I want to remove a file from shared with me by deleting its permission.
But I can't delete it because of insufficient permissions. How can I delete it?
What I had done so far:
Got the metadata for the file and also its permissionId
{
"kind": "drive#file",
"id": "1pPGyU9XvliI4U8910uehkuQ-vuuRXEVD",
"name": "Die Hard (1988) 1080p BDRip Org DD 5.1 [Hindi + English] x264 ESubs.mkv",
"mimeType": "video/x-matroska",
"starred": false,
"trashed": false,
"explicitlyTrashed": false,
"spaces": [
"drive"
],
"version": "135",
"webContentLink": "https://drive.google.com/uc?id=1pPGyU9XvliI4U8910uehkuQ-vuuRXEVD&export=download",
"webViewLink": "https://drive.google.com/file/d/1pPGyU9XvliI4U8910uehkuQ-vuuRXEVD/view?usp=drivesdk",
"iconLink": "https://drive-thirdparty.googleusercontent.com/16/type/video/x-matroska",
"hasThumbnail": true,
"thumbnailLink": "https://lh3.googleusercontent.com/iVzSamm0mJK92lc16EW4TsFy8GZhcbKwUIzIwaGPtT9p2HV9bQl5SogR_nzb1zcihi5BZQ3qey0=s220",
"thumbnailVersion": "1",
"viewedByMe": true,
"viewedByMeTime": "2019-06-26T17:00:11.924Z",
"createdTime": "2018-05-16T09:54:34.010Z",
"modifiedTime": "2018-05-16T10:24:01.186Z",
"modifiedByMe": false,
"sharedWithMeTime": "2018-10-21T17:22:57.170Z",
"owners": [
{
"kind": "drive#user",
"displayName": "free ac",
"me": false,
"permissionId": "00202688946253680238",
"emailAddress": "freeac331#gmail.com"
}
],
"lastModifyingUser": {
"kind": "drive#user",
"displayName": "free ac",
"me": false,
"permissionId": "00202688946253680238",
"emailAddress": "freeac331#gmail.com"
},
"shared": true,
"ownedByMe": false,
"capabilities": {
"canAddChildren": false,
"canChangeCopyRequiresWriterPermission": false,
"canChangeViewersCanCopyContent": false,
"canComment": false,
"canCopy": true,
"canDelete": false,
"canDownload": true,
"canEdit": false,
"canListChildren": false,
"canMoveItemIntoTeamDrive": false,
"canMoveItemOutOfDrive": false,
"canReadRevisions": false,
"canRemoveChildren": false,
"canRename": false,
"canShare": false,
"canTrash": false,
"canUntrash": false
},
"viewersCanCopyContent": true,
"copyRequiresWriterPermission": false,
"writersCanShare": true,
"originalFilename": "Die Hard (1988) 1080p BDRip Org DD 5.1 [Hindi + English] x264 ESubs.mkv",
"fullFileExtension": "mkv",
"fileExtension": "mkv",
"md5Checksum": "7fdc6768744557159d790037c808c99c",
"size": "2565619212",
"quotaBytesUsed": "0",
"headRevisionId": "0B8kwukeDiZGLUHpUN0xXTllYRnRBbFZYMzNsbjFUK01jZ2tVPQ",
"videoMediaMetadata": {
"width": 1920,
"height": 800,
"durationMillis": "7929080"
},
"isAppAuthorized": false
}
And I tried to delete the permission
fileId: 1pPGyU9XvliI4U8910uehkuQ-vuuRXEVD
permissionId: 00202688946253680238
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file."
}
}
But can't remove the file from shared with me.
EDIT 1:
I am testing this with this
EDIT 2:
I am trying to do this but with the google drive api
You are getting an insufficientFilePermissions error because only the owner of the file can edit them. As you can see:
"ownedByMe": false,
Currently there is no way to remove the files from Shared Files via API, so the options are to ask the owner to stop sharing the file with you or to delete it via the Drive GUI.
EDIT:
It can be done, following these steps:
Get the ID of the file with Drive.list
Get the permissionID using the fileID by permissions.list
You will get two items with two PermissionIDs, copy the one from the item with the "shared with" email, not the owner email.
Delete the permission with permissions.delete using the fileID and
the PermissionID from step 3.
Related
I am trying to deploy a Cloud Function from a Cloud Source Repository placed in a different project, but getting the following error: Failed to retrieve function source code (see full proto below).
Project-A contains the cloud function and service accounts listed below.
Project-B contains the source repository.
I have successfully deployed the function on Project-B.
I've tried giving the following service accounts the Source Repository Administrator role on the cloud source repository, but that did not help.
