Permission to run a site-script - google-apps-script

In my organizzation, I created an internal site with a script callable from different pages inside that reads / writes data from various spreadsheets and send mail.
For testing, I shared the site and documents with a my colleague but he can't run the scripts because appears page to request permission:
"... This script is Requesting permission to do potentially harmful operations. Only authorize the script if you truly trust the author!"
if my colleague click on "authorize" nothing happens.
I give to my colleague the link of the script (not the page that embeds the script), clicking on "authorize" he received a long email from google where it is explained that authorized the execution of the script but instead continues to not work ..
The one way to allow the execution of script is to run the script directly from the editor to grant permissions.
I can't do it for other colleagues!!!
I'm really unhappy about this. I worked a lot on the script but now I realize that I can't do it to my colleagues for another google's big bug.

I have a script that uses also spreadsheet and mail service and I have not any difficulties with authorizations ...(after the red screen is approved user have full access to the app)
Are you sure there is not something else that could prevent your script to work with other users ? A document that is not shared or a call to an external api or whatever ? All I can say is that the current procedure is far more convenient than it used to be a few month ago and that I see not bug on that just now...

In my experience with scripts in spreadsheets, new users have to run the script, authorize it, and run it again.

Related

Where can i see the analytics of an Google App Script Deployment?

I created a small app on top of a spreadsheet (with GAS and HTML, CSS) and I deployed it.
Users can access to it without having to enter in the spreadsheet.
It works really well but i'm not able to see even the basic analytics (for eg. the number of viewers)
Thanks
Go to the project overview page. In the Google Apps Script web IDE, on the lefmost sidepanel click on Overview.
Also, if you have starred your project, go to https://script.google.com/home/starred
Rather than "viewers" you will see "users". If you have set your web-app as execute as you by anyone even anonymous, you will see only one user, you, as this page show the users that exectuted the scripts like the doGet function and the server-side functions called through google.script.run.
Note: https://script.google.com keep execution logs for the last 7 days. If you need to keep the logs longer you have to use another place to keep these logs, i.e. Cloud Logging (requires a Google Cloud standard project), Google Sheets spreadsheet.
Resources
https://developers.google.com/apps-script/guides/logging
Related
Effective way to debug a Google Apps Script Web App

How to re-authorize Google Apps Scripts after password reset?

I wrote a script that uses a service account and OAuth2 for Apps Scripts to disable auto-forwarding and enable IMAP on a domain user's gmail settings. The script works.
However, when I change the user's password. It stops working and gives me response code 401.
From other other question, suggested that I re-authorize the scripts. Reauthorize permissions to Google apps script after password change
How do you manually re-authorize the script?
I see the user's "access_token" for the Gmail API in the Script properties but not sure how to change it.
Normally a service account is independent of the user changing their password. This has always been one of the key points of service accounts and Oauth2 even if the user changes their password you will still have access.
However this no longer works for some of the Google apis. Gmail is one if them if the user changes their password then the access token and the Oauth2 refresh token will no longer work until the user reauthenticates the application.
I have a couple of super-simple projects, each one is just one file a few lines long, so my guess if yours is more complicated is you should probably open whichever file gets executed on triggers or whatever).
Anyway after I changed the password on my Google account those scripts kept failing. What worked for me was:
Go to the Google Apps Script homepage
For whatever projects are failing, open the project and then open the main/only source code file (depends on if your scripts are more complicated than mine)
In the editor, just click Run at the top. That should trigger an OAuth request saying it needs permissions for your account blah blah blah. Obviously, give it access.
Either sit back with beverage of choice (if it works now) or bash head against keyboard (if it didn't fix it).
I have no idea if you'd have to run other script files in the editor, but can't hurt, right? Unless your script is designed to hurt.

