Does Google Drive Activity API expose view as an action? - google-drive-api

I've managed to get the Google Drive API to run against a Google doc in my personal drive (of a Corporate paid account) using their example (after correcting for Python 2 syntax).
However, it shows only edit and comment as primary actions in that history, I don't see any actions saying just view.
Does that mean that there is no action recorded for document views? or that they are simply recorded as comment or something else, since the document URL always seems to redirect to .../edit even if I only grant View privileges.

There is no view action detail in Drive Activity API.
edit or comment action detail cannot be used to get view action history.
I tried to view a document and get all its activity and there is no new record seen (either view, edit or comment).
If you want to get the view history of a document, here are some of your options:
Use Drive API Files:get(), it will return a file resource which contains viewedByMe flag and viewedByMeTime datetime parameter.
It will only show the last time you viewed the file. If the file is shared, you cannot use this to get the recent datetime the file was viewed by other user.
If you have an admin account, you can use activities.list in Admin SDK Reports API to access Drive audit logs which contains view log activities and other events. See Drive Audit Activity Events for a list of events available.
Sample activities.list Request Parameters:
userKey: all
applicationName: drive
eventName: view
filters: doc_id==13NgKy87BggedOXnmkymygTyEh0xxxxxxxx
NOTE:
If the file was viewed by a user outside your organization, the email address will not be available (User is anonymous)
Drive audit logs has a data retention time of 6 months. You can access Drive audit logs data this far back.
References:
View user Google Drive file activity
Data retention and lag times

Related

Google Drive API get AppProperties with API Key

Question:
Is it possible to access the appProperties field in a Google Drive document via an unauthenticated user (i.e., via API Key or other method rather than Oauth)?
Background:
I have an app that works as a live document editor. It authenticates users via OAuth and allows them to save those documents to their google drive, and later re-open them in my app (google file ids are saved in my database and will load the document text into my app). Create()-ing and Get()-ing these files works fine as long as the user is signed in, and I have the "appProperties" field storing a couple of additional key metadata items.
As a next step, I would like to allow users to mark a document as "public view", and provide read-only access to their file, even for non-logged-in users. In my head, the flow would work as follows:
User_A authenticates with OAuth and creates a document, saved to their google drive.
User_A presses a button in my app, which sets the google document to a public sharing mode?
App generates a "viewer" link that User_A can share with his friends.
User_B does not have a Google account, but visits the "viewer link", and my app looks up the appropriate google document (using API key? since User_B is not logged in)
Document is loaded into my app for viewing.
This seems to mostly work; I can read the file metadata just fine using the API key, and even get the file contents. Side Note: Why do we need the API Key at all, given the quote on the google drive api page: "Note: Authorization optional."
However, the "appProperties" field always returns empty when using the API key!
Edit: After further searching I am just more confused. The closest answer I could find was from this related question here on stackoverflow:
It's very simple. appPropperties is a private field and is available only to the application that added it.
Based on this, it seems Google Drive is treating requests from my app API Key and requests from OAuth users on my app as two separate apps?
Further, I would eventually like to allow users to collaborate on a single document, owned by one user. So instead of just providing a read-only "view" link, they could generate an "editor invitation" link that would allow an authenticated user (User_B gets a google account now) to be added as an authorized collaborator (but not simultaneous editing) on the original (User_A's) document. Is that even possible?
Note I am using the Node.js google api.
This might be a bug:
appProperties are app-specific properties attached to a file. Any call from this app should be able to access them. Therefore, I think calls from this app using an API key should be able to retrieve these properties.
I could reproduce this behaviour: appProperties are populated when using OAuth, but not when using an API key, even though both are created from the same GCP project.
I filed a bug:
After researching this issue, I think this might be a bug. Therefore, I decided to file a bug on Issue Tracker:
appProperties are not populated when accessing a public File using an API key
To anyone affected by this, I'd suggest to click the top-left star in order to keep track of this and to help prioritizing it.
Reference:
Add custom file properties

Store file on google drive from server

I 've the follow simple scenario:
a server of my boss
some costumers with google drive accounts
so I'd like to transfer daily some files to costumers google drive...
My question is: if a customer have pc disconnected or is not logged to my site is possible from my server upload a file into costumer google drive?
And if yes there's a limit of user or daily transfer?
p.s.
better if I can use A Google Drive spreadsheet and update data
thanks
Yes it is possible, but there are many steps in between.
1.- You would need an application, so you can perform this operations through your app. check the documentation.
2.- You would need to set the offline access, this way you will be able to upload files even if the user is not logged. Oauth Offline access.
3.- The users (customers with Google Drive account) will have to authorize your application to access their Drive accounts. After this you will be able to get an access token and a refresh token.
4.- With the refresh token you can refresh the access token (it expires after an hour) without having the user to login again and get a new access token. (you have to store this refresh token)
5.- Now you can call the function Drive.Files.Insert in order to upload a file into the customer's Drive. When calling this function you need to provide the access token related to the user.
6.- There are limits that apply to the API. These quotas are against the application. If you make too many calls to the API, you may reach these limits for your application. You can check these limits in the Developer Console of your application.
I hope this helps. I know it's a lot of information but is the procedure you need to follow.