{project_A_number}#cloudservices.gserviceaccount.com
{project_A_number}-compute#developer.gserviceaccount.com
{project_A_number}#cloudbuild.gserviceaccount.com
Project-A#appspot.gserviceaccount.com
I have also tried disabling the Cloud Functions API on Project-A and turning it back on again.
I am not sure what is going wrong - if anyone has a clue as to where to further look, I would appreciate it - thanks in advance!
The deployment creates two entries in monitoring - a NOTICE followed by an ERROR:
The ERROR log:
{
"protoPayload": {
"#type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 5,
"message": "Failed to retrieve function source code"
},
"authenticationInfo": {
"principalEmail": "***#***.**"
},
"serviceName": "cloudfunctions.googleapis.com",
"methodName": "google.cloud.functions.v1.CloudFunctionsService.UpdateFunction",
"resourceName": "projects/Project-A/locations/europe-west1/functions/pubsub-to-gcs"
},
"insertId": "-vmfbt4cd54",
"resource": {
"type": "cloud_function",
"labels": {
"function_name": "pubsub-to-gcs",
"region": "europe-west1",
"project_id": "Project-A"
}
},
"timestamp": "2021-10-20T12:21:45.352043Z",
"severity": "ERROR",
"logName": "projects/Project-A/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "operations/cm9ldHotbGlmZS1kYXRhLXRlc3QvZXVyb3BlLXdlc3QxL3B1YnN1Yi10by1nY3MvVEhFbUQtLTZITWM",
"producer": "cloudfunctions.googleapis.com",
"last": true
},
"receiveTimestamp": "2021-10-20T12:21:45.781856467Z"
}
The NOTICE log (logged right before the ERROR):
{
"protoPayload": {
"#type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "***#****.**"
},
"requestMetadata": {
"callerIp": "35.205.252.75",
"callerSuppliedUserAgent": "google-cloud-sdk gcloud/360.0.0 command/gcloud.functions.deploy invocation-id/917d697431e84b91bfa2bd9f9cc4f302 environment/devshell environment-version/None interactive/True from-script/False python/3.7.3 term/screen (Linux 5.4.144+),gzip(gfe),gzip(gfe)",
"requestAttributes": {
"time": "2021-10-20T12:21:44.909430Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "cloudfunctions.googleapis.com",
"methodName": "google.cloud.functions.v1.CloudFunctionsService.UpdateFunction",
"authorizationInfo": [
{
"resource": "projects/Project-A/locations/europe-west1/functions/pubsub-to-gcs",
"permission": "cloudfunctions.functions.update",
"granted": true,
"resourceAttributes": {}
}
],
"resourceName": "projects/Project-A/locations/europe-west1/functions/pubsub-to-gcs",
"request": {
"#type": "type.googleapis.com/google.cloud.functions.v1.UpdateFunctionRequest",
"function": {
"timeout": "60s",
"status": "UNKNOWN",
"serviceAccountEmail": "Project-A#appspot.gserviceaccount.com",
"availableMemoryMb": 256,
"name": "projects/Project-A/locations/europe-west1/functions/pubsub-to-gcs",
"runtime": "python39",
"labels": {
"deployment-tool": "cli-gcloud"
},
"entryPoint": "pubsub-to-gcs",
"updateTime": "2021-10-20T12:21:40.149Z",
"sourceRepository": {
"url": "https://source.developers.google.com/projects/Project-B/repos/my-repo/moveable-aliases/master/paths/my-folder"
},
"httpsTrigger": {},
"ingressSettings": "ALLOW_ALL",
"versionId": "1"
},
"updateMask": "eventTrigger,httpsTrigger,runtime,sourceRepository"
},
"resourceLocation": {
"currentLocations": [
"europe-west1"
]
}
},
"insertId": "1xdbim3e16pgu",
"resource": {
"type": "cloud_function",
"labels": {
"function_name": "pubsub-to-gcs",
"region": "europe-west1",
"project_id": "Project-A"
}
},
"timestamp": "2021-10-20T12:21:44.650257Z",
"severity": "NOTICE",
"logName": "projects/Project-A/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "operations/cm9ldHotbGlmZS1kYXRhLXRlc3QvZXVyb3BlLXdlc3QxL3B1YnN1Yi10by1nY3MvVEhFbUQtLTZITWM",
"producer": "cloudfunctions.googleapis.com",
"first": true
},
"receiveTimestamp": "2021-10-20T12:21:45.832588036Z"
}
Turns out it wasn't an IAM issue: I've tried deploying the function from the UI, but that's not possible when deploying from a source repo in a different project.
Deploying using gcloud function deploy solved the issue.
I am having a issue with applying a App Service Authentication to my Web App Slots.
The error i am receiving is the following:
"The template resource 'webapptest1a/authconfig' for type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[System.String]' at line '1' and column '8107' has incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name"
Here is my code, which i think is pretty much correct. I am finding it difficult to find references for Web App slots config. I have the Microsoft Documentation and i followed it, but no luck.
