I have developed a Sheets editor addon that uses the SpreadsheetApp to create a new spreadsheet that will contain a subset of data in the current spreadsheet. The problem is that SpreadsheetApp creates the file in the users root directory, and I would like to move it to same directory as the parent spreadsheet.
This was possible and worked during development, but now that I am trying to publish it, it is failing due to the Drive oauth scope being "restricted" now (despite the fact that it is currently published "internal" only, which the docs state should bypass this restriction, even though it is not [unless I am misunderstanding or misconfiguring something]).
Is there any way to achieve this without having to use a restricted scope? The Drive API contains a drive.file scope that allows access to files created using the current app, but the built in DriveApp does not.
Related
I have created a standalone Google Apps Script (it does not belong to any document). The script get triggered automatically at some fixed intervals. This script
creates a couple of folder (if they don't exist)
creates a Google spreadsheet (if it doesn exist). Read said
spreadsheet.
update calendar events
I noticed that when I first run it, it asked for permissions to read, delete all Google Drive items, all spreadsheets and all calendar events
I work on tailoring the scopes required and at least Google Drive does not have those broad permissions. I am still unable to reduce the scope for Google spreadsheet (And also calendar).
An expert #TheMaster made a post some years but is not exactly the same case.
I tried changing the scopes but the editor complained and requested that to use openById I need to change the scopes back
Ok, I ended up changing how my solution was structured.
Before Script lived outside the spreadsheet
Now script lives inside the spreadsheet. I am now know doing scopes directly on the manifest and using onlycurrentdoc.
From https://developers.google.com/apps-script/guides/services/authorization#manual_authorization_scopes_for_sheets_docs_slides_and_forms
Manual authorization scopes for Sheets, Docs, Slides, and Forms
If you're building an add-on or other script that uses the Spreadsheet service, Document service, Slides service, or Forms service, you can force the authorization dialog to ask only for access to files in which the add-on or script is used, rather than all of a user's spreadsheets, documents, or forms. To do so, include the following JsDoc annotation in a file-level comment:
/**
* #OnlyCurrentDoc
*/
Besides the above, look at each method reference documentation at the https://developers.google.com/apps-script/reference. At the bottom of the corresponding section you will find a list of the scopes that might be u sed for each method. Some methods have more than one scope, choose the one that better fits what you need.
Related
How to narrow scopes for Google Apps Script to specific files
References
https://developers.google.com/apps-script/guides/services/authorization
https://developers.google.com/identity/protocols/oauth2/scopes
I have a Google Script library that is used by at least 100 other scripts (some that are bound to spreadsheets/documents, some that are not). How can I find all of these client scripts that reference my library script?
More specifically, I need to be able to add a new feature into the library that requires new permissions that I (the user) must grant. The client scripts won't run if I just add this feature to the library without granting the permissions to each of the client scripts. So ultimately, I need to give this new permission to each of the clients. And if I knew what scripts were actually using this library, I could do that manually for each one. But I need to URL's or ID's or something for each of those scripts.
Answer:
Unfortunately this is not possible to do.
More Information
It is possible to get a list of standalone Scripts from your Drive, though scripts bound to a file can not be searched for using regular searching methods.
It is possible, using the help of this Google Account page to get a list of all the Apps that have access to your account, though only files you have authorised will appear here, and apps which are not just those created by you in Apps Script will appear there (for example, other add-ons or even Android Apps bound to your account appear here).
A Partial Workaround:
Using Google Apps Script, you can list all Apps Script Projects that you own with help of the MimeType enumeration GOOGLE_APPS_SCRIPT
var scripts = DriveApp.getFilesByType(MimeType.GOOGLE_APPS_SCRIPT);
var arr =[ ];
while (scripts.hasNext()) {
var script = scripts.next();
arr.push(script)
}
Logger.log(arr);
Or even just searching for type:script in Drive, however this only returns a list of scripts that are not bound to a file.
You can then use regular Google Drive search terms to find which of these files contain, for example, a unique method name that the library uses. I am aware this isn't a perfect solution and you would still have to look for projects bound to a file using the above webpage.
Feature Request:
It appears that back in 2014 a feature request for this was made on Google's Issue Tracker, though I would suggest creating another feature request for this here as it was marked as a duplicate of another issue. You can make a feature request under the correct Apps Script component here.
