I am using google drive api v3. I can login using this api and can view and search all the folders in my drive. But I am not able to create a folder in my drive using the drive api. It shows error of "code:403 - Insufficient Permission".
My Code:
$fileMetadata = new Google_Service_Drive_DriveFile(array(
'title' => 'Invoices',
'mimeType' => 'application/vnd.google-apps.folder'));
$file = $drive->files->create($fileMetadata, array(
'mimeType' => 'application/vnd.google-apps.folder'));
printf("Folder ID: %s\n", $file->id);
Error:
Fatal error: Uncaught Google_Service_Exception: { "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } }
Please help me with this...
It means that you don't have write access to the file and the app is trying to modify that file.
Here is a reference of your error.
Suggested action: Report to the user that there is a need to ask for
those permissions in order to update the file. You may also want to
check user access levels in the metadata retrieved by files.get and
use that to change your UI to a read only UI.
To create permission, here is a reference to create permission for a file.
Upon the request, you also need authorization with at least one of the following scopes (read more about authentication and authorization).
Hope it helps.
Related
I tried to connect this package and I follow all the steps
https://github.com/spatie/laravel-analytics#how-to-obtain-the-credentials-to-communicate-with-google-analytics
I keep getting this error:
Google_Service_Exception
{ "error": { "code": 403, "message": "User does not have sufficient permissions for this profile.", "errors": [ { "message": "User does not have sufficient permissions for this profile.", "domain": "global", "reason": "insufficientPermissions" } ] } }
I use the Account Settings / Account Id
my account id have 9 number no letters
The error talks about Profile not Account, so you need to use View ID instead Account ID.
On my file analytics.php
return [
/*
* The view id of which you want to display data.
*/
'view_id' => env('ANALYTICS_VIEW_ID'),
I change the
'view_id' => 11111111,
I put the direct number
you need to hit : https://analytics.google.com/analytics/web/#/usersettings then search All website data(XXXXXXXXX) and past it in view ID
I am trying to programatically access a calendar I own using the Google Calendar API list:
r = requests.get(
url="https://www.googleapis.com/calendar/v3/calendars/<the ID of my calendar which looks like mydomain_randomstuff#group.calendar.google.com>/events",
params={
'key': <the key from the API console>,
'singleEvents': True,
'orderBy': 'startTime'
}
This call fails with a 404:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
What does that error actually mean, in the context of this API?
Note:
the calendar does exist and it has events
the API limits are not even close to be reached
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
Can mean one of two things. Either the calendar Id you have typed is in correct or the user who you are authenticated with does not have access to that calendar. Make sure you are logging in with the correct user with access to that calendar. Optionally you can do a calendar.list which will return a list of the calendars that the user currently has access to. That way you wont have to worry about possibly miss typing the calendar id.
authorization
The method you are using events.list requires authorization (permission from the user) in order to access their calendar. Which can be seen in the documentation page
You need to authncate your user using Oauth2 and one of the scopes above. You will then have an access token you can use to access this calendar.
apikey
Api keys are used for accessing public data. Unless your calendar is set to public you will not be able to use it to see events. Also remember that api keys do not have access to update public calendars you still need to be authenticated to make changes to them.
Service account
If this is a server to server application you should use a service account not an API key. All you need to do is add the service account as a user on the google calendar like you would any other user. It will then have access to your calendar.
I am developing a web-based application using Google API. I am using server-to-server which is obviously with a service account. I am almost done.
I can now insert new users through Google api. I can even create and/or give newly created users access to a Team Drive through Google API. Meaning, I have a service-account that can impersonate all domain users.
The Problem:
But why am I getting errors when trying to impersonate a user through Gmail API? I need to add Gmail Labels and Filters to newly created users but I am getting an error message stating "Deligation denied". Am I missing something?
Obviously I have a working service-account settings already with proper scopes in G Suite. I guess userID "me" is not an option since my application needs to impersonate a newly created G Suite user. Please correct me if I am wrong.
