We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here. 

Forum Discussion

NitayBachrach's avatar
NitayBachrach
Explorer | Level 4
6 years ago

sharing/get_file_metadata fails for admin

Hi

I tried to call sharing/got_file_metadata with the admin id, and with "Dropbox-API-Select-Admin".

It failed and returned "invalid_file"

When I use the same file id with it's owner id, it works as it should.

This behavior contradicts the documention, wich clarifies that this EP supports Select-Admin with a "whole team" permission.

This is the code

#!/usr/bin/env python3
import requests
import json

URL = 'https://api.dropboxapi.com/2/sharing/get_file_metadata'
TOKEN = '****'
FILE_ID = '****'
OWNER_ID = '****'
ADMIN_ID = '****'

def do_request(member_id, as_admin):
    select_header = "Dropbox-API-Select-Admin" if as_admin else "Dropbox-API-Select-User"
    headers = {
        "Authorization": f"Bearer {TOKEN}",
        "Content-Type": "application/json",
        select_header: member_id,
    }

    params = {
        "file": FILE_ID,
        #  A list of `FileAction`s corresponding to `FilePermission`s that should appear in the
        #  response's SharedFileMetadata.permissions field describing the actions the authenticated user can perform on the file.
        # get full list of actions https://www.dropbox.com/developers/documentation/http/documentation#sharing-get_file_metadata
        "actions": [
            "disable_viewer_info",
            "edit_contents",
            "enable_viewer_info",
            "invite_viewer",
            "invite_viewer_no_comment",
            "invite_editor",
            "unshare",
            "relinquish_membership",
            "create_link",
        ],
    }
    return requests.post(URL, data=json.dumps(params), headers=headers).text

print(do_request(OWNER_ID, False))
print(do_request(ADMIN_ID, True))

and this is the output:

{"access_type": {".tag": "owner"}, "id": "****", "name": "File2.pptx", "owner_team": {"id": "****", "name": "Polyrize"}, "path_display": "/File2.pptx", "path_lower": "/file2.pptx", "permissions": [{"action": {".tag": "edit_contents"}, "allow": true}, {"action": {".tag": "invite_viewer"}, "allow": true}, {"action": {".tag": "invite_viewer_no_comment"}, "allow": false}, {"action": {".tag": "invite_editor"}, "allow": true}, {"action": {".tag": "unshare"}, "allow": true}, {"action": {".tag": "relinquish_membership"}, "allow": false}, {"action": {".tag": "create_link"}, "allow": true}, {"action": {".tag": "disable_viewer_info"}, "allow": true}, {"action": {".tag": "enable_viewer_info"}, "allow": true}], "policy": {"member_policy": {".tag": "anyone"}, "resolved_member_policy": {".tag": "anyone"}, "acl_update_policy": {".tag": "editors"}, "shared_link_policy": {".tag": "anyone"}, "viewer_info_policy": {".tag": "enabled"}}, "preview_url": "https://www.dropbox.com/scl/fi/***", "time_invited": "2019-09-02T06:00:55Z"}
{"error_summary": "access_error/invalid_file/", "error": {".tag": "access_error", "access_error": {".tag": "invalid_file"}}}

Why does it happen? Thank you,

Nitay

API
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    6 years ago

    Can you clarify where you see "the documention, wich clarifies that this EP supports Select-Admin with a "whole team" permission"?

    The documentation for /2/sharing/get_file_metadata lists "User Authentication, Dropbox-API-Select-Admin (Team Admin)" under "AUTHENTICATION".

    That's indicating only support for the "Team Admin", not "Whole Team" mode. The description of the Team Admin mode is "The endpoint can access content of team folders but not team member's private files", which seems to match the behavior you're seeing.

    • NitayBachrach's avatar
      NitayBachrach
      Explorer | Level 4
      6 years ago

      Oh yes you are right, I looked at "get_metadata" which is has a whole team permission (Is there a reason for the inconsistenty of those permissions?).

      But now I have the following problem:

      #!/usr/bin/env python3
import requests
import json
from pprint import pprint

URL_FOLDER = 'https://api.dropboxapi.com/2/sharing/get_folder_metadata'
URL_FILE = 'https://api.dropboxapi.com/2/files/get_metadata'
TOKEN = '***-****'
FILE_ID = 'id:'
ADMIN_ID = 'dbmid:'

def do_request_file(member_id):
    headers = {
        "Authorization": f"Bearer {TOKEN}",
        "Content-Type": "application/json",
        "Dropbox-API-Select-Admin": member_id,
    }

    params = {
        "path": FILE_ID
    }
    r = requests.post(URL_FILE, data=json.dumps(params), headers=headers).text
    return json.loads(r)

def do_request_folder(member_id, folder_id):
    headers = {
        "Authorization": f"Bearer {TOKEN}",
        "Content-Type": "application/json",
        "Dropbox-API-Select-Admin": member_id,
    }

    params = {
        "shared_folder_id": folder_id
    }
    r = requests.post(URL_FOLDER, data=json.dumps(params), headers=headers).text
    return json.loads(r)


metadata = do_request_file(ADMIN_ID)
pprint(metadata)
pprint(do_request_folder(ADMIN_ID, metadata["sharing_info"]["parent_shared_folder_id"]))

      returns:

      {'.tag': 'file',
 'client_modified': '2019-09-05T09:12:38Z',
 'content_hash': 'ccae535b5ac41d418b23187d9517ba652361bb9463e6b39e66f4e315bb21c910',
 'id': 'id:*******',
 'is_downloadable': True,
 'name': 'File2.pptx',
 'parent_shared_folder_id': '6201828192',
 'rev': '******',
 'server_modified': '2019-09-05T09:12:38Z',
 'sharing_info': {'modified_by': 'dbid:*****',
                  'parent_shared_folder_id': '6201828192',
                  'read_only': False},
 'size': 29445}
{'error': {'.tag': 'invalid_id'},
 'error_summary': 'invalid_id/.',
 'user_message': {'locale': 'en', 'text': 'Invalid shared folder ID.'}}

      Even though team admin is accessible to folders

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff
        6 years ago

        Thanks for following up, and apologies for the confusion. Looking at this, I believe you're running in to a particular edge case, where the field names can be misleading.

        The file for which you're getting the metadata in the first call is actually in a (different member's) home namespace, not a shared folder. Due to some implementation details though, that user's home namespace information is being returned in the file metadata as if it were a shared folder. 

        Then, the sharing endpoint in the second call is rejecting the ID since it's not technically a shared folder ID.

        If you want to get the metadata for that parent folder, you can do so by calling /2/files/get_metadata for that namespace under that team's root namespace. Here's what that would look like in this particular case, in curl:

        curl -X POST https://api.dropboxapi.com/2/files/get_metadata \
    --header "Authorization: Bearer TOKEN_HERE" \
    --header "Dropbox-API-Select-Admin: ADMIN_ID_HERE" \
    --header "Content-Type: application/json" \
    --header 'Dropbox-API-Path-Root: {".tag": "root", "root": "TEAM_SPACE_ROOT_ID_HERE"}' \
    --data "{\"path\": \"ns:6201828192\"}"

        Check out the Namespace Guide for more information on how this works, and for information on how to get the team space root ID and how to use the 'Dropbox-API-Path-Root' header.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,875 PostsLatest Activity: 2 months ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!