I'm currently in the progress of migrating from the Documents List API to the Drive SDK. I had a function to check file/folder permissions of a user (per e-mail address), so I could see what rights a certain user has on a file/folder.
I think I can see why e-mail addresses are hidden from the permissions feed but is there also no 'get' function for permissions where e-mail addresses can be used as input?
The permissions of the current user are in the file resource as:
"userPermission": {
"kind": "drive#permission",
"etag": etag,
"role": string,
"additionalRoles": [
string
],
"type": string
},
Related
I call the Drive API Files:list method and request for the permissions field.
I notice a strange behavior; for some calls, I receive the following permission:
{
"kind": "drive#permission",
"id": "anyoneWithLink",
"type": "anyone",
"role": "reader",
"allowFileDiscovery": false
}
​But when I try to access the file associated with this permission, I get to the "Request Access" screen.
From the documentation, it seems like anyoneWithLink means the file should be publicly accessible.
What am I missing? What other information do I need to look at in order to know if the file is publicly accessible or not?
I am trying to add collaborators through Box API, but when I am adding a user group, the api request return status 403: Forbidden.
Here is the request attributes i'm passing:
{"item": { "id": "3907701373", "type": "folder"}, "accessible_by": {"id": "400235","type":"group"}, "role": "viewer"}
And it returns me this error:
Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."
The documentation for Create Collaboration states that:
Errors may occur if the IDs are invalid or if the user does not have permissions to create a collaboration.
Are you able to create a collaboration with a regular user on that folder?
Follow-Up
I think the problem could be due to one, or possibly both, of the following:
Box recently introduced the Group Admin, which has permissions to "add existing users to their groups, create new users that will be assigned to their groups, and assign folder access to their groups." You may need to have those permissions in order to manage group collaborations.
Your may need to enable the Manage an Enterprise scope for your application, under OAuth2 Parameters > Scopes. If (1) above is true then your app most likely requires elevated, enterprise privileges.
I have a user's Gmail e-mail address and I need to get his or her Google+ ID to get additional information about him or her, like name, and so on. Is there a way to do this using the Google APIs?
There is no publicly available API to identify the Google+ profile associated with an email address. There is an existing feature request you should star if you are interested in such an API.
Tricky, but works.
If you have a G Suite Domain (aka Google Apps) you can create a new group with emails addreses and call Members method.Groups API response contains user ID.
https://developers.google.com/admin-sdk/directory/v1/reference/members/list
Response looks like :
{
"kind": "admin#directory#members",
"etag": etag,
"members": [
**members Resource**
],
"nextPageToken": string
}
Where members rersource looks like :
{
"kind": "admin#directory#member",
"etag": etag,
"id": string,
"email": string,
"role": string,
"type": string
}
id is the Google+ Profile id, later you can use Google+ API with people method.
Google plus
login to your gmail account then Put that gmail-email address to search option.
If that user is on Google plus then you will able to see his/her profile.
If you want to create new one with specific format for you then you can get it after making few friend on it.
Google will notify you when you will pass the position.
you can create your own customized profile in it.
Not exactly from the email address itself, but if you have a JWT token you can get the information from that. The id is one of the claims in the token. So if you have a server that uses Google issued JWT tokens, decode the token. Here's a website to view the token information: https://jwt.ms/
i wrote a project that work well with upload and download objects to/from Google Cloud Storage. I'm able to retrieve the content, the stream, the metadata, but when i get the 'mediaLink' of an object and paste it to the browser, i got this error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
the format of mediaLink URL is shown here:
https://content.googleapis.com/storage/v1/b/bucketname/o/folder%2Finsidefolder%2Fexample.txt
I'm authenticated in my website by the OAuth 2.0 flow, and all the objects uploaded on GCS are with a custom AccessControlList which i decided to set into "allAuthenticatedUsers" in order to give access only to user that are authenticated with my website.
Could anyone help me to solve this issue? Thank you so much
The media link is not inherently authorized. You need to authorize a download using the media link in the same way you'd authorize any other request: by including an appropriate "Authorization" header.
Without providing read permission to "AllUsers", the media link will not work in a web browser.
Also, "AllAuthenticatedUsers" does not mean users that are authenticated with your website. It means "anybody with any Google account."
I have two users: admin#example.com ("Admin") and user#example.com ("User").
"Admin" owns a Google Drive folder (let's say the fileId of the folder is "F1234"). "User" is a member of a Google Group which has read-only ("Viewer") access to the folder.
In the Google Drive Web interface, "User" can open the folder F1234, and "User" can click on the "star" button to put the folder in the "Starred" list. So far, so good.
Now I want to write an application which sets the folder as starred. So, I log in as "User" and I go to the Google Drive API Explorer (https://developers.google.com/drive/v2/reference/files/patch) and I give the API explorer the OAuth token to execute requests on behalf of "User". I send a "patch" request to set the folder as "starred":
PATCH https://www.googleapis.com/drive/v2/files/F1234?fields=labels%2Fstarred&key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxx
X-JavaScript-User-Agent: Google APIs Explorer
{
"labels": {
"starred": true
}
}
But this request fails, with a "permission denied" type of error:
403 Forbidden
{
"error": {
"errors": [
{
"domain": "global",
"reason": "userAccess",
"message": "The authenticated user does not have the required access to the file F1234",
"locationType": "header",
"location": "Authorization"
}
],
"code": 403,
"message": "The authenticated user does not have the required access to the file F1234"
}
}
I checked that this very same request works fine with a folder owned by "User", or with a folder not owned by User but where "User" has read-write access. So it really looks like the request fails because of the read-only permission, but this is not consistent with the behavior of the UI ("starring" a file is not a modification, so it should not require write access).
Am I missing something or is this a Google Drive API bug ?
This behavior has been reproduced.
I will report this for you.
Sorry for inconvenience.