References:
Google Apps Script - Enum MimeType
Google Drive Search Query Terms
Apps with access to your account
Google's Issue Tracker
Feature Request: Listing and searching for container bound scripts
Create an Apps Script Feature Request
I'm working on an Forms add-on which would allow you to export survey response data and/or save it to user's Drive. Is there no way to do this other than allowing full Drive access through the most extensive scope?
And about publishing editor add-on, how does one go about with it? I'm unable to get it to G-Suite marketplace, and the original unlisted version was on Chrome Webstore. (which is now unavailable)
I tried to test it with "Integrate With Google" via the G-Suite Marketplace API, but nothing shows up when testing. I don't know why, since the add-on works as expected via "Test as extension" from Google Apps Script editor. And the "waiting for review" has been taking ages. Is there any way to know the status of it?
EDIT: It seems like only Drive API can be used with custom scope (after enabling it), but DriveApp always requires full-access scope. And the functions that fetch files from Drive ONLY give out those that the script has access to (created or opened with) if you're using drive.file scope.
...the publishing part is still a mess though.
Regarding scopes and using Drive through Apps Script, there is two things that are needed to know.
1) DriveApp class that is readily provided in Apps Script, always requires full read-write access to user's Drive. This apparently can't be changed.
2) Drive API (v2) under "Advanced Google Services" allows usage of all available Drive scopes. This, however, needs to be enabled separately.
Another thing: drive.file scope allows you to only access files and folders in user's Drive that have been opened or created with specific script. This includes queries, so you only get what you can access. No need to check permissions separately.
In my company we use a team drive, where we store a template spreadsheet which our API server copies a lot of times. The spreadsheet contains a few custom Google App Script functions which should be copied as well.
Right now when the API copies the spreadsheet, the scripts stop working in the copy. According to this issue https://issuetracker.google.com/issues/36762799 , service accounts can't execute scripts. However, in a Team Drive there are no owners. I even checked the permissions with Permissions.List from the Drive API and I can see that everyone is an organizer and the API does not allow me to specify another user as an owner, but the scripts still won't work (Error: Please try saving the project again). On the other hand, if I go and copy the generated sheet by hand, scripts execute just fine.
I tried moving everything to an add-on, however to my displeasure, it appears that service account-owned files can't execute add-on scripts as well (if the file is created by the bot, custom function names simply fail to resolve).
Does anyone know of a way to deal with this situation? Is there a more elegant solution besides using an actual account for the copying if that's even possible to do programmatically?
I'd like to manage spreadsheets (uploaded by a client via API) over google engine. I created test spreadsheet extended by functions in .gs script (which works great if I add them via online editor) but I do not know how to apply such a .gs script to every uploaded spreadsheet automatically (possibly via API).
Moreover, I do not want to share this .gs file by publishing it as an extension (because of security policies).
Updated: I also tried copying existing spreadsheet with working gs script and overwriting its spreadsheet data via API (instead of uploading new one) - it's overwritten data successfully but unfortunately lost gs script. Details are described in separate (bounty) question: Custom google app script doesn't work after copying spreadsheet with google java client
So I've even tried copying using plain HTTP methods since I thought it might be a problem with Java SDK but it still didn't work which means that there is some problem at google side (or something is really unclear) with service accounts.
After all I solved the problem with another approach.
First I copy spreadsheet with script attached to it to my service account (as I described in this Custom google app script doesn't work after copying spreadsheet with google java client topic). The file is copied with broken script.
Then I make user authorize using google's oauth (this tutorial shows how https://developers.google.com/identity/protocols/OAuth2WebServer#overview)
And then on his behalf I perform copying.
Finally the file is on his private drive which is the biggest downside of this solution but at least the script works which was my main goal.
Hope it helps ;)
You can publish a google script without it going on the Marketplace. If you make a Google group you can publish in such a way that only members of your google group can see it. If your google group only has you, only you can see it. Then it will be on all of your spread sheets.
The downside being that google will never let you remove it from their server, only unpublish it.
You can create a stand-alone script that is independent of any spreadsheet. This script would contain any methods/functions needed to create and manipulate spreadsheets according to your use case. Furthermore you could deploy the script as a web-app and implement a doGet() or doPost() method. Whenever a user uploads spreadsheet data via API you can call the web app with the information and have it create spreadsheets as needed.