I've noticed the doclist api has become deprecated and I'm trying to transfer shared files from 1 user to another.
In Doclist(depricated):
https://developers.google.com/google-apps/documents-list/#using_google_apps_administrative_access_to_impersonate_other_domain_users
Example :
Employee A: Stopped working at the company.
Employee B: New owner of Employee A's files.
Employee C:Admin
I know the admin(User C) has a menu where he can transfer the ownership of the files from user A to user B. But this does not transfer the files that used to be shared with user A.
I would like to make an application wich transfers the files shared with user A and shares them to user C. This has to be done by the admin(user C).
I already know how to transfer the ownership if user A is logged on. But in most cases this is not possible.
*I would like to know if there's a way to get the files shared with user A to be shared with user B without authenticating user A?*
If files are shared with User A, it should be the owner or other editors that share the file with user B again. If user A is only reader on a file, user A can't re-share the file. Also if the owner of the file set the sharing permissions not to allow editors to share the file again, user A could not share the file.
The best way to resolve this would be by procedure:
If the files are shared using folders or groups, swap out user A for user B
If you can logon as user A, run a script to create a listing of all documents shared with A and share this listing with B and have B request access to the documents from the document owners.
The technical option to do this, which is quite nasty, is to write some code (i.e. in Java) that:
impersonates the user using a service account (some sample code here:
Google Drive service account returns 403 usageLimits),
get all the files
(https://developers.google.com/drive/v2/reference/files/list),
determine the owner
impersonate every owner to reshare the file with the user (https://developers.google.com/drive/v2/reference/permissions/update)
Related
How to test safely an app that reads and writes to Google Drive using the API?
I created an app that runs on a server, that basically copies a template google doc to another directory, and then edits this new file.
In order to do that I:
created a service account,
delegated domain-wide authority to this service account
(https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority),
Then the app impersonates a user of the domain (always the same user) to access the API resources.
This app works, but it has 2 problems:
the service account has access to too many things. Ideally, I'd like it to have RW access to one folder only,
I'd like to create test credentials that would have access to another specific folder only, or even better, another drive.
Thanks!
Drive does not have permissions based on folders. The closest you can get is by creating an additional Service Account and then share the folder(s) to that SA.
You can also change the sharing setting for just one organisational unit,doing that all the folders whose owners are part of that OU will be able to share it outside or your domain making that the SA have only access to those folders.
Participating Components:
(all in the same project)
Android App
Web App
Service Account
The users have authorized the app on their Android devices with Cross Client Identity:
oauth2:server:client_id:[web_app_id].apps.googleusercontent.com scopes ...
Flow:
Several users request the creation of the same file through the Android app ( a file for every user is not desired, see "Known workaround" )
A service account then creates that file ( service account is owner )
Service account shares that file (by link and explicit with users)
User authorized drive service / or service account that impersonates a user tries to copy that file to the user's Google Drive ( User has to be the owner of that copy in the end)
Error:
This fails with scope drive.file ( and also drive.readonly ):
Error Message:
The authenticated user has not granted the app [project_id] write access to the file [file_id]
(btw: why write access is needed with copy()? giving users write access to the file does not change this error)
Known workaround:
It works with full drive scope
( but: my app does not need to see files it has not created - so i want to avoid it)
Same result can also be achieved by re-inserting the file instead of copying it
(this overhead is important for my app though, cause same file might be requested by multiple users)
An explicit interaction with a file from a UI Picker or so will propably not work as the file will have to be created after requesting it. also i can't think of a way how to do that without decreasing usability of the Android app.
Expected result:
www.googleapis.com/auth/drive.file: Per-file access to files created or opened by the app
It seems to me this should be enough.
As the file is created/owned/shared by my app's service account.
and copied by my app on behalf of the user.
www.googleapis.com/auth/drive.readonly Allows read-only access to file metadata and file content
At least this one should work as it should give read access to all files which should be enough to copy a "shared with user" file created by an "authorized by user" app.
