Unable to access spreadsheet which is published to the web from appscript - google-apps-script

I've written a app script(web app) to access spreadsheet and display it's content based on search criteria.
Web app should display content based on given name
It is working fine with my own gmail account. But when other users(given access for app script web app) tried this app they're seeing error as
"Exception: You do not have permission to access the requested document." It is throwing an error when SpreadsheetApp.openById(spreadsheetId) is executed.
By giving an explicit access(sharing with user) to the spreadsheet, he is able to access the data without any issue.
But as spreadsheet is already published to the web to access by anyone, why should it required again an explicit access to execute spreadsheet.
Is there way to access spreadsheet data without sharing it with the end user? Thank you in advance for the help.

I understand that you published a web app that opens a certain Sheet. In the "Deploy as web app" menu (opened from the Apps Script editor and selecting Publish ⮞ Deploy as web app) you would have been asked to determine how to "Execute the app as". You can choose between these values:
Me: every web app user will open the Sheet as yourself.
User accessing the web app: every web app user will open the Sheet as themselves.
As a consequence of the second case, the users would need previous access to be able to open the Sheet. Since you want to give them access no matter what, I recommend to use the first option. Please, ask me any additional doubt.

Related

Setting up permission for app execution in google apps scrip

Could somebody please give me some assistance or to refer me to a documentation or an article for the following.
I am developing a web app using Google Apps Script. Is there any way that I can set up the project so the web application could same time:
1)access the data ( gmail, calendar) of user who is running the app,
2)access the data of the app's owner / deployer but only throughout the app (For example I don’t want to give access to spreadsheet data outside the app i.e. I don’t want to share the spreadsheet with an user accessing the app),

Is it possible to use multiple authentications in a Google Apps Script web-app?

I know how to write a web-app and publish it as myself. What I am trying to do is publish a web app so that it can access both my data and the users data.
For example, the web-app would read data from a Sheet that I own, and then add it to a Sheet the user owns.
I realize one approach is to make my sheet accessible by anyone with the link and have the web-app run in the user's context. When the user views the web-app it will run in the user's context so it can access their Sheet and Since my sheet is viewable by anyone with a link it will be able to access my Sheet.
However, I am trying to do this without making my sheet accessible by anyone with a link.
Is this possible?
Workaround#1: Two web apps
Use two web apps and handle authentication between those two:
WebApp#1: API to access your sheet
Execute as "Me"
Access: "Anyone, even anonymous"
Handles incoming POST requests: checks for necessary authorizations, authenticates the request and returns data from sheet.
WebApp#2: User facing app
Execute as "User accessing the web app"
Access: "Anyone"
User requests data from your sheet> Client requests Server(google.script.run)> Server POSTs request along with necessary authorization headers using UrlFetchApp> receives and parses the sheet data and provides it to client.
Notes:
This set up security is only as strong as the authorization/authentication used between the web-apps.
Workaround#2: Client side Google sign in
Implement Google signin in your webapp.
Execute as "Me"
Access: "Anyone, even anonymous"
Users accessing the web-app must sign in
After signing in and authorizing access to their sheets, you can use sheets api to write to their sheet
References:
Google sign-in
Sample snippet: Sheets api access from browser
Related question

How do I obtain permission to publish a google script as a web app?

When I attempt to deploy my Google Apps Script as a web app, I get a message saying "You do not have permission to perform that action." It would be great if the message had a link to how to resolve that issue.
I've looked and have undoubtedly missed something both important and well-hidden :)
So, how do I obtain permission?
Thanks.
AFAIK, you first need to decide whose authorization the app should run with. As mentioned in Permissions,
The permissions for a web app differ depending on whether you choose to execute the app as the owner of the script or as the active user who is accessing the web app.
If you choose for the script to execute as you, then the script will always execute under your identity, that is, the identity of the owner of the script. This will be the case regardless of which user is accessing the web app.
If you choose for the script to execute as the user who accesses the web app, then the script will execute under the identity of the active user who is accessing your script.
To confirm whose authorization will it be, select whose authorization the app should run with under the Execute the app as. Please check steps given in Deploying a script as a web app.
For more information, you may want to visit Web Apps and also Authorization for Google Services.