Here is my code:
{
"type": "Microsoft.Web/sites/slots/config",
"name": "[concat(parameters('webAppName'),'/authconfig')]",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[parameters('webAppName')]",
"[concat(parameters('sqlDatabase'), 'constr')]"
],
"properties": {
"enabled": true,
"runtimeVersion": "~1",
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": "AzureActiveDirectory",
"clientId": null,
"clientSecret": null,
"clientSecretCertificateThumbprint": null,
"issuer": null,
"allowedAudiences": [
"https://webapptest1a-staging.azurewebsites.net"
],
"additionalLoginParams": null,
"isAadAutoProvisioned": false,
"googleClientId": null,
"googleClientSecret": null,
"googleOAuthScopes": null,
"facebookAppId": null,
"facebookAppSecret": null,
"facebookOAuthScopes": [
""
],
"twitterConsumerKey": null,
"twitterConsumerSecret": null,
"microsoftAccountClientId": null,
"microsoftAccountClientSecret": null,
"microsoftAccountOAuthScopes": [
""
]
}
},
I am really concussed, i have tried many variants but i am not getting close.
I changed the name to few different variants then i was given different errors but in regards to the naming convention.
"name": "[concat(parameters('webAppName'), '/appsettings')]",
I also changed the Depends on twice from:
"[parameters('webAppName')]",
"[concat(parameters('sqlDatabase'), 'constr')]"
To:
"[concat('Microsoft.Web/sites/', parameters('webAppName'))]",
"[concat(parameters('sqlDatabase'), 'constr')]"
I am really stuck! Would love some guidance.
Thank you
As the error says that "A root level resource must have one less segment in the name than the resource type". Here you are passing the incorrect name for the resource. As the segment length of Type is 4, segment length of Name must be 3. So in the config name you must pass the slot name also something like below (You can change the slot name and config name according to your template)
[concat(parameters('webAppName'), '/staging/web')]
Please check the below example for reference:
{
"type": "Microsoft.Web/sites/slots/config",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('webAppName'), '/staging/web')]",
"location": "East US",
"dependsOn": [
"[resourceId('Microsoft.Web/sites/slots', parameters('webAppName'), 'staging')]",
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [
"Default.htm",
"Default.html",
"Default.asp",
"index.htm",
"index.html",
"iisstart.htm",
"default.aspx",
"index.php",
"hostingstart.html"
],
"netFrameworkVersion": "v4.0",
"requestTracingEnabled": false,
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "VS2019",
"httpLoggingEnabled": false,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": false,
"publishingUsername": "$mytestap345__staging",
"scmType": "None",
"use32BitWorkerProcess": true,
"webSocketsEnabled": false,
"alwaysOn": false,
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": false
}
],
"loadBalancing": "LeastRequests",
"experiments": {
"rampUpRules": []
},
"autoHealEnabled": false,
"localMySqlEnabled": false,
"ipSecurityRestrictions": [
{
"ipAddress": "Any",
"action": "Allow",
"priority": 1,
"name": "Allow all",
"description": "Allow all access"
}
],
"scmIpSecurityRestrictions": [
{
"ipAddress": "Any",
"action": "Allow",
"priority": 1,
"name": "Allow all",
"description": "Allow all access"
}
],
"scmIpSecurityRestrictionsUseMain": false,
"http20Enabled": false,
"minTlsVersion": "1.2",
"ftpsState": "AllAllowed",
"reservedInstanceCount": 0
}
}
If i export cookie from Chrome with "EditThisCookie" extension i see something like this:
{
"domain": ".youtube.com",
"expirationDate": 1599457462,
"hostOnly": false,
"httpOnly": false,
"name": "_ga",
"path": "/",
"sameSite": "no_restriction",
"secure": false,
"session": false,
"storeId": "0",
"value": "GA1.2.1666271553.1536385462",
"id": 1
}
and if i open Cookie databses (file Cookies in app folder) with DBExplorer, i see this:
expires_utc: 13243931062000000
How 13243931062000000 became 1599457462?
expires_utc is microseconds from 1601-01-01T00:00:00Z.
While expirationDate appears to be in Unix time, seconds from 1970-01-01T00:00:00Z.
You can find more information about expires_utc here.
I can't make FeathersJs work along RS256. I used the generator, but i receive
error: NotAuthenticated: error:0906D06C:PEM routines:PEM_read_bio:no start line when user logs in with correct JWT access token.
