如何在登录Loggin Facebook（android）时仅设置电子邮件权限

Question

I'm working on an App that I want to use Facebook to login. But I only want to ask for "email" permission at the beginning, and then "publish_actions" when user wants to publish. I followed the tutorial for developpers in facebook site, but it doesn't work as I expected. My problem is with the first login. This is the code of my LoggingFragment:

import java.util.Arrays;
import java.util.List;

import android.content.Intent;
import android.os.Bundle;
import android.os.Message;
import android.support.v4.app.Fragment;
import android.util.Log;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.LinearLayout;
import android.widget.RelativeLayout;

import com.facebook.Session;
import com.facebook.Session.OpenRequest;
import com.facebook.SessionState;
import com.facebook.UiLifecycleHelper;
import com.facebook.widget.LoginButton;


public class LoginFragment2 extends Fragment {

private static final List<String> public_permissions = Arrays.asList("publish_actions");
private static final List<String> basic_permissions = Arrays.asList( "email");
private boolean pendingPublishReauthorization = false;
private static final String TAG = "LoginFragment2";
private UiLifecycleHelper uiHelper;
App app;
Boolean mLogged = false;

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    Log.d("LOGIN", "LoginFragment onCreate ");
    uiHelper = new UiLifecycleHelper(getActivity(), callback);
    uiHelper.onCreate(savedInstanceState);
    app = ((App) getActivity().getApplication());
    mLogged = app.isLoggedIn();
    app.addHandler(mHandler);
}

@Override
public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
    View view = inflater.inflate(R.layout.activity_login_activity2, container, false);

    LoginButton authButton = (LoginButton) view.findViewById(R.id.authButton);
    authButton.setFragment(this);
    authButton.setReadPermissions(basic_permissions);

    LinearLayout login_screen = (LinearLayout) view.findViewById(R.id.login_screen);
    RelativeLayout loading_screen = (RelativeLayout) view.findViewById(R.id.loading_screen);

    if (app.isLoggedIn()) {
        login_screen.setVisibility(View.GONE);
        loading_screen.setVisibility(View.VISIBLE);
    } else {
        login_screen.setVisibility(View.VISIBLE);
        loading_screen.setVisibility(View.GONE);
    }

    return view;
}

@Override
public void onResume() {
    super.onResume();
    Log.d("LOGIN", "LoginFragment onResume ");

    if (mLogged) {
        OpenRequest openrequest = new OpenRequest(this).setPermissions(basic_permissions);
        // For scenarios where the main activity is launched and user
        // session is not null, the session state change notification
        // may not be triggered. Trigger it if it's open/closed.
        // Session session = Session.getActiveSession();
        Session session = new Session(getActivity());
        session.openForRead(openrequest);
        if (session != null && (session.isOpened() || session.isClosed())) {
            onSessionStateChange(session, session.getState(), null);
        }

        if (session != null) {
            // OpenRequest openrequest = new
            // OpenRequest(this).setPermissions(basic_permissions);
            // session.openForRead(openrequest);
            Log.d("LOGIN", "Session!=null ");
            Log.d("LOGIN", "Session state: " + session.getState());
            Log.d("LOGIN", "Session spermissions: " + session.getPermissions());
        }
        // } else{
    }
    Session session = Session.getActiveSession();
    if (session != null &&
           (session.isOpened() || session.isClosed()) ) {
        onSessionStateChange(session, session.getState(), null);
    }

    uiHelper.onResume();
    // }

}

@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    uiHelper.onActivityResult(requestCode, resultCode, data);
}

@Override
public void onPause() {
    super.onPause();
    uiHelper.onPause();
}

@Override
public void onDestroy() {
    super.onDestroy();
    uiHelper.onDestroy();
}

@Override
public void onSaveInstanceState(Bundle outState) {
    super.onSaveInstanceState(outState);
    uiHelper.onSaveInstanceState(outState);
}

private void onSessionStateChange(Session session, SessionState state, Exception exception) {
    if (state.isOpened()) {

        app.LoginApp("facebook:" + session.getAccessToken());
        app.setSessionFacebook(session);
    } else if (state.isClosed()) {
        Log.d("LOGIN", "Logged out...");
    }
}

private Session.StatusCallback callback = new Session.StatusCallback() {
    @Override
    public void call(Session session, SessionState state, Exception exception) {
        onSessionStateChange(session, state, exception);
    }
};

private MsgHandler mHandler = new MsgHandler(this);

private MsgHandler msgHandler = new MsgHandler(this);

private static class MsgHandler extends WeakReferenceHandler<LoginFragment2> {
    public MsgHandler(LoginFragment2 fragment) {
        super(fragment);
    }

    @Override
    public void handleMessage(LoginFragment2 mfragment, Message msg) {

        switch (msg.what) {
        /**************/

        }
    }
}

The problem is that, as you will se, I try to set permissions to "email" in the onCreateView method, setting it to the authButton. However, when I sign in, session return has much more permissions that this, including "publish" permissions. I don't know what I'm doing wrong since I just follow Facebook instructions, and make call to its SDK just as they say.

Does anyone has had this problem ? Any ideas of what's going on? Thanks in advance

Maybe I should also say that the Dialog that ask user to confirm permissions shows the correct ones, so "public info, friend list and email" , that is basic info and email, the ones that I wanted. Then, tha callback tat call onSessionChange returns a session with many more permissions

Answer 1

If you've already granted the app publish permissions in the past, then those permissions carry over to the next session (no matter which device or website you're on), regardless of what initial permissions the app is currently asking for.

Basically, you're getting a superset of the permissions you're asking for because you've already given the app MORE permissions in the past.