[Python] Updating user enterprise not working, permission error

Question

We have a number of users outside of our domain that were inappropriately added as managed users. I want to roll them off the enterprise and convert them to external users, but when using box-sdk-gen and emit a client.users.update_user_by_id(xxxx, enterprise=None) nothing happens. It seems to execute successfully, but fetching that user again shows that the enterprise information is still present.
If I try to execute with enterprise={'id':None} or enterprise='null' I get a 403 insufficient permissions error. I noticed that the type on the enterprise field is str so that’s why I tried the latter.
{       'code': 'access_denied_insufficient_permissions',
        'help_url': 'http://developers.box.com/docs/#errors',
        'message': 'Access denied - insufficient permission',
        'request_id': 'xxxxx',
        'status': 403,
        'type': 'error'}
	Raw body: {"type":"error","status":403,"code":"access_denied_insufficient_permissions","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Access denied - insufficient permission","request_id":"xxxxx"}

What am I doing wrong? Can anyone point me to how I roll these users off the enterprise?
Thanks

djones4 · Accepted Answer

I did a quick, non-exhaustive, check on other endpoints and there are many fields across multiple endpoints which the api accepts null but would fall victim to the same bug. I am moving to the github issue for further discussion on this, hopefully engaging with the maintainers to find a solution.

github.com/box/box-python-sdk-gen

Users.update_user_by_id does not handle `enterprise=None` correctly

opened 09:39PM - 24 Jun 24 UTC

Djones4822

bug

- [X ] I have checked that the [SDK documentation][sdk-docs] doesn't solve my is…sue.
- [X ] I have checked that the [API documentation][api-docs] doesn't solve my issue.
- [X ] I have searched the [Box Developer Forums][dev-forums] and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference).
- [ X] I have searched [Issues in this repo][github-repo] and my issue isn't already reported.

### Description of the Issue

Executing the function `client.users.update_user_by_id` with `enterprise=None` does not clear the enterprise for the user. The documentation indicates that the value is `Optional[str]` and so None is being filtered out.

The issue seems to arise from the `serialize` method which filters out values that are None through the `to_dict` method on the `BaseObject` class.

I would expect that setting the enterprise to None would clear the field and remove a user from the managed user pool.

### Steps to Reproduce

Add an external user, promote them to managed user, then with an authenticated client, run `client.users.update_user_by_id(f'{USER_ID}', enterprise=None)`, alternatively, try `client.users.update_user_by_id(f'{USER_ID}', enterprise='null')` - would expect the latter to work based on the documentation, but it returns a 403 privilege error.

### Recommendation
To elegantly add this functionality, I would consider changing the method to use kwarg collection instead of explicitly defining all the fields, with good documentation this allows for flexibility so that you don't need to filter out body elements that are set to `None` automatically. However, alternatively you can simply add a handler for enterprise and allow the value `null` like is stated in the documentation. For example:

```python
def update_user_by_id(...):
[...]
json_body: SerializedData = serialize(request_body)
if request_body['enterprise'] == 'null':
json_body['enterprise'] = None
response: FetchResponse = fetch(
''.join(
[
self.network_session.base_urls.base_url,
'/2.0/users/',
to_string(user_id),
]
),
FetchOptions(
method='PUT',
params=query_params_map,
headers=headers_map,
data=json_body, # replace with the new json_body instead of serializing here
content_type='application/json',
response_format='json',
auth=self.auth,
network_session=self.network_session,
),
)
return deserialize(response.data, UserFull)
```

I have a fork with that change in place if you'd accept the PR.

djones4 · Answer

I believe I solved this, it’s a bug in the library. When serializing the request body, it filters out values that are None, and values like “null” are not acceptable for this. I believe I was getting 403 because the server checking for my ability to change the enterprise to “null” was not found, and it assumed I was trying to change a user to an enterprise I wasn’t authorized to change to.

I modified the source code of the library, changing the method update_user_by_id within the file .venv\Lib\site-packages\box_sdk_gen\managers\users.py to include this at line 618:

        json_body: SerializedData = serialize(request_body)

        if json_body['enterprise'] == 'null':

            json_body['enterprise'] = None

This lets me set the value to the string ‘null’ and it gets properly handled by the server. Will be submitting a PR to the repo.

[Python] Updating user enterprise not working, permission error

4 replies

Reply

Most helpful members this week

Cookie policy

Cookie settings

Reply

Related topics

Webhooks and trigger the APIicon

Webhook/Event trigger for "Sign with Docusign"icon

Box Sign Events API

Is collab.id the same as user.id?icon

Trigger a application running on a VM through webhook v2

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings