile image via API

0
1
Aaron Allsbrook (71257) | asked Oct 15 '12, 7:13 p.m.
 I have been working to externalize information about my users on an RTC 3.0.1 system via API.  When I make a call to https://<HOST>/jazz/oslc/ I get back a nice response that includes

<rtc_cm:User rdf:resource="https://<HOST>/jazz/oslc/users/_tKYZEArvEd-_CvlJWZEkGw">
<rtc_cm:userId>aaron</rtc_cm:userId>
<dc:title>Aaron</dc:title>
<rtc_cm:emailAddress>aaron@<HOST>.com</rtc_cm:emailAddress>
<rtc_cm:photo rdf:resource="https://<HOST>/jazz/resource/content/_xD8j4BV3EeKkj9-_5VhsPg"/>
<dc:modified>2012-10-13T20:51:31.293Z</dc:modified>
<rtc_cm:modifiedBy rdf:resource="https://<HOST>/jazz/oslc/users/_KGRY4CFWEdq-WY5y7lROQw"/>
</rtc_cm:User>

When I attempt to load the photo via its rdf:resource I first get a 400 back from the server and then get stuck with an HTML response (not image) that says

You have followed a direct link to content hosted in a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. If you would like to access the content, please use the link below.

On the page there is also a link to "Download content" .  Clicking that link seems to set a cookie in the environment that says its ok to load that image from there on out (or its being statically cached by the browser).  

The question is, is there a way to programmatically get past this html intercept response and actually retrieve the image with out a user click.   

The only thing I am noticing is that it appears the reference to the link in the response message is relative ( /resource/content/_asdfasdfasd versus my link which is https://<SERVER>/jazz/osls/resource/content/_asdfasdfasdf

The other thing that may be an issue is the referrer value obviously changes on the headers.  Spoofing the referrer looks to be not a good thing.

so, is it possible to load the user photo programatically?  If not, what is the use case where this user information is valuable.  
Comments
Aaron Allsbrook commented Oct 16 '12, 3:41 p.m.

Tried some additional testing today with RTC 4.  It appears to not have the security prevention intercept on it there.  Consequently I am able to pull the images correctly in RTC 4.  


Perhaps this is a bug in RTC 3?

Mike Shkolnik commented Sep 05 '13, 5:50 p.m. | edited Sep 05 '13, 5:52 p.m.

Aaron, I am having the same issue trying to pull photos from RTC 4.0.1 through the API. I have tried two different methods. The one you show above, which is based on a resource ID of the photo, and this method, based on the itemId of the user:

https://SERVER:PORT/jazz/service/com.ibm.team.apt.internal.service.rest.IResourcePlanningRestService/workEnvironment?contributorId=USERITEMID

Unfortunately, I get the same results with both methods, the "you have found a direct link" error. Were you ever able to solve this?



Mike Shkolnik commented Sep 05 '13, 5:56 p.m.

Just tried a third method - same result:

https://SERVER:PORT/jts/users/photo/USERID

Lukas Steiger commented Jul 25 '17, 3:23 a.m.

 Have you ever found a solution on this?
I'm facing the same issue...

Accepted answer

0
permanent link
Lukas Steiger (3131628) | answered Jul 25 '17, 6:47 a.m.

 If you are writing a Jazz Plugin (e.g. a Dashboard Viewlet), you can use the following code to access a users profile (userId is the standard Jazz User ID that is used for the login as well, e.g. ADMIN):


        getProfileImage: function(userId) {
            var Util = com.ibm.team.dashboard.web.util.internal.Util;
            var SERVICE_PHOTO_ID = "com.ibm.team.dashboard.viewlets.service.internal.members.IMemberPhotoService";
            return Util.getServiceURL(SERVICE_PHOTO_ID, null, {userId: userId});
        },

Ralph Schoon selected this answer as the correct answer
Comments
Ralph Schoon commented Jul 25 '17, 3:28 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Glad you found it.

2 other answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Ralph Schoon (63.5k33646) | answered Oct 16 '12, 8:40 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Oct 16 '12, 9:03 a.m.
Hi, It should be possible using the plain java client libraries. The Eclipse user editor does it. I don't know how the REST API does it, but I have (untested) code that should do it for the Plain Java Client libraries.
 
Comments
Aaron Allsbrook commented Oct 16 '12, 9:13 a.m.
Hi Ralph - Thanks for the response,

Although I would love to write it in java, I need to execute everything in javascript.  Consequently I need the REST API. 


Any other ideas?

0
permanent link
Ralph Schoon (63.5k33646) | answered Jul 25 '17, 3:25 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

See https://rsjazz.wordpress.com/2013/01/08/maintaing-user-photos-with-the-plain-java-client-libraries/

Comments
Lukas Steiger commented Jul 25 '17, 3:32 a.m.

 Thank you Ralph, but I'm unfortunately limited to JavaScript based solutions...

Ralph Schoon commented Jul 25 '17, 3:45 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

The URI I get for the Photo is

https://server:port/rtc/service/com.ibm.team.repository.service.internal.IMemberPhotoService?contributorItemId=_SLSW8JQLEd-DaZzUk6UM4g&etag=_t0j6YuloEeKAzb0FcRrWoQ

Lukas Steiger commented Jul 25 '17, 4:21 a.m.

 And how do you get the ItemID of the user, without using RTC SDK? OSLC lacks the ability to query the itemID of the user, I only get the jazz ID

Lukas Steiger commented Jul 25 '17, 6:48 a.m.

Thank you Ralph for your suggestion. I was unable to use the one you have suggested, but I found a service that accepts a userId. See my answer below....

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.