As title says...
BUT, I've made a web app for output some result based on a data search using parameters submitted in a google form in my google site.
I work in a school so no way that all teachers has, or want to use, or want to waste time just for know which labs are available in some time slots.
I really need that everyone can run web app ... obviously I deployed it with access anyone, even anonimous but
https://sites.google.com/itsluigicasale.gov.it/prenotazionilab/trova-un-laboratorio-libero
have I made some errors?
is there any workaround?
I'd like to use it without access or ask for permission for the users
Related
For several years we've had a Google Site setup on a non-profit G-Suite domain. This site is used once a year for a conference we hold with about 200 deleagates. The site is used by delegates for some simple stuff like reading documents, but there is a much more complex part of it too.
I've used Google apps script to write a system where users can do voting, speaker queueing, elections, and a daily checkin/rollcall. How it looks to users is they goto a page, and they see a "Vote Yes", "Vote No", and "Abstain" button. These are embedded Google apps script applets on the Google site page. Similar for the speaker queue and other functions.
On the backend, when a user clicks "Yes" or "No", the script submits a Google form on their behalf, with that answer. The form is tied to a Google sheet. Originally we had it directly append a line to a google sheet, but found with 200 people voting at the same time, we ran into performance issues and limitations with Google sheets.
The script then does stuff like de-deuplicate the results (incase someone voted multiple times), tabulates the results, and displays the results. This is all done on another page on the site that the officers running the conference can see.
For speaker queue, users basically click a button to say "I want to speak", and their names get added to a google sheet. The officers running the conference then call them up when it's their turn to speak. Users can also click a button to see where they are in the queue, and they'll get a response on the page like "You are currently number 3 of 27 users in the queue". They can also click a different button to remove themselves from the queue.
With that all explained, we're looking at potentially switching away from Google Sites, and considering Microsoft Sharepoint Online. The reason for this is we're using "old" Google sites, which Google has said will be shutdown at some point. "New" google sites currently does not support any scripting or API's at all, so it's impossible to redo our site in that system currently. They say API's are coming, but no details on what will and won't be available.
We have access to a free non-profits domain on Office365 (E1 tier) which gives us sharepoint online, active directory online, and $5k for free Azure credits.
So I'm asking you all here if there is some similar system available with O365/Sharepoint online. I'd want to change where all the data is stored to an SQL database, as storing stuff in sheets isn't ideal from any viewpoint, it's just the best option we had at the time. Ideally, the code for this would all live in the cloud like it does with Google. If I have to write code in Visual studio and upload it then I'm OK with that, but for maintenance purposes it would be really nice to have it all stored in the cloud and not need to install a thick app to work on it.
Basically we need the ability for users to login to a sharepoint site with their o365 account (we issue them the account), be able to interact with the site to send and receive data from SQL (which is running in Azure on same domain).
Can anyone point me in the right direction? It seems much more complex on the MS side, with way more potential methods for doing it (Graph, Sharepoint Addons, etc).
A couple photos:
Thanks!
I would like to provide a no coding solution here. If we want to code, then we can use SharePoint Add-in to do almost everything, such as collect user input and display data.
I've used Google apps script to write a system where users can do voting, speaker queueing, elections, and a daily checkin/rollcall. How it looks to users is they goto a page, and they see a "Vote Yes", "Vote No", and "Abstain" button. These are embedded Google apps script applets on the Google site page. Similar for the speaker queue and other functions.
On the backend, when a user clicks "Yes" or "No", the script submits a Google form on their behalf, with that answer. The form is tied to a Google sheet. Originally we had it directly append a line to a google sheet, but found with 200 people voting at the same time, we ran into performance issues and limitations with Google sheets.
I think we can create a Microsoft Form or Microsoft PowerApps to get user response. And then Store the data to a SharePoint list.
The script then does stuff like de-deuplicate the results (incase someone voted multiple times), tabulates the results, and displays the results. This is all done on another page on the site that the officers running the conference can see.
We can use Microsoft Flow to process the data, such as remove duplicated data. On the other hand, we can display results in PowerApps.