Question:
the Web Application and the Service Account are in the same project.
Can the Web Application act like a Service Account on behalf of a user? if so - i don't know how. Would that make a difference anyway?
This seems like a Bug to me in this special use case, as the same result can be achieved with a workaround. At least scope drive.readonly should allow my app to copy app owned files to the user's drive.
Making a copy through the plain Service Account and then changing the owner of that copy to the User would be another workaround, but that fails too.
I must be missing something simple.
Please guide me.
Thank you.
I had the same problem and resolved it using the drive.metadata in combination with the drive.file scopes. Related question
I am working on integrating my application with Box. I am providing a way for a user to send files to the server, and the server will upload to a managed enterprise Box account.
I would like to support users who already have a file in Box so that they can select a file from their Box account and transfer it to the server's Box account. I can do this by having the user download the file, upload it to the server, and having the server upload it to its Box account.
It seems silly to download and re-upload the file. Is there a way to simply copy the file from the user account to the server's account (with the user's approval)?
So let's say you have user A and user B. If you want to copy a file from user A's "outbox" folder to user B's "inbox" folder. You can do it one of two ways.
Either user B can make user A a collaborator with Editor access to the "inbox" folder. Then from user A's account they can do the copy API (POST /files//copy documentation here) and "push" the file into B's inbox.
Or
Via a "pull" model. User A can give user B access to their "outbox" folder, and user B can run the copy API, and copy the content to their "inbox" folder.
I have to develop a web site where only registered and accepted members will have access to my GDrive space in specific personal folders I created, one folder for each member. I want all members to access their Gdrive folder from a login page in the web site.
I have a database where I store Username and Password from the registration process, and want to give permission to the folder associated to every members based on that username and password. The Gdrive Share process, as it is, is not working for my purpose.
You will need to use the Google Drive API.
We have a google corporate account and need to transfer ALL of a user's google drive files to another account in certain instances. We want to do what is described at the following link for "all files" but programatically via the latest Drive API http://support.google.com/a/bin/answer.py?hl=en&answer=1247799
We are currently using the following API version(s) below, coupled with domain wide authority delegation as described at https://developers.google.com/drive/delegation and are able to see a user's files, iterate over them etc.
google-api-services-drive 1.14.2-beta
google-api-client 1.14.1-beta
My question is this: it appears that the only way to change permissions is by fileId by fileId etc. Instead of having to traverse and iterate over an entire set of user's files, if we just want to transfer ALL of a user's files to another particular user: is there a way in the API to do this (ownership transfer for ALL files) rather than individual requests file/by file?
Also when transferring ownershisp, must the transferee be in the same #domain or can it be another #domain we manage? I read somewhere that you can only transfer to owners in the same domain. Does this still hold true? For instance we manage #myCompany.com and have our corporate account registered under that, however that shell account has several sub-domains within it. We would like to transfer files from users in the sub-domains to a central user in the #myCompany domain.
You need to change permissions file by file, there is no updateAll type of functionality at the moment.
You cant transfer the ownership to another domain's user. Ownership can only be transferred to another user in the same domain as the current owner.
This answer doesn't directly answer your question, but it could be helpful for both you and future visitors.
As of now, you can mass transfer files to new users with Google's new Admin console. It doesn't let you filter for specific folders, but it does allow you to transfer all of one user's Drive files to a second user.
I know you were trying to create something which uses the API to iterate through folders and files, and you probably have a very specific use-case in mind. However, in the case where you have employees leaving, or you need to transfer everything, using the following method is fast and simple.
Open the Google Admin console
Go to Google Apps > Drive
Click on "Transfer ownership"
Fill out both user fields and submit
This process will even email both users once the process is completed.
You can do this with a single call to the Data Transfer API
Exactly what is needed but only with API!
Open the Google Admin console
Go to Google Apps > Drive
Click on "Transfer ownership"
Fill out both user fields and submit
This process will even email both users once the process is completed.
If this is not possible via API calls, then there is no point deleting a user using API.