So I have a company website which has different permissions for different users. The authentication works by comparing the current users google login email to the ones on a google sheet, and that way gets the correct permissions for the website. The program works well, but can't detect the email from an user who isn't the editor of the script. I understand this is to prevent websites collecting email adresses, but is there a way to ask the user's permission to view his/hers login email adress name in order to get the correct permissions?
The code looks like this:
var user = Session.getActiveUser();
var email = user.getEmail();
var sheet = SpreadsheetApp.openByUrl('link to the google sheet I use').getActiveSheet();
...
//In a loop to go through sheet:
if(sheet.getRange(i,1).getValue() === email && email !== ""){
//Continue...
}
If i try this with other users, the email is blank. Any idea what I could do?
According to the Apps Script Web App documentation here:
The permissions for a web app differ depending how you choose to execute the app:
Execute the app as me — In this case, the script always executes as you, the owner of the script, no matter who accesses the web app.
Execute the app as user accessing the web app — In this case, the script runs under the identity of the active user using the web app. This permission approach causes the web app to show the email of the script owner when the user authorizes access.
Therefore, in order to retrieve the email of the current user you will have to change the permission to Execute the app as user accessing the web app.
Reference
Apps Script Web Apps.
Related
I have a working GAS web application that is deployed
execute as - me
who has access - anyone
now I need to separate data that the users are using, storing, accessing. I was thinking of using Google Sign-In but then I thought that I might somehow get user's info when they are logged into their Google account if I deploy with the who has access option set to Anyone with Google account. But I am not able to find anywhere how or if even I am able to get any details of the logged in user.
The only info that is related is this SO question Get user info when someone runs Google Apps Script web app as me . The solutions proposed https://stackoverflow.com/a/59974388/250422 seemed to me too complex if I can get details of the logged user in my GAS code.
Or is there any simple way how to protect my GAS web application with login? I want to save user related data to a dedicated spreadsheet for that particular user. So I need to somehow identify the user.
UPDATE
To be clear what I want to achieve
have a GAS web application with login authentication
each user of such application got separate Google spreadsheet file stored under my account or somewhere where I got access to it but NOT the end user
preferably I would use an existing facility for the login part
UPDATE2
as requested the code that I am currently using is
function doGet() {
Logger.log("let us start");
var htmlTemplate = HtmlService.createTemplateFromFile('index');
// htmlTemplate.dataFromServerTemplate = { fromServer: zzlib.settings.toHTML};
var htmlOutput = htmlTemplate.evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
var email = Session.getActiveUser().getEmail();
Logger.log(email);
tmplibX.saveFile(email);
HtmlService.createTemplateFromFile('index').evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL) //SAMEORIGIN
return htmlOutput;
}
and the tmplibX.saveFile(email); looks like
function saveFile(fileName){
console.log("from library");
Logger.log("from library");
console.log(fileName);
var fileName=Session.getActiveUser().getEmail();
console.log(fileName);
DriveApp.createFile("FROM-LIB-"+fileName, 'Hello, world!');
console.log("finished");
}
Bismillah... Hii I'm actually glad to see someone is doing what I do..
So what I do is: I CREATE TWO WEB APPS.
First is Execute as User accessing the web app and Accessible by Anyone with Google account
Second is Execute as Me and Accessible by Anyone
And what I write in the First Web App is:
function doGet(e) {
var em = Utilities.base64EncodeWebSafe(Session.getActiveUser().getEmail(), Utilities.Charset.UTF_8)
return HtmlService.createHtmlOutput('<script>window.top.location.replace("https://script.google.com/macros/s/mySecondWebAppDeploymentID/exec?e='+em+'")</script>')
.setTitle('myTitle').setFaviconUrl('https://i.ibb.co/xxx/myLogo.png')
}
This will redirect to the Second Web App with a parameter called e which is the users email encoded in Base 64. Which is the only data we can get.
Then in the Second Web App, u can write whatever u want, like redirect to a prefilled gform or getData from a Spreadsheet then match it with users email than do whatever according to the data...
The essential code of the second Web App is:
function doGet(e){
var email = Utilities.newBlob(Utilities.base64DecodeWebSafe(e.parameter.e,Utilities.Charset.UTF_8)).getDataAsString()
//Do whatever u want with that email string variable
}
Actually I was hoping to find someone else doing this, because I want to know what is the limit of this 'get Email' feature from App Script.