Google Forms with script transfer of ownership still runs script as previous user

I made a google script in a spreadsheet that responds on form submit. It modifies the files, makes a pdf and emails that pdf to specific people. This was made for someone else and then I transferred ownership. However, the edits to those files and emails sent, still appear under my email. How do I completely transfer the folders and everything in them a different user on the same domain so that they are the ones sending emails and modifying files?
You need to go into the script and add a function that calls ScriptApp.invalidateAuth https://developers.google.com/apps-script/reference/script/script-app#invalidateAuth() then call any function like doGet using the new account to reauthenticate
How do I completely transfer the folders and everything in them a different user on the same domain
When you transferred ownership of your files & folders, everything in them did get transferred.
... so that they are the ones sending emails and modifying files?
However, the TRIGGERS that you had set up previously belong to your account, not to the associated scripts.
You have a couple of options for stopping those triggers from running as you.
Disable specific installable triggers.
If you still have access to the offending script, open it in script editor, go to resources > Current project's triggers, and disable the triggers. Done.
If you don't have access to the script anymore, open the script editor on any of your scripts, go to resources > All your triggers, and disable the triggers if you can identify them. This can be challenging if you use the same names for trigger functions in multiple scripts, as there is no indication here of which script they came from.
De-authorize the offending script.
As Zig's answer describes, if you still have access to the offending script, you can add a function to revoke authorization, and run it from your account.
Alternatively, you can see all scripts that you have authorized, and revoke access directly. Go to your Account Settings page, and select "View all" under Connected apps and services, or use this link.
Select the offending script, then click "Revoke access". Done!
To get the script running under the new owner's account, you need to repeat whatever steps set it up for you, including authorization from their account.

Using Google Script in shared, restricted spreadsheets

I wrote a script for a google spreadheet which is run by clicking on an image embedded in the spreadsheet.
Everybody with the link to the spreadsheet can edit it (except some areas with formulas etc. which are protected).
When I'm logged in with my google account, everything works fine, but when I log out and try using the spreadsheet like a "normal" user, nothing happens when I hit the image.
I didn't find anything in the options regarding "script sharing" etc.
Would be awesome if someone could give me a hint (I'm quite new to google script...).
Thanks for your answers!
Vincent
Anonymous users can't run scripts. By design. Protected ranges, sharing and all the rest of it have nothing to do with your problem.
The user - whoever they happen to be - must be logged in to run any script. Scripts will simply be ignored for anonymous users.
So the solution in your case is to tell all your users that they must log in before being able to run a script.

Google Apps Script Authorization gets lost when changing Script - Upgrade path?

I have been working quite a lot with Google Apps Script lately, but there is one thing that still is very unclear to me and the docs do not hint about it at all:
When publishing a script as a WebApp (access: Anyone, as: User accessing the WebApp) and asking for permissions (e.g. GMailApp access, UserProperties and Trigger) and then afterwards changing that script (but not asking for any additional permissions, just changing code) and publishing it again, it seems as if triggers being run by Scripts priorly authorized by users lose their authorization (e.g. the user gets an email with a failure message: Authorization is required to perform that action. from that script).
I read about libraries being independent based on their version, but accessing GMailApp from within a library or a Trigger within a library is not possible as it needs the active user? Is there any way around this? What is the suggested upgrade path, e.g. how can I make (code) changes to the script without making it fail for existing users?
Some services - gmailApp and mailApp for sure- are considered as sensitive matters by Google and therefor any modification in the code, even a very minor change, implies a renewal of the authorization. I can't remember exactly right now where I read that info but I'm pretty sure I read it (!) and I saw it also as a Googler answer somewhere in this forum. Forgive me for not being accurate concerning references.
Anyway ... that explains why you have these authorization issues with your script and AFAIK there is no way to avoid this process.
That said, your users should get an authorization screen, not an error message for services that they use in your app.
If you use triggers in your app (that you set yourself of course) then you should run these functions yourself manually to pass the authorization since the triggers are executed under the authority of the one that creates them, no matter how your webapp is published.
I hope I'm clear enough, if not refer to the doc about installable triggers and this doc also.