After copying a file with a service account, I add a permission of "writer" to a user in the same domain to the copied file and redirect the user to the file's resource "alternateLink".
since a few days ago the user gets the following message "You need permission"
This happens consistently.
refreshing the page grants access to the file.
Is there any way to insure the file is ready for editing by the user before redirecting them? I tried to get the file again with the user's authorization and check it is editable, but that only results in false positives.
Edit: the problem is no longer consistent, I will try suggested answers as if and when it returns.
Your Drive account might take some time to process the calls from the API. With that said, you can rely on the following methods to verify the user's permissions:
You can rely on the "list" function of Drive API, for the Permissions resource.
Within the response from the API, there is the "Items" property, which in turn will show the detailed information about the users for a particular file.
You can find more information in the following reference: https://developers.google.com/drive/v2/reference/permissions/list
If you have access to the user's account, then you could rely on the "Files" resource, using the "get" method for a particular file.
Reference: https://developers.google.com/drive/v2/reference/files/get
One solution that i implemented is setting some safe amount of delay , say 30 seconds using timertask
Related
Is it possible to have compound permissions on files? For example, I'd like User A to have writer access until a set date, then after that date they can only comment (or view) the file. Right now as I'm testing on my personal files, the API explorer doesn't show all the permissions I have set.
Directly though the API you can set the roll and type of access each user has your application would have to remove it after said date.
You could try reading the documentation: Permissions: create
Have a look on the expirationTime field in the permission resource
https://developers.google.com/drive/v3/reference/permissions
You can create a permission, that will expire at the defined moment.
So for your task, you can create two permissions one for reading and commenting without expiration time, and another for writing with expiration time.
I am using the Permissions: get endpoint to check if the user has permission the document.
while i am using this endpoint i came across strange behaviour. it was like this as i need to find out if a given user has permission to edit a given document.
1) if the document directly shared edit permission for that user the above endpoint gives me the correct permission object.
2) if the document is shared with the domain privileges (Anyone at who has the link can edit) . In this case every time it gives me a error response.
My view in this case in the google document view even its the domain level share permission or user level share permission the user get the correct set of workflow. But to check these permission levels from the API endpoints does not works as expected.
Is this a known issue? Is their a another way to check the file permission if it shared under the domain level?
Thanks
Given the fact that there is some missing information (i.e. error message, code snippet, screenshots etc.), I'll make an attempt to answer your question here :)
To check for the file permission, it can be achieved in the following ways:
via Drive API
The Permissions.get resource would be ideal for checking the
permission for a user or domain. You may also try using the
Permissions.list, which would lists all file's permissions.
Google Drive UI
Right click on the file, select "Share..."
Click Advanced
With that being said, I noticed in my testing, if the file (doc) is shared under the domain level and you are not performing this under the same domain, both the view and API resource will return an error response. I suggest making sure when you're calling through the API you're using the appropriate domain user. Hope this helps and Good luck!
The Permissions.Get operation can tell if you a file was shared directly to a user, but it can't tell you if a user has access to the file via a group permission, domain permission, or anyone permission.
Using a Permissions.List operation you might be able to tell if the file is shared to anyone or if it's shared to the user's domain (based on, for example, the user's email address).
If I specify access_type=offline in the auth url and a user attempts to auth a second time I get a box that says it is asking for offline access.
I would have expected it to be already authorised and so not require additional permissions
Any ideas?
Edit:
A bit more info. The first time around it makes no mention to the user of needing offline access. I would have thought the offline permission to be mentioned in the original auth anyway.
Edit 2:
Some more info on my use case. It is possible in our system for a person to have two accounts but then use the same google drive account. This means that we have no way of knowing that user has already authorized with google and so have to present the authorization again for the second user.
The first time around (for user 1) you are told that the app is asking for :
View and manage Google Drive files that you have opened or created
with this app
View and manage the files and documents in your Google
Drive
The second time around (for user 2) you are told the app is asking to:
Have offline access
This seems wrong to me.
As an aside:
The whole "have offline access" statement is very confusing for a user and also quite misleading. Most people assume this means the app can read the contents of your pc. In fact it means that the app can authenticate with your account with out you being there (i.e. using a refresh token).
I am not sure if I am experiencing bugs or if I am doing something wrong. I am developing an app that allows users to create and share a folder on their Google Drive so they can collaborate on the contents of the folder. The folder is created at the root of the user's Google Drive and initially contains a couple of files and one sub-folder with more files.
