GAS Ask again for permission and Add Permissions Description - google-apps-script

I have a number of scripts running on Google Workspace. The is other users may blanket deny permissions to access sheets, email or other API calls which automatically generates an error message.
I believe this is because the permissions box does not say why it is requesting permissions only what permissions is requesting and none IT personnel will deny them for safety reasons.
So now I'm stuck with a bunch of errors and a bunch of users not correctly using the scripts i have set out messing up a lot of the forms.
I am looking for a way to ask for permissions every time a user opens a file if permissions have not been granted and add a description of why these permissions are needed for the file to work correctly.
I was hoping the UI app would allow me to insert a UI before the permissions option
example:
function onOpen(e){
try{ //or if (DriveApp.Permissions.Edit === true); if permissions can be queried.
var d = DriveApp;
}catch{
var ui = SpreadsheetApp.getUi();
ui.alert(
'This Sheet requires permissions for The menu options to work correctly.\nPlease allow.'
);
//DriveApp.request_new_permissions(); //psudocode
}
var dapp = DriveApp;
}
I have been trying to check the permissions through code but it doesn't seem part of the API.
Logger.log(DriveApp.Permission.EDIT === true); -> false
Current Behaviour.
User opens a Spreadsheet with onOpen trigger.
The App Scipt require use of Drive API and requests user permission.
User selects Deny
Later the user opens the same Spreadsheet with onOpen trigger.
Drive API has already been denied so the onOpen trigger fails.
Desired Behaviour:
User opens a Spreadsheet with onOpen trigger.
A box pops up saying "This Spreadsheet requires the use of Drive API to create folders for you. Please allow if you wish to use this feature"
The App Scipt require use of Drive API and requests user permission.
User selects Deny.
Later the user opens the same Spreadsheet with onOpen trigger.
The onOpen trigger checks if Drive API permissions have been Aloud.
if not:
A box pops up saying "This Spreadsheet requires the use of Drive API to create folders for you. Please allow if you wish to use this feature"
Drive API requests Permission again.
else:
The script executes normally

Related

How avoid/minimize the permission to run the app script that are bound to google sheets?

I have google-sheet which is utilizing the app-script to do somethings within the sheet itself, (i.e. it is not doing any operation on the google-drive folders). But when I share the sheet with someone else (lets call that person client) then, when that person attempts to run the script, there is prompt which asks to grant app-script the access to the his/her google drive. Even though the script is not performing any operations on the client's google drive.
Is there some way in which the client doesn't see the "Provide access to your google drive" - prompt? I am not even doing anything on the google drive.
No there is no way to suppress the message
The reason for this is because Apps Script, every time you run one function, even if the function were a simple console.log(""), the whole script is compiled and checked. This is why you can run this function from the script editor with not problems.
const globalVar = "Hello"
function test(){
console.log(globalVar)
}
It is for this reason, that all potential OAuth scopes must be approved before using any part of the script, it is for security as much as anything.
You can set explicit scopes if you want, but if you don't want any OAuth scope authorization, then you will need to remove all references to Drive methods from the script.
Reference
Scopes

Google App script: You do not have permission to call prompt

I have created a google script that show me a prompt dialog to write a comment when a column is edited. For some reason this only works with my email (script's creator), but with the other users that I have shared the spreadsheet don't work. When I open the script editor with other user accounts I can see the error in the View -> Execution Transcript: Execution failed: You do not have permission to call prompt.
My script function has a name "sendManualEmail" and I already have the trigger created when Event -> From spreadsheet -> On edit
I even created a new project for only that script and asked me the permissions to send emails with my account, but still not working for other users. I have read some other similar topic with same issue but I am still not able to fix mine. So thanks in advance for any comment!
You need your users to authorize your script. To do that, create a menu that activates on onOpen(). When clicked, send a message box, ensuring your users have to authorize your scripts to see the message.
Paste the following at the top of your script:
/** #OnlyCurrentDoc */
function onOpen() {
var ui = SpreadsheetApp.getUi();
ui.createMenu('myName') // your name
.addItem("Activate myName's script", 'activateMyStuff')
.addToUi();
}
function activateMyStuff() {
browser.msgBox('Script is activated! thanks.');
}
Important: when your users click the menu, they will also be prompted to authorize your scripts and all the permissions on the script's page. Make sure you clean up that script, otherwise your users may have to authorize weird things - and likely won't. Do test it with an alternate email address to see what others will see.
Lastly, consider publishing your script as an addon instead. It will make it that much easier for your users to authorize and use your work.
Are you logged into multiple Google accounts in the same browser?
Google Scripts insides may sometimes not work as expected when multiple accounts are authorized in the same browser session. Try logging out of all accounts except the one that owns the script.

