Convert Gmail mail into file and send over a webservice - google-apps-script

Is it possible to create an add-on that can send off the contents of an email into a webservice? I see lots of documentation on add-ons interacting with external webservices and have been able to follow a simple demo about it, but there isn't much I can find about interacting with the emails itself.
I have an add-on in Outlook that grabs the email and sends it off to a webservice, but I want to replicate this in Gmail in some way.
Next, I would also like to know if it's possible to use a different web service based on the user. For example, if I were to deploy this same add-on for a coworker but they needed to send the email to the different service. Is there a configuration file somewhere that controls this?
Lastly, I was also interested in how Gmail add-ons store personalized information, as I feel like it would help clear things up. E.g. how the tasks add-on grabs the right ones for the currently logged in user and where they are stored.
I would be open to any other solutions to this issue.

Communicating with web service
You can use the UrlFetchApp class to connect to any target web service if it can be accessed via HTTP request. If you need to access different web services for different users, you can either do so via storing "user:url" property (see below) or by conditionally changing the URL according to effective user.
Determining the user
You can determine under whose authority the Add-on is running by using a Session class method getEffectiveUser() and getEmail() on the resulting user.
Storing personalized info
As for storing and fetching personalized information, there is a PropertiesService class you can use. Since you want to store info related to end users, you'll need to get a Properties class instance with access to user-specific properties via getUserProperties() method.
Useful links
Gmail Add-ons reference;
PropertiesService class reference;
Guide on PropertiesService usage;
UrlFetchApp class reference;

Related

How to use OAuth 2.0 with a Google Apps Script library, with a static redirect URL?

I can't figure out how to make a shared Google Apps Script library, that uses OAuth 2.0.
The problem is that the usercallback redirect URL changes, every time I use the library in a different script. However, that means I'd need to add a new app and whitelisted redirect URL to Asana for each spreadsheet I use the script in. I'm using https://github.com/googlesamples/apps-script-oauth2.
Is there a way to always authenticate with the same redirect URL, so that the library I make can be used from any script, without registering a new redirect URL in Asana?
I'm a Developer Advocate here at Asana. If I understand your question correctly, then yes, you'll have to handle the callback separately for each script. For security reasons, we validate that the OAuth app registration registers the same url as an integration actually requests when authenticating. If this weren't true, for instance, it'd be possible to create a malicious script that uses the client_id from a legitimate script but asks for the redirect to go to its own credential-grabbing endpoint. This is fixed if the app that got the client_id on app registration also specifies precisely which endpoint should be the legal endpoint to redirect to. That means each OAuth app needs to have its own unique and consistent redirect URL :(
I suppose you could possibly create a single "router" Google Apps script which would set the state parameter with some user/script pair when hitting Asana's oauth_authorize endpoint and forward the user credentials on to the script that exists behind the router script based on that user/script pair when the response comes back, but it's not super trivial.
One final option would be to use a Personal Access Token to access Asana's API. This one token can be used by an unlimited number of scripts for access. The downside is that this token "looks like you", that is, it takes action on behalf of not a third party user but you yourself - your scripts would be an automated version of the user whose Personal Access Token they use. This can be mitigated to some extent by creating a "bot account" to access our API and giving it access inside of Asana to the projects or teams you want to gather data on. The other downside to this approach is that every script that uses the personal access token will break if you ever revoke the one token, so if that ever happens by either intent or accident, you'll have to update the Personal Access Token information in every script that uses it.
Hopefully this helps you to evaluate the options and choose which one of these options works best for your script.

Admin access to Domain User's Gmail?

I'm currently writing an auditing script that is focusing on users' gmails and need access to their message lists. I have admin access and scopes for the AdminSDK, the script will be executed by the admin.
I'm wondering how exactly to do this? I have my domain's userlist via Directory, but I can't use GmailApp with a specific user, only the current user(admin). I was also thinking about assigning a timed Trigger to each of the users and using GmailApp locally, but I can't figure out how to do that either(I don't think this is possible).
One idea that I'm working on is pinging the Gmail API using the admin's credentials via URLFetchApp, but can I get my domain's users information with this method?
What are your thoughts? Any guidance will be appreciated.
I'm currently using GAS on a service account.
While using service account, you can impersonate users in your domain and perform actions on their behalf. For this you will need to perform domain wide delegation of authority in your domain.
Here you can find documentation about domain wide delegation.
Here you can see an example, I know is on Drive but the principle is the same.
Hope this helps.

How to give write permissions only to UI app to write data to a Spreadsheet

I have developed a web application using Google scripts UIApp class which will collect the data of work done by each associate and writes data to my spreadsheet.
Problem I'm facing is I have to share my spreadsheet to all the associates with write permission where it enables them to see others data. I want to hide this sheet from all but they should also be able write data using the web application I shared.
Please let me know for more details or any code snippets
Note: I have Not used Google Form because I need change the list values dynamically based on the selection and the type of user.
You can deploy the app you have built with UiApp to be executed as "you" and allow access to anyone. The spreadsheet won't need to be shared anymore but as it is anyone (even anonymous if you are not in a domain) will be able to use it...
You'll have to implement an access control yourself, again this will be different in a domain or in a "normal" gmail account (in a domain you can get the user email, in a gmail account you can't)
(since apparently I can't comment.. but to follow up on this question.)
Is there a best practice for running as something other than really-yourself?
Say a team is managing it, or your a contractor who won't stay with the company, and so you're account and access is likely to go away.
I assume it results in creating a shared account, or perhaps a groups or something? You start getting into all sorts of ACL issues. And a simple ``run as yourself'' doesn't seem like a good long term solution.

GAS execute under the content of active user

Is it possible to use a Google form, develop a GAS script that executes on form submission but have it run under the context of the users submitting the form?
Users will be in a GApps for Business domain?
Will it need to be published as a web app using doGet(), even though there will be no UI?
Only webApps have the ability to run under user's authority and they have an authorization request feature to handle that case. A form has no way to ask for authorization so it won't be able to do anything (or to trigger a script that would do anything) in the name of a user without explicit permission. That's a basic security case and hopefully there will be no way to go around it.
I guess the only way to get what you want would be to create the form with UiApp or HTML Service and deploy it as a webapp running under user's authority, in that case your users will be asked for authorization to access the services you need.
note : you said "even though there will be no UI?" but the form itself is a Ui isn't it ?...

user email in About service

I need to get the user email when I get document permissions. I have seen this problem here
value attribute for Permissions Resource not populated in responses
but in about service does not appear my email. I need it because I have a service account and my application need know the user email. I want to avoid call to profile service.
Is this possible? from where I can get the user email?
Thanks.
As you rightly say, you will have to make a call to the profile service. In some ways it is better like this, because it separates the concerns of the Drive API and the Profile API, and can use specific scoping to let the user know exactly what they are authorizing your app to do.