The new version 2 API introduce methods to access permissions. Apps can create, delete, modify and read one permission but why the get method does't return the value property which limits what apps can do with permissions ? The JavaScript embeddable sharing component is a solution for some use cases but not for all.
The value property is omitted in order to preserve privacy. A user that can read the permissions on a file should not be able to see the email addresses of all the other users with permissions.
You should use the permission id, which can be found with the about method as the about resource, and is:
The current user's ID as visible in the permissions collection.
Related
I am using the Permissions: get endpoint to check if the user has permission the document.
while i am using this endpoint i came across strange behaviour. it was like this as i need to find out if a given user has permission to edit a given document.
1) if the document directly shared edit permission for that user the above endpoint gives me the correct permission object.
2) if the document is shared with the domain privileges (Anyone at who has the link can edit) . In this case every time it gives me a error response.
My view in this case in the google document view even its the domain level share permission or user level share permission the user get the correct set of workflow. But to check these permission levels from the API endpoints does not works as expected.
Is this a known issue? Is their a another way to check the file permission if it shared under the domain level?
Thanks
Given the fact that there is some missing information (i.e. error message, code snippet, screenshots etc.), I'll make an attempt to answer your question here :)
To check for the file permission, it can be achieved in the following ways:
via Drive API
The Permissions.get resource would be ideal for checking the
permission for a user or domain. You may also try using the
Permissions.list, which would lists all file's permissions.
Google Drive UI
Right click on the file, select "Share..."
Click Advanced
With that being said, I noticed in my testing, if the file (doc) is shared under the domain level and you are not performing this under the same domain, both the view and API resource will return an error response. I suggest making sure when you're calling through the API you're using the appropriate domain user. Hope this helps and Good luck!
The Permissions.Get operation can tell if you a file was shared directly to a user, but it can't tell you if a user has access to the file via a group permission, domain permission, or anyone permission.
Using a Permissions.List operation you might be able to tell if the file is shared to anyone or if it's shared to the user's domain (based on, for example, the user's email address).
If a user has readonly or comment only access to a document, is there a way to check which of these permission does the user has using that user's credentials?
I tried https://developers.google.com/drive/v2/reference/permissions/list api using credentials of a user who has read access to a document, and then crendentials for a user who has comment only permissions and the reponse from the server was identical. Both times, the response only had an entry for the owner and no other entries. There was no other data either to indicate what type of access does the user who made the request has.
I have also tried https://developers.google.com/drive/v2/reference/files/get api. This api has a flag editable which is false when the user doesn't have write access. However, it doesn't seem to have any info to figure out if user has comment access or read access.
The permissions resource returned by the permissions api will have "commenter" as an "additionalRoles" for that user.
After copying a file with a service account, I add a permission of "writer" to a user in the same domain to the copied file and redirect the user to the file's resource "alternateLink".
since a few days ago the user gets the following message "You need permission"
This happens consistently.
refreshing the page grants access to the file.
Is there any way to insure the file is ready for editing by the user before redirecting them? I tried to get the file again with the user's authorization and check it is editable, but that only results in false positives.
Edit: the problem is no longer consistent, I will try suggested answers as if and when it returns.
Your Drive account might take some time to process the calls from the API. With that said, you can rely on the following methods to verify the user's permissions:
You can rely on the "list" function of Drive API, for the Permissions resource.
Within the response from the API, there is the "Items" property, which in turn will show the detailed information about the users for a particular file.
You can find more information in the following reference: https://developers.google.com/drive/v2/reference/permissions/list
If you have access to the user's account, then you could rely on the "Files" resource, using the "get" method for a particular file.
Reference: https://developers.google.com/drive/v2/reference/files/get
One solution that i implemented is setting some safe amount of delay , say 30 seconds using timertask
I am not sure if I am experiencing bugs or if I am doing something wrong. I am developing an app that allows users to create and share a folder on their Google Drive so they can collaborate on the contents of the folder. The folder is created at the root of the user's Google Drive and initially contains a couple of files and one sub-folder with more files.
The first issue is that after inserting a new permission on the main folder, the permission will usually propagate down to all the files and sub-folders, but sometimes it fails to insert the permission on one of the files in the sub directory. Is this feature of propagating permissions to sub-directories something that is officially supported or am i suppose to insert a permission into all the files separately?
The second issue I am experiencing involves the use of the File's userPermission property to check if the role of the current user has changed. It seems that the userPermission property sometimes contains the permission of a recent user and not the current user. The feature I am trying to implement is the ability for a user with whom a folder was shared to check periodically if their permission role has changed. For example has the users permission role changed from "reader" to "writer" or vice-versa. This usually works by listing the folder with the fileId and checking the role property of the userPermission property of the file. However if I am testing this feature with both the user who shares and the user with whom it is shared working within the same client, the get file result will often list the userPermission as the last one to access the file and not the current user. I have tested if this was because I was using the wrong oauth information in the request header but I have ruled this possibility out, the oauth headers are correct for each separate call to get file. I added a test call to about witch lists the users permissionId, just before a call to get file to confirm who the authorized user is. Sill the userPermission with the "me" name appears for the wrong user.
The workaround I have found is to use list files which returns the file in the list with the correct userPermission.
In the reference located at https://developers.google.com/drive/v2/reference/files#resource for the description of the userPermission property is "The permissions for the authenticated user on this file."
I am wrong to interpret this to mean the userPermission will always show the role of the current user? And if it is showing the wrong permission, what could be the cause??
userPermission and me represents the current authenticated user, if it's showing the wrong permission you're authenticating the user with the wrong token.
the permission will usually propagate down to all the files and sub-folders
This case may not be true for sub folders and files with their own explicit permissions.
With regard to the first problem, which was that after sharing a folder, only one of its contents would consistently not get shared, I have discovered the cause. The file that was not getting shared is actually a Fusion Tables file and in my script, immediately after inserting the permission, a call is made to insert a new row into the Fusion table file which seems to prevent the permission from being added to that file at that time, or ever. So the workaround I found is to wait a couple of seconds after making the insert permission call, then check that the permission is already in place using a list permission call before calling the Fusion Tables query.
Now with regard to the second problem, this is probably a bug of some sort since I confirmed that I am using the correct oauth token, and by the fact that the workaround I have found works, which is to use a call to list file instead of get file. The only difference is that the file name or other query parameter is required to make the call in addition to the file id. In my case the file object returned with the list file will always contain the correct values in the userPermission field whereas with get file, the userPermission will sometimes contain information for an other user.
I currently have an application that will search document acls and report back on any external sharing. Since the deprecation of the document list api I would like to covert this application to Google Drive but since the user email address is no longer present in the Permission object returned from Drive is there any way to detect these shares?
Thanks.
Match the username you get from the Owner field to the users in your directory using the profile api https://developers.google.com/google-apps/profiles/. If the user is not in the directory, the user is external.
I suggest you to use 'domain' field in permission to define if your document is shared with an external user or not. You have to campare this field with the domain that you own.
Thanks,