For speaker queue, users basically click a button to say "I want to speak", and their names get added to a google sheet. The officers running the conference then call them up when it's their turn to speak. Users can also click a button to see where they are in the queue, and they'll get a response on the page like "You are currently number 3 of 27 users in the queue". They can also click a different button to remove themselves from the queue.
We can do it in PowerApps.
I'm a hobbyist student developer playing around with the Actions on Google to create a simple "text adventure" game on Google Home. Since Google Home will be speaking to the player rather than the player reading the text, I'm hoping this will create an experience similar to the "Dungeons and Dragons" roleplaying game, with the computer working as the "Dungeon Master." With the natural language assistance offered by API.AI and Actions on Google, it seemed like a good fit, since the player can respond "naturally." Here's an example of an Amazon Alexa skill that does essentially what I'm going for.
However, every time I boot up the game, it's always a new game. I'd like to store a savegame with the user's previous state in a JSON file hosted on the user's Google Drive -- Since I'm just a student doing this for fun, I don't actually have an official website or anything beyond a free Heroku server I'm running the app from, making storing saves on my end pretty much out of the question.
I've walked through the Google Drive REST quickstart for Node.js, and I've gotten that working in the console just fine. The only problem is in that quickstart, the user has to click a link to authorize the application to read the stuff in their Google Drive account, and I'm not sure how I'd be able to "click a link" and give back an access token via voice on Google Home.
Is there a way to do this via Google Drive? Or is there a better way to provide persistent data between sessions? I don't normally work in web development, so any help would be appreciated.
The bad news is you won't be able to get away from the need for a user to use his web browser to authorise your app to access his Drive.
The good news is that you only need to do this once. When your app requests authoirsation, it should specify "offline", which will result in you being given a refresh token. You should save this somewhere in your database of users. Whenever you need to access the user's Drive, you can use the saved refresh token to request an access token and you're good to go.
You have a few problems that you need to solve here, and while they seem related, they're not as related as you might hope:
You need to get authorization to access a user's Drive space
You need to authenticate the user's Home (so you know this person has come back)
You have to connect the two relationships - so you know what Drive space to use for the Home device that is talking to you
You've found the answers to (1) already, and as noted, you'll need to use a browser for them to authorize you to access their Drive. You'll then store the refresh token and will be able to access it in the future.
But that is only part of the problem. Home does not provide you access to the user's Google account directly, so you'll have to manage your own account mechanism and tie it to Home. There are a few solutions here:
Home provides anonymous user identity in the JSON sent to your webhook. You can access this using getUser().user_id if you're using the Actions API library, or access this in the data.user.user_id field in the JSON. While this is similar to a browser cookie, it only stores the user ID and can't store additional data. There is also no concept of "local storage". On the plus side, this ID is consistent across devices.
You can request user information such as their name and address. But it doesn't have anything unique or account information, so this probably isn't useful to you.
You can implement an OAuth2 server and do account linking. Note that this is the other side from what you need to do with Google Drive - you'll be providing the access and refresh tokens to authenticate and authorize access to your account and the Google Home device will send these tokens back to you so you can determine who the user is. You don't actually need to store account information - you can provide token information using JSON Web Tokens (JWT) or other methods and have them store account information in a secure way. Users will use the Google Home app to actually sign-in to your service as a one-time event.
In order to handle (3), you may be thinking that (1) lets you get tokens and the OAuth solution for (2) requires you to hand out tokens. Can the two be combined? Well... probably, but it isn't as straightforward. You can't just give the Google OAuth2 endpoints to Home - they explicitly block that and you need to control your OAuth2 endpoints. You may, however, be able to build proxy endpoints - but I haven't explored the security implications of doing so.
I think you're on the right track - using Drive is a good place to store users' information. Using Home's account linking gives you a place where they have to come to your web site to authenticate and authorize their Home, and you can use this to do the same for their Drive.
I want to create a script that runs on a Google site. The script would perform a specialized calculation for a given user and then display the answer for the user. The script would depend upon user input, but the code itself should not be viewable by the user. I want the code to exist in a "black box" so that the calculation formula can be kept secret. Is this possible?