Google App Script and PropertiesService.getUserProperties()

I use the google app script in my google spreadsheet document.
The settings of each user of my spreadsheet doc is saved in:
var userProperties = PropertiesService.getUserProperties();.
To save the settings I use
PropertiesService.getUserProperties()setProperties({some properties}, true)
The problem is the first user saves his settings and another users get the settings of the first user using PropertiesService.getUserProperties()
But they should not, they should get own settings.
Do you have any idea how it is possible?
They must be logging in with the same user account for this to happen; a user can only ever access their own user properties. This could be because any triggers were created on your own account (say for form submissions), or web apps were deployed to run as you.
Share a copy of your sheet (andrew#roberts.net) if you would like me to a take a deeper look.
In fact as the support answered me, it is not a bug. I had wrong user properties on handling triggering event.
User properties are private to the user executing the script. However, when you setup an installable onEdit trigger, the code always runs as the user that setup the trigger:
"... runs with the authorization of the user who created the trigger, even if another user with edit access opens the spreadsheet."
https://developers.google.com/apps-script/guides/triggers/installable
Since the code always runs as the same user, it's always accessing the same user properties. In general it's not possible to get the identity of a user if they haven't authorized the script.

edit google sheet cells not as the logged user with WebApp

There is a sheet that is shared with writing permissions to users A and B.
Column X is protected and can be edited only by user A.
User B should use a script with user A permissions to edit column X.
From reading the various documentation (https://developers.google.com/apps-script/guides/services/authorization), I understand that there are two ways to run a script on a google sheet as a different user.
Using the python api (https://developers.google.com/sheets/api/quickstart/python). The disadvantages: either launches from the cmdline, or Google's App Engine which is not free.
Using a WebApp. My problem with that solution, and perhaps this is what I am missing, is how to edit a cell with the doGet and doPost. All the examples that I saw were using the google script to edit the cells, which slammed me back to the permissions issue.
A possible solution: User A should deploy the web app with settings "execute as me [that is, A]", and choose access level as "anyone" [so that user B can access] or "anyone, even anonymous" to save user B an extra step and allow them to access the app programmatically. To prevent users other than B from editing, A gives B an access token, which B uses in their GET or POST requests. For example: user B accesses the app via GET request to https://..../exec?key=mykey, and the app has code like this:
function doGet(e) {
if (e.parameter.key == "mykey") {
var ss = SpreadsheetApp.openById("spreadsheet Id"); // can't use getActiveSpreadsheet in doGet/doPost
// do something with the spreadsheet
}
}
Documentation: doGet/doPost event object.

Automatically updating google spreadsheet with data from bigquery

Followed the instructions here and integrated a google spreadsheet with bigQuery. My query pulls data from the past hour, so it is important to keep the spreadsheet updated.
Is there a way for the sheet to automatically run the script and update the data on refreshing the page? Right now, I need to perform a few clicks to do it.
Addition to #Sandy Good's answer.
You need to use onOpen(e), it runs when a user opens a spreadsheet, document or form that has permission to edit.
function onOpen() {
// Add a custom menu to the spreadsheet.
SpreadsheetApp.getUi() // Or DocumentApp or FormApp.
.createMenu('Custom Menu')
.addItem('First item', 'menuItem1')
.addToUi();
}
You received authorization error since script needs authorization. Apps Script requires user authorization to access data.
If a script uses services that can access private data, you'll see one of the authorization dialog.
You may revoke scripts access by following these steps:
Visit the permissions page for your Google account. (To navigate to this page in the future, visit Google.com, then click your account picture in the top-right corner of the screen. Next, click Account, then Security, then View all in the account permissions section.)
Click the name of the script whose authorization you want to revoke, then click Revoke access on the right.
For more information regarding authorization, please follow the Official Google Documentation: https://developers.google.com/apps-script/add-ons/lifecycle
Since BigQuery has already been integrated to Google Spreadsheet,
here's what you have to do with your Script:
1. Send HTTP request using Datasets: update with added path parameters datasetId and projectId.
Sample HTTP request:
PUT https://www.googleapis.com/bigquery/v2/projects/projectId/datasets/datasetId
However, please note of the following when using Datasets: update:
It requires authorization as stated in Authenticating requests to the Google BigQuery API
The specified access list completely overwrites the existing access list. If you specify an empty access list, you will revoke access to everyone except yourself
This request requires authorization with at least one of the following scopes:
Scope
https://www.googleapis.com/auth/bigquery
https://www.googleapis.com/auth/cloud-platform
2. To update your data automatically, you can set up a Trigger function from inside your Script which executes based on your preferences with these reserved function names:
onOpen(e) runs when a user opens a spreadsheet, document, or form that he or she has permission to edit.
onEdit(e) runs when a user changes a value in a spreadsheet.
onInstall(e) runs when a user installs an add-on.
doGet(e) runs when a user visits a web app or a program sends an HTTP GET request to a web app.
doPost(e) runs when a program sends an HTTP POST request to a web app.
Again, you should also note that because simple triggers fire automatically, they are subject to several restrictions which you can go through in the documentation.