The first issue is that after inserting a new permission on the main folder, the permission will usually propagate down to all the files and sub-folders, but sometimes it fails to insert the permission on one of the files in the sub directory. Is this feature of propagating permissions to sub-directories something that is officially supported or am i suppose to insert a permission into all the files separately?
The second issue I am experiencing involves the use of the File's userPermission property to check if the role of the current user has changed. It seems that the userPermission property sometimes contains the permission of a recent user and not the current user. The feature I am trying to implement is the ability for a user with whom a folder was shared to check periodically if their permission role has changed. For example has the users permission role changed from "reader" to "writer" or vice-versa. This usually works by listing the folder with the fileId and checking the role property of the userPermission property of the file. However if I am testing this feature with both the user who shares and the user with whom it is shared working within the same client, the get file result will often list the userPermission as the last one to access the file and not the current user. I have tested if this was because I was using the wrong oauth information in the request header but I have ruled this possibility out, the oauth headers are correct for each separate call to get file. I added a test call to about witch lists the users permissionId, just before a call to get file to confirm who the authorized user is. Sill the userPermission with the "me" name appears for the wrong user.
The workaround I have found is to use list files which returns the file in the list with the correct userPermission.
In the reference located at https://developers.google.com/drive/v2/reference/files#resource for the description of the userPermission property is "The permissions for the authenticated user on this file."
I am wrong to interpret this to mean the userPermission will always show the role of the current user? And if it is showing the wrong permission, what could be the cause??
userPermission and me represents the current authenticated user, if it's showing the wrong permission you're authenticating the user with the wrong token.
the permission will usually propagate down to all the files and sub-folders
This case may not be true for sub folders and files with their own explicit permissions.
With regard to the first problem, which was that after sharing a folder, only one of its contents would consistently not get shared, I have discovered the cause. The file that was not getting shared is actually a Fusion Tables file and in my script, immediately after inserting the permission, a call is made to insert a new row into the Fusion table file which seems to prevent the permission from being added to that file at that time, or ever. So the workaround I found is to wait a couple of seconds after making the insert permission call, then check that the permission is already in place using a list permission call before calling the Fusion Tables query.
Now with regard to the second problem, this is probably a bug of some sort since I confirmed that I am using the correct oauth token, and by the fact that the workaround I have found works, which is to use a call to list file instead of get file. The only difference is that the file name or other query parameter is required to make the call in addition to the file id. In my case the file object returned with the list file will always contain the correct values in the userPermission field whereas with get file, the userPermission will sometimes contain information for an other user.
We have a google corporate account and need to transfer ALL of a user's google drive files to another account in certain instances. We want to do what is described at the following link for "all files" but programatically via the latest Drive API http://support.google.com/a/bin/answer.py?hl=en&answer=1247799
We are currently using the following API version(s) below, coupled with domain wide authority delegation as described at https://developers.google.com/drive/delegation and are able to see a user's files, iterate over them etc.
google-api-services-drive 1.14.2-beta
google-api-client 1.14.1-beta
My question is this: it appears that the only way to change permissions is by fileId by fileId etc. Instead of having to traverse and iterate over an entire set of user's files, if we just want to transfer ALL of a user's files to another particular user: is there a way in the API to do this (ownership transfer for ALL files) rather than individual requests file/by file?
Also when transferring ownershisp, must the transferee be in the same #domain or can it be another #domain we manage? I read somewhere that you can only transfer to owners in the same domain. Does this still hold true? For instance we manage #myCompany.com and have our corporate account registered under that, however that shell account has several sub-domains within it. We would like to transfer files from users in the sub-domains to a central user in the #myCompany domain.
You need to change permissions file by file, there is no updateAll type of functionality at the moment.
You cant transfer the ownership to another domain's user. Ownership can only be transferred to another user in the same domain as the current owner.
This answer doesn't directly answer your question, but it could be helpful for both you and future visitors.
As of now, you can mass transfer files to new users with Google's new Admin console. It doesn't let you filter for specific folders, but it does allow you to transfer all of one user's Drive files to a second user.
I know you were trying to create something which uses the API to iterate through folders and files, and you probably have a very specific use-case in mind. However, in the case where you have employees leaving, or you need to transfer everything, using the following method is fast and simple.
Open the Google Admin console
Go to Google Apps > Drive
Click on "Transfer ownership"
Fill out both user fields and submit
This process will even email both users once the process is completed.
You can do this with a single call to the Data Transfer API
Exactly what is needed but only with API!
Open the Google Admin console
Go to Google Apps > Drive
Click on "Transfer ownership"
Fill out both user fields and submit
This process will even email both users once the process is completed.
If this is not possible via API calls, then there is no point deleting a user using API.