I am working on a project management application http://kerika.com where I am having following case, where I am not able to downgrade a user's role on a google-drive file from "writer" to "reader":
A project owned by user U1 is shared with user U2 with role "Team Member".
When a new document is attached to the card of the project, it is uploaded to the google-drive account of user U1. Let's call this file as F1. U1 becomes owner for F1 and it is shared with user U2 with "writer" role.
When U1 decides to downgrade user U2's role to visitor for kerika project :
Kerika internally need to update user U2's role for F1 on google-drive to "reader".
Here as a kerika developer it becomes hard to find the Permission object for the user U2 to modify its role as Permission object of GoogleDrive API doesn't provide information about user's email address. It provides information about user's name but not about email address.
I have also looked at the google-drive-sdk video at http://www.youtube.com/watch?v=Z2OIlwju8UM&list=PL0FA2818902D9D123&index=15.
Videos says that google-drive-api is not populating user's email address for security reason.
First thing is that, google-drive web version is showing other user's email address in share dialog box where security is not concerned?
If google developers have decided to not populating the email address then they should have some work-around this issue.
e.g.
When I want to change a user's role from "reader" to "write", I can insert a new permission record with role as "writer" and role is being updated properly.
But the same thing is not working when I update user's role from "writer" to "reader".
Does anyone has same problem and found a work around to solve it?
Thanks in advance for your help,
Chirag Moradiya
You should be using the update() or patch() method to modify an existing user's permissions to the file. Obviously, the difficulty here lies in identifying the correct permissionId for the user to modify.
You could try storing a table of permissionId to email address on your end but that assumes all permission changes are done within your app, not via the native Drive UI.
Your other option would be to have the end user identify which user's rights should be modified, help them choose by showing the name and picture that Drive API does give you.
Related
I am trying to find a user's name from their e-mail address. I thought I could use People.People.get as mentioned here but that requires knowing the user's account ID.
How can I get information about the user if I only know their e-mail?
And I don't think I can use the Directory API cause I don't have admin access.
You can use Admin Directory API to get user's details. While making the URL call, you need to specify a parameter in the request body which is (viewType:"domain_public"), so you will get the basic details of the user in your domain without having admin rights.
Reference Link : https://developers.google.com/admin-sdk/directory/v1/reference/users/get
I don't think you can do it without Admin Rights, on the link you mentioned you need the AccountId which can only be retrieved by having Admin Rights and Access to the Directory API (https://developers.google.com/admin-sdk/directory/v1/reference/users/get) which you mentioned tyou don't have access to.
You could ask to your Administrator to get an Admin Role https://support.google.com/a/answer/172176?hl=en to use the Admin SDK for complete your task, it will be easier for you. The other way I don't know how the contact sharing is setup in your organization because you should be able to check the information of the contact when sending an email or adding it to your contact list.
I hope this information can be of help. Greetings.
Is it possible to retrieve the list of users in a Google Apps Domain with a non-admin account?
Non-admin users can call users.list(viewType=domain_public) which offers the same amount of details that the users see in the domain contacts directory.
Depends on what you think an admin account is.
Long ago the user roles were just "regular" and "admin". Now you can choose from a fine-grained set of permissions and define a role name for them. "Superadmin" is now a built-in role that has every permission possible.
So, if you define a role which can retrieve the user list and assign it to a user I wouldn't call it an admin account.
You need to be a true admin to do that, though :)
As a complement to the other (excellent) answer, what I do in our domain is to create a full list of domain users in a spreadsheet with all necessary informations and run a script every night that updates the spreadsheet automatically. When I make a change (add or remove user) I can run the script manually to avoid temporary differences.
This script runs as "me" but any domain user has access to the list (I invite them to this shared doc when I create their account so it shows up in their drive/shared with me folder). With this solution I don't need to give special rights to any users.
I have to develop a web site where only registered and accepted members will have access to my GDrive space in specific personal folders I created, one folder for each member. I want all members to access their Gdrive folder from a login page in the web site.
I have a database where I store Username and Password from the registration process, and want to give permission to the folder associated to every members based on that username and password. The Gdrive Share process, as it is, is not working for my purpose.
You will need to use the Google Drive API.
I currently have an application that will search document acls and report back on any external sharing. Since the deprecation of the document list api I would like to covert this application to Google Drive but since the user email address is no longer present in the Permission object returned from Drive is there any way to detect these shares?
Thanks.
Match the username you get from the Owner field to the users in your directory using the profile api https://developers.google.com/google-apps/profiles/. If the user is not in the directory, the user is external.
I suggest you to use 'domain' field in permission to define if your document is shared with an external user or not. You have to campare this field with the domain that you own.
Thanks,
I have a web app in php mysql, I want to use one google drive account for my app.
Can I use my app's accounts instead of google users for privilages.
I read in SDK I can use service account to login without promting user, but I don't know how to share or give permissions files for custom users.
In api reference I found this:
"The user is not necessarily yet a Google user (e.g. if a file or folder is shared with an email address that does not yet have an associated Google account). Example: 1111459233037698895607".
How a custom user in my app should get a token for own privilages.
I am not exactly sure what you want to achieve here, but if you want to use your own permission system, you can't. You can, however, apply read/write/owner permissions to files to mirror your own permissions.
If I have totally got the wrong idea, please explain.