"authentication": {
"secret": "whateverSecret",
"strategies": [
"jwt"
],
"path": "/authentication",
"service": "users",
"jwt": {
"header": {
"typ": "access"
},
"audience": "https://yourdomain.com",
"subject": "anonymous",
"issuer": "feathers",
"algorithm": "RS256", //set to RS256
"expiresIn": "1d"
},
"auth0": {
"clientID": "myClientid",
"clientSecret": "myClientSecret",
"successRedirect": "/",
"domain": "myDomain.auth0.com",
"scopes": [
"profile"
]
},
"cookie": {
"enabled": true,
"name": "feathers-jwt",
"httpOnly": false,
"secure": false
}
}
and inside user.hooks.js is the default generator.
The RS256 requires quite a bit more configuration to work. This issue mentions to make sure that your private key (secret) is a valid certificate and contains the proper newlines.
You will also likely have to customize the JWT verifier to pass the public key as the signing secret when verifying the JWT.
When I look via web I have four files in "shared with me" folder: file1, file2, file3, fil4. I don`t own them (I can write/reade only). I tried get them with file.list method with parameter
q = 'not (myId) in owners'.
After that the results contain only one item of the four file1. When I do
q = 'not (myId) in owners' and title = 'file2'
After that the results contain only one item file2. Somebody can tell me why? Or how to list them in other way?
UPDATE. After some time "q = not 'me' in owner" returns empty array (. Below result of "q = not 'me' in owners and title = 'File Name'"
{
"kind": "drive#fileList",
"etag": "\"dTUgP0s1WO8T7wOSfuvve0A4d_k/7dZrNXLata7h1mdbx2RHkqdePEM\"",
"selfLink": "https://www.googleapis.com/drive/v2/files?q=not+'me'+in+owners+and+title+%3D+'File+Name'",
"items": [
{
"kind": "drive#file",
"id": "1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY",
"etag": "\"dTUgP0s1WO8T7wOSfuvve0A4d_k/MTM0MjE4MDUzNjUyNg\"",
"selfLink": "https://www.googleapis.com/drive/v2/files/1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY",
"alternateLink": "https://docs.google.com/a/readdle.com/document/d/1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY/edit",
"embedLink": "https://docs.google.com/a/readdle.com/document/d/1L8lfBYZHV59uUVpFspFdeW4Sa5JB7eo3CgPe59kpNCmY/preview",
"thumbnailLink": "https://docs.google.com/feeds/vt?gd=true&id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&v=270&s=AMedNnoAAAAAUE-eryR5NIqdEWR3A7bza730sDHhziBH&sz=s220",
"title": "File Name",
"mimeType": "application/vnd.google-apps.document",
"labels": {
"starred": false,
"hidden": false,
"trashed": false,
"restricted": false,
"viewed": true
},
"createdDate": "2012-03-19T08:37:26.636Z",
"modifiedDate": "2012-07-13T11:55:36.526Z",
"modifiedByMeDate": "2012-05-11T13:02:10.901Z",
"lastViewedByMeDate": "2012-09-04T14:44:32.193Z",
"sharedWithMeDate": "2012-05-11T10:15:44.221Z",
"parents": [
],
"exportLinks": {
"application/vnd.oasis.opendocument.text": "https://docs.google.com/feeds/download/documents/export/Export?id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&exportFormat=odt",
"application/msword": "https://docs.google.com/feeds/download/documents/export/Export?id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&exportFormat=doc",
"text/html": "https://docs.google.com/feeds/download/documents/export/Export?id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&exportFormat=html",
"application/rtf": "https://docs.google.com/feeds/download/documents/export/Export?id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&exportFormat=rtf",
"text/plain": "https://docs.google.com/feeds/download/documents/export/Export?id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&exportFormat=txt",
"application/pdf": "https://docs.google.com/feeds/download/documents/export/Export?id=1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY&exportFormat=pdf"
},
"userPermission": {
"kind": "drive#permission",
"etag": "\"dTUgP0s1WO8T7wOSfuvve0A4d_k/b2rD7cIZxsGVuxg2MbXoc17PSQU\"",
"id": "me",
"selfLink": "https://www.googleapis.com/drive/v2/files/1L8lfBYZHV59uUVpFspFdeW4SaJB7eo3CgPe59kpNCmY/permissions/me",
"role": "writer",
"type": "user"
},
"quotaBytesUsed": "0",
"ownerNames": [
"Owner Name"
],
"lastModifyingUserName": "Owner Name",
"editable": true,
"writersCanShare": true
}
]
}
q=sharedWithMe also should return all the shared with you list of files.
Is this a trick question? :-)
"When I do q = 'not (myId) in owners' and title = 'file2' After that the results contain only one item file2."
This is not exactly correct, you having created the file does not mean you are not an owner. The owner permission could have been added for you to the file.
The query should work:
q=not 'user#example.org' in owners
It looks like now everything is all right. I can see all shared with me files with q = not 'me' in owners. So the answer is "google did some work with their google drive api" )
Thanks to all who helped me to understand that