I was planning to use this for an event registration with Estimated Users up to 1000 users. Of course it would be troublesome if this feature is limited and ended up collapsing.
Hope this help, and I can know what exactly is the limit of this feature.
In order to add the user information such as their email address from your web app to a specific Spreadsheet in your Drive you should follow these steps:
Create the web app. Then you can use a simple function in your code.gs like the one below to insert a row with the user's email to the Spreadsheet you have chosen in your Drive to store this data:
function doSomething() {
SpreadsheetApp.openById('SPREADSHEET ID').getSheetByName('SHEET NAME').appendRow([Session.getActiveUser().getEmail()])
}
Once you have your HTML and script ready, you can deploy this web app as Execute as : me and Who has access to this web app : anyone with a Google Account. In this way the script will execute only on your account and will only modify your prive Spreadsheet while being able to retrieve the user information. Note that in this way user's won't be asked for authorization as you will be the only one running the scripts behind this web app (however, all users must have a Google Account).
Reference
Permissions execute as me vs as the user
getEmail
I need to get the email of the user accessing the web app. The web app is embedded in a google site.
I know how to do that with the following:
var email = Session.getActiveUser().getEmail();
However, that requires that the user grant permission to the script and the permission message is quite scary: it allows to send email on the user behalf, modify any of his/her google sheets, and so on.
Is there a way to avoid that wide range of permissions just to get the user email?
Update: my script also need to update a sheet, but does not have to be updated by the user. However, I need the user to run the app themself to get their email.
The permissions referred in the question
it allows to send email on the user behalf, modify any of his/her google sheets, and so on.
aren't related to
Session.getActiveUser().getEmail();
According to https://developers.google.com/apps-script/reference/base/session#getactiveuser the above method only requires
https://www.googleapis.com/auth/userinfo.email
If you want a less "scary" permissions you should have to remove the methods that require them or set the oAuth scopes manually in the manifest and/or th oAuth consent page of your project.
I met a question in process of development, if the user did not be authorized to access "Drive", the system can not return current user email address via "Session.getActiveUser().getEmail()" when user access a Google site, the system return empty value.
But a month ago it is OK, I could get user email address via "Session.getActiveUser().getEmail()" in my Google applications, now couldn't. Why?
Sample Coding for a Google Site:
function doGet(e) {
var app = UiApp.createApplication();
var La = app.createLabel();
app.add(La.setText(Session.getActiveUser().getEmail()));
return app;
}
It depends on who has access to your app - is it you alone, anyone or anyone, including anonymous.
If it is set to anyone or anyone, including anonymous, have you logged in to your gmail account when you visit the google site.
i have an application (called:leave management) for my company that created from google sites(for UI), google spreadsheet(for Database) and integrated with google apps script. This application handled request for leaving, so, employee that login with company email can read and write the spreadsheet from google sites.
And here's the problem...i don't want the employee could edit the spreadsheet "DIRECT"...they should be write and read on the google sites...so the sharing settings for the spreadsheet must be "PRIVATE"...but it's impossible for read or write by other employee if the spreadsheet was "PRIVATE"...
in my mind...we can access the spreadsheet but we must have email spreadsheet owner, and the password too...it should be like this
var Sheet = SpreadsheetApp.openById("SpreadsheetID", "emailSpreadsheetOwner", "passEmailSpreadsheetOwner")
but yeah...it's doesn't work...
could you help me??
thanks :)
I use the same setup in an app, the spreadsheet is set to 'anyone with the link can edit' but no user knows the name or the ID of the sheet so they can only write and read through the UI and they'll never open the ss itself.
Isn't that what you want ?
There are two ways of deploying your application. Given your requirements, have your application run as the owner of the script and not as the 'User accessing the web app'
This way, you (the owner of the script) can keep the spreadsheet private, yet be able to write and read from it when a different user accesses the application.
I read the tutorial, https://developers.google.com/apps-script/articles/building-sites-app-part2 that uses spreadsheet service in Google sites. The code uses the spreadsheet key. However to access my mail should I use Oauth or something like,
var email = String(Session.getUser().getUserLoginId());
Can we also use minute trigger when we embed GAS in google sites?
Your question is not clear. What do you want to do ? Do you want to get the email ID of the user or do you want to access your email.
Session.getUser().getUserLoginId() only returns the login id of the logged in user. And it works only in Google Apps accounts (not consumer accounts).
If you want to access your email, then make use of the Gmail service