Is there a way to build an Google Apps Script application that uses BigQuery Service as a service account instead as a user?

What I trying to do here is an application that connects to bigquery, executes some query and writes a spreadsheet in current user's Google Drive.
I know that I can change the "Execute app as" option when deploying the app. But when I do this, and the user try to use the app, Google asks for permission to access the BigQuery.
I do not want to give permission to each user to access BigQuery.
We have about 50 ~ 100 users who will use (and this number can increase)
Some images:
When access the application's url: http://i.imgur.com/kGzJ3ps.png.
When the user clicks in the "continue" button:
http://i.imgur.com/4cRmhZ6.png
Hope I've been clear.
You would probably need an App, that had people sign in with their Google account using oAuth2
Google Accounts Authentication and Authorization
I think that this link gives an overview of what your options are:
Permissions and Types of Scripts
I guess you would need to have an App, that ran as User at the keyboard, so that the spreadsheet saved to their Google Drive. If you wanted the user to be able to download a file to their computer drive, that's a little different.
Just use HTML Service. It's basically just building a website. You just don't have a domain name. But the spreadsheet you are distributing doesn't have a domain name.
HTML Service Google Documentation
From an Apps Script HTML Service, you can write to Spreadsheets, Documents, and run HTTP Requests (urlFetch).
URL Fetch Service
The permissions in the Apps Script App can be set to run the Apps Script file as yourself, with access to anyone, even anonymous. That way, the user will never be asked for permission for any files that you own. You will need to authorize it once, the first time any script that needs access to your files is run.
Because anyone could run your Apps Script App, you might want to have a log in system to authenticate users.
You would need to use the Big Query API with Apps Script urlFetch to access Big Query.
So, with the HTML Service, you can do most everything you could do with HTML, CSS, and Javascript on a regular website. You can create custom input forms, have different pages and display data in tables. Plus it's served over HTTPS.
One solution that you can use if you don't want all your users to enable BigQuery is to use a webapp deployed as a service running as "you" and that will respond to an urlFetch coming from each user through the script they run as "themselves".
This service will be deployed as any other webapp using a doGet main function and return its data using contentService
Yes, that is possible. Check out this answer here: Using Advanced Google Services with Service Account and also check this awesome library: https://github.com/googlesamples/apps-script-oauth2

Share a Google App Script to other users - permission requested & authorize script

I've created a spreadsheet with some GAS behind it that opens a form with some inputs, and now I need to deploy the webapp and share it to some other users. The problem is that when the other users try to open the spreadsheet (shared in Google Drive), they get this error message:
I've already tried to:
Share the spreadsheet to the user/s (Adding the user/s email address with permission Can edit)
Deploy the webapp settings with the following settings:
As you can see, the setting screen reports "You need to authorize the script before distributing the URL".
How can I authorize the script? I can't find a way to do that. Do you know if there's another way to share and let other users run the script?
Since you selected to execute the app as you, you need to authorize this script first.
Just select method doGet and press run in the editor, you will get the chance to authorize.
The problem is you are mixing web app with ui dialog on a sheet.
The webapp is accesed from the webapp url (given when you publish the webapp).
The ui dialog is a window shown on top of the spreadsheet.
You want to use webapp, follow the tutorial for that. Publish it to be accesed from the domain if all users are in the same gapps domain. Else use public anonymous.
Run doGet before publish to authorize. Its also possible to do the other ui-on-sheet but you need more steps for each user to authorize.
You need to manually verify that your script has access to the document.
Add a function to your script that accesses the document:
function doInstall() {
var mysheet = SpreadsheetApp.openById('x4535khxxhidh...');
}
In script-editor select: Run->doInstall (Or what ever you call your function) when you should be asked to verify that the script is authorized to access the document.
The following worked for me:
Go to «Publish»
Click on «Deploy as web app»
Click on «Disable web app» (in case you have published it already)
Execute the Script clicking on «Run»
Authorize the Script and grant permissions with your account
Again, go to «Publish» and click on «Deploy as web app»
Add another «Project version» (in case you have published it already)
Change «Who has access to the app:» to «Anyone, even anonymous» as needed