I searched the documentation, but only found this, which does not address this question:
https://developers.google.com/apps-script/guides/services/authorization#permissions_and_types_of_scripts
Whether your App script is embedded in a site or written as a standalone script does not change a lot of things... the only difference will be the way you include it on a page as a gadget.
If it is embedded it will be available from a list of scripts in the page editing, if not you'll have to use the .exec url of the deployed webapp.
Anyway, that does not change the way people will have access to the app.
You can define these parameter when you deploy the app (which is mandatory in both cases), allowing for anonymous access or requiring to be logged in.
If I understood you correctly, you would like to restrict the access to some people but not share the code.
Depending on how you defined the access mode above and wether you are using a Google Apps inside a domain or not, you will be able to do it using 2 ways :
in a domain you can get the logged user identity and use that to accept/deny showing the app.
in a "normal" gmail account you will have to implement some sort of logging feature to request a user name and password to give access to the active part of the app.
In both case you never need to share the script itself, this sharing parameter is independent from the webapp access.
I hope I understood your question correctly... if not, feel free to comment.
You might check out the Private Functions section of the following page.....the example is similar to what you're referring to, I think.
https://developers.google.com/apps-script/guides/html/communication?hl=ru
I don't fully understand how they work and haven't used them myself, but I bookmarked it to figure out later. Maybe another user who understands Private Functions better can explain...
I have developed a web application using Google scripts UIApp class which will collect the data of work done by each associate and writes data to my spreadsheet.
Problem I'm facing is I have to share my spreadsheet to all the associates with write permission where it enables them to see others data. I want to hide this sheet from all but they should also be able write data using the web application I shared.
Please let me know for more details or any code snippets
Note: I have Not used Google Form because I need change the list values dynamically based on the selection and the type of user.
You can deploy the app you have built with UiApp to be executed as "you" and allow access to anyone. The spreadsheet won't need to be shared anymore but as it is anyone (even anonymous if you are not in a domain) will be able to use it...
You'll have to implement an access control yourself, again this will be different in a domain or in a "normal" gmail account (in a domain you can get the user email, in a gmail account you can't)
(since apparently I can't comment.. but to follow up on this question.)
Is there a best practice for running as something other than really-yourself?
Say a team is managing it, or your a contractor who won't stay with the company, and so you're account and access is likely to go away.
I assume it results in creating a shared account, or perhaps a groups or something? You start getting into all sorts of ACL issues. And a simple ``run as yourself'' doesn't seem like a good long term solution.
First I apologize if I'm a dolt and am missing something obvious, but I've spent a few hours scouring documentation and am lost.
I'm trying to write a python script that will upload a bunch of images to a single user's Google Drive. The user already exists and will never change. I am not writing a web app and don't plan to use any user interface whatsoever. Everything will be done through code.
As best I can understand from the Google documentation, I have two choices:
1) Write a web app and register it to use the Drive DSK. This of course requires having urls and such for the web app.
2) Create a service account, which ties my "app" to a new service account email.
Neither of these options works for me. Is there any way to simply log in to a single user account and access their drive through python scripting?
There is a deprecated API called ClientLogin that would enable you to use the username and password for a login to access that Drive data.
But the basic idea is that you should be using something more secure -- from your users' point of view -- that allows them to authorize you without giving you their password.
For your use case it is possible that the user is you or someone you know and that you are accessing their account through a more personal kind of authorization. In that case, ClientLogin may be your best choice. If this is an application designed to be used by arbitrary users, the deprecation of ClientLogin is for a good reason and I would urge you to bite the bullet and choose one of the supported options.
The correct solution is to separate the authorization phase from the access phase. The authorization process needs to be run one time only, and can be done from a simple web site. The result of this is a refresh token which is analogous to a username/password. You will need to be aware of the security implications. Make sure you only grant drive.file scope to minimise the impact of a security breach.
Since you are uploading images, you might also want to look at the picassa api.