$service = new \Google_Service_Gmail($this->client($scopes));
$serviceLabel = new \Google_Service_Gmail_Label();
$serviceLabel->setLabelListVisibility('labelShow');
$serviceLabel->setMessageListVisibility('show');
$serviceLabel->setName($label_name);
try {
$resp = $service->users_labels->create($email, $serviceLabel);
} catch (Google_Service_Exception $e) {
return false;
}
Here is the error I am getting
{#398 ▼
+"statusCode": 403
+"errors": array:1 [▼
0 => array:3 [▼
"domain" => "global"
"reason" => "forbidden"
"message" => "Delegation denied for service-account-user#domain.com"
]
]
+"message": """
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Delegation denied for service-account-user#domain.com"
}
],
"code": 403,
"message": "Delegation denied for service-account-user#domain.com"
}
}
"""
}
A Gmail Label is expected to be added automatically for each user being created through the application.
Making the API request
403 response
I want to set permissions to my google drive file programmatically as if anyone has the google drive sharable link so he can read. After setting the role as reader and type as anyone trying the api gives me 403. any help would be appreciated. Please refer the images above.
here is a part of my HTTP GET response
"userPermission":{
"kind":"drive#permission",
"etag":"\"v8V6DvTBE_bfiGlEO9jLLdDEcEE/vrb4MS7MSuazJcKlWO78yMuKxF0\"",
"id":"me",
"selfLink":"https://www.googleapis.com/drive/v2/files/1Vnp6v2VSE3sHKb9H9ChJPc8VPozuVtyd/permissions/me",
"role":"owner",
"type":"user"
},
"originalFilename":"1200px-Arriva_T6_nearside.JPG",
"fileExtension":"JPG",
"md5Checksum":"52f04535ea275c8be7ad87853a49fb87",
"fileSize":"343589",
"quotaBytesUsed":"343589",
"ownerNames":[
"Dev Drive"
],
"owners":[
{
"kind":"drive#user",
"displayName":"Dev Drive",
"isAuthenticatedUser":true,
"permissionId":"00918695921514386946",
"emailAddress":"devdrive#finetechlk.net"
}
],
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file."
}
}
Means just that The current authenticated user does not have permissions to the file. A user can not preform an action on a file they do not have permissions on.
I suggest that you do a File.get on the file Id you are working with and see what permissions the current authenticated user has to that file. You will also be able to see the owner of the file.
Note the file i am testing with was shared with me by another user. I dont have ownership of it and there for can not create permissions on it.
{
"kind": "drive#user",
"displayName": "xxx",
"photoLink": "xxx",
"me": false,
"permissionId": "x642264676680223635",
"emailAddress": "xxxxx#gmail.com"
}
Setting a file to public does not create a public read link. Depending upon the file type it may contain a webViewLink but this is not true of all file types.
Solution
How to solve your 403. Find the user who owns the file with the ID you are using and have them insert the permissions. Or insert permissions on a file that the current user owns.
I am trying to use the transfers:insert method of the Google Admin SDK Data Transfer API. I am performing this API call as the super admin account of my domain. I have verified that API access is enabled for our domain, and that the Super Admin admin role has permission to use the Data Transfer API.
I am testing this in the APIs Explorer on this page.
55656082996 is the ID string that I got for Google Drive from the applications:list APIs Explorer.
Request:
POST https://www.googleapis.com/admin/datatransfer/v1/transfers?key={YOUR_API_KEY}
{
"oldOwnerUserId": "olduser#ourdomain.com",
"newOwnerUserId": "newuser#ourdomain.com",
"applicationDataTransfers": [
{
"applicationId": "55656082996"
}
]
}
Response:
400 OK
- SHOW HEADERS -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "Invalid value for: Invalid oldOwnerUserId."
}
],
"code": 400,
"message": "Invalid value for: Invalid oldOwnerUserId."
}
}
I get the same "Invalid value for: Invalid oldOwnerUserId." response no matter if I use email addresses or usernames. I also tried excluding the applicationDataTransfers array from the response, but that also didn't work.
The documentation does not say this, but the Id cannot be the user's email address, like in all of the other Google APIs, but rather it needs to be a numeric ID for the user that you can get using the Users:get Directory API method.
I figured this out by Google searching and coming across this documentation, where they elaborate upon oldOwnerUserId by saying "# ID"
In addition to the answer above.
Here is how you can get the employee' IDs from Gsuite API in Python 3.*
def create_directory_service():
credentials = cls.get_credentials(scopes=['https://www.googleapis.com/auth/admin.directory.user'])
return build('admin', 'directory_v1', credentials=credentials, cache_discovery=Fals
service = create_directory_service()
old_owner_google_id = service.users().get(userKey=old_owner).execute()['id']
new_owner_google_id = service.users().get(userKey=new_owner).execute()['id']