I call the Drive API Files:list method and request for the permissions field.
I notice a strange behavior; for some calls, I receive the following permission:
{
"kind": "drive#permission",
"id": "anyoneWithLink",
"type": "anyone",
"role": "reader",
"allowFileDiscovery": false
}
​But when I try to access the file associated with this permission, I get to the "Request Access" screen.
From the documentation, it seems like anyoneWithLink means the file should be publicly accessible.
What am I missing? What other information do I need to look at in order to know if the file is publicly accessible or not?
Related
I am simply trying out curl examples from the GDrive API Explorer, specifically this call:
https://developers.google.com/drive/api/v3/reference/files/list
However when I copy the example and execute it with my API key, I get this error:
curl https://www.googleapis.com/drive/v3/files?key=AIzaSyCQfFNMxHVJRaTvXXXXXXXXXX
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file."
}
}
When I try to get a single file using files/{fileId} with the same API key, it works fine and the file metadata is returned.
What is the deal here? Does listing require special permissions, or does API keys have limitations, or..?
Just a hunch, you are trying a file that is not public, that is why you are receiving 403:insufficientFilePermissions. To access this you must authenticate your request using OAuth 2.0.
You can check the documentation About Authorization:
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses Google
Sign-In, some aspects of authorization are handled for you.
i wrote a project that work well with upload and download objects to/from Google Cloud Storage. I'm able to retrieve the content, the stream, the metadata, but when i get the 'mediaLink' of an object and paste it to the browser, i got this error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
the format of mediaLink URL is shown here:
https://content.googleapis.com/storage/v1/b/bucketname/o/folder%2Finsidefolder%2Fexample.txt
I'm authenticated in my website by the OAuth 2.0 flow, and all the objects uploaded on GCS are with a custom AccessControlList which i decided to set into "allAuthenticatedUsers" in order to give access only to user that are authenticated with my website.
Could anyone help me to solve this issue? Thank you so much
The media link is not inherently authorized. You need to authorize a download using the media link in the same way you'd authorize any other request: by including an appropriate "Authorization" header.
Without providing read permission to "AllUsers", the media link will not work in a web browser.
Also, "AllAuthenticatedUsers" does not mean users that are authenticated with your website. It means "anybody with any Google account."
I have two users: admin#example.com ("Admin") and user#example.com ("User").
"Admin" owns a Google Drive folder (let's say the fileId of the folder is "F1234"). "User" is a member of a Google Group which has read-only ("Viewer") access to the folder.
In the Google Drive Web interface, "User" can open the folder F1234, and "User" can click on the "star" button to put the folder in the "Starred" list. So far, so good.
Now I want to write an application which sets the folder as starred. So, I log in as "User" and I go to the Google Drive API Explorer (https://developers.google.com/drive/v2/reference/files/patch) and I give the API explorer the OAuth token to execute requests on behalf of "User". I send a "patch" request to set the folder as "starred":
PATCH https://www.googleapis.com/drive/v2/files/F1234?fields=labels%2Fstarred&key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxx
X-JavaScript-User-Agent: Google APIs Explorer
{
"labels": {
"starred": true
}
}
But this request fails, with a "permission denied" type of error:
403 Forbidden
{
"error": {
"errors": [
{
"domain": "global",
"reason": "userAccess",
"message": "The authenticated user does not have the required access to the file F1234",
"locationType": "header",
"location": "Authorization"
}
],
"code": 403,
"message": "The authenticated user does not have the required access to the file F1234"
}
}
I checked that this very same request works fine with a folder owned by "User", or with a folder not owned by User but where "User" has read-write access. So it really looks like the request fails because of the read-only permission, but this is not consistent with the behavior of the UI ("starring" a file is not a modification, so it should not require write access).
Am I missing something or is this a Google Drive API bug ?
This behavior has been reproduced.
I will report this for you.
Sorry for inconvenience.
I'm currently in the progress of migrating from the Documents List API to the Drive SDK. I had a function to check file/folder permissions of a user (per e-mail address), so I could see what rights a certain user has on a file/folder.
I think I can see why e-mail addresses are hidden from the permissions feed but is there also no 'get' function for permissions where e-mail addresses can be used as input?
The permissions of the current user are in the file resource as:
"userPermission": {
"kind": "drive#permission",
"etag": etag,
"role": string,
"additionalRoles": [
string
],
"type": string
},
I'm having an issue using Google Drive using Ruby.
I can create an OAuth2 client and start making authenticated calls.
I have to query the Google Documents List first in order to fetch a list of files, once I have the file IDs I try to query the Google Drive API like this:
GET https://www.googleapis.com/drive/v1/files/0B9N873iFyYR7MkRfeTAxxxxxxx?access_token=ya29.AHES6ZRckKZ2jZfC6risUtH9ZZxxxxxxxxx
However I'm getting this:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "appNotInstalled",
"message": "The authenticated user has not installed the app with client id xxxxx.apps.googleusercontent.com"
}
],
"code": 403,
"message": "The authenticated user has not installed the app with client id xxxxx.apps.googleusercontent.com"
}
}
This client id refers to an application I created via Google API Dashboard, not the Chrome Web Store.
Anyway I tried to setup a hosted Chrome Web App, configured (and paid) everything to allow a list of test users, but still I get the same error message although the app is installed correctly from the market (not local copy).
With the same client and credentials I'm able to call https://docs.google.com/feeds/ endpoints but not drive ones.
My scopes are rather complete: 'https://docs.google.com/feeds/,https://docs.googleusercontent.com/,https://spreadsheets.google.com/feeds/,http://gdata.youtube.com,plus.me,drive.file,userinfo.email,userinfo.profile'(don't look at the format, it gets fixed automatically afterwards) and they works well.
I'm not using the Drive UI, I just want to use server-side APIs. Thanks for any hints.
Have you set the "api_console_project_id" : "xxxxxxxxxxxxx" argument in your manifest ?
An example is provided here: manifest.json