Can one track the usage of a shared resource from google drive

Does anyone here know if you on Google Drive somehow can track if a public shared link to a file have been used?
That is, the resource have been downloaded, viewed or otherwise "touched"?
Yes, and no
No: For consumer accounts.
Yes: For within a domain for Google Apps unlimited account, you can using the Admin API to receive view events.
Find the documentation here: enter link description here, relevant except follows.
Retrieve Google Drive events by event name
To retrieve a report of all instances of specific event type such as creating or editing a document, use the following GET HTTP request using the authorization token described in the authorization documentation. The userKey is the primary email address of the user in the report. The eventName can either be a access or acl_change event. For the eventName information, see the Drive event names reference information. For more information about the request's query strings and the response properties, see the API Reference. For readability, the following example is formatted with line returns:
GET https://www.googleapis.com/admin/reports/v1/activity/users/all
/applications/drive?endTime=a date&startTime=a date
&filters=event name parameter relational operator parameter value,...
&actorIpAddress=user's IP address
&maxResults=maximum number of events returned on a response page
&eventName=either a view or edit event

How to prevent suspended Google account to signup

I am integrating ASP.NET application using Google Drive API. For this after authentication we re uploading Files to Google drive. I am using Google client library to Call the APIs.
Everything is working as expected I am able to authenticate user successfully and able to upload the file successfully.
In one scenario when the user Google account is suspended then I am getting refresh token from Google but my upload method is failing and it is not uploading the file to Google drive.
I want to restrict the user on Signup screen itself, when account is suspended.
What parameter do I have to pass to achieve this please suggest?
Unfortunately this info is not easily available. You have two options :
Use the Directory API to see if the user is suspended. This requires additional OAuth permissions to be provided by an admin of the domain.
At login, try and perform a Drive API call to see if you get an error or not. If you get an error (with a couple of retried) and the error message matches the one you had for suspended users, then you can deny access to the user.

Transfer ownership for ALL files in user's google drive - using google-api-java-client and the Drive SDK

We have a google corporate account and need to transfer ALL of a user's google drive files to another account in certain instances. We want to do what is described at the following link for "all files" but programatically via the latest Drive API http://support.google.com/a/bin/answer.py?hl=en&answer=1247799
We are currently using the following API version(s) below, coupled with domain wide authority delegation as described at https://developers.google.com/drive/delegation and are able to see a user's files, iterate over them etc.
google-api-services-drive 1.14.2-beta
google-api-client 1.14.1-beta
My question is this: it appears that the only way to change permissions is by fileId by fileId etc. Instead of having to traverse and iterate over an entire set of user's files, if we just want to transfer ALL of a user's files to another particular user: is there a way in the API to do this (ownership transfer for ALL files) rather than individual requests file/by file?
Also when transferring ownershisp, must the transferee be in the same #domain or can it be another #domain we manage? I read somewhere that you can only transfer to owners in the same domain. Does this still hold true? For instance we manage #myCompany.com and have our corporate account registered under that, however that shell account has several sub-domains within it. We would like to transfer files from users in the sub-domains to a central user in the #myCompany domain.
You need to change permissions file by file, there is no updateAll type of functionality at the moment.
You cant transfer the ownership to another domain's user. Ownership can only be transferred to another user in the same domain as the current owner.
This answer doesn't directly answer your question, but it could be helpful for both you and future visitors.
As of now, you can mass transfer files to new users with Google's new Admin console. It doesn't let you filter for specific folders, but it does allow you to transfer all of one user's Drive files to a second user.
I know you were trying to create something which uses the API to iterate through folders and files, and you probably have a very specific use-case in mind. However, in the case where you have employees leaving, or you need to transfer everything, using the following method is fast and simple.
Open the Google Admin console
Go to Google Apps > Drive
Click on "Transfer ownership"
Fill out both user fields and submit
This process will even email both users once the process is completed.
You can do this with a single call to the Data Transfer API
Exactly what is needed but only with API!
Open the Google Admin console
Go to Google Apps > Drive
Click on "Transfer ownership"
Fill out both user fields and submit
This process will even email both users once the process is completed.
If this is not possible via API calls, then there is no point deleting a user using API.