I'm using the ruby sdk for Google Drive, API v2. When using the files.list or files.get method, the response does not contain permissions. The documentation indicates that it should:
permissions[] list The list of permissions for users with access to this file.
I am able to fetch the permissions in a separate API call (permissions.list with fileId). This indicates to me that the client has the correct permissions to see this information, but for some reason the API is not returning it with the files.list or files.get calls.
Is there something I need to do to ensure the permissions field is present when using the files.list call? I would very much like to avoid turning a (N/PageSize) problem in to an N problem.
Note: I have omitted including the relevant code and responses because they are pretty much as expected, except for permissions. For example, the userPermission, and owners attributes are present.
Thanks!
This property is not set by default, but you can explicitly call for it in the request url. You will have to rely on 'partial response', in which you can set the desired parameters to consult or list. You can read more on the subject here: https://developers.google.com/drive/web/performance#partial-response; and the implementation for ruby can be found on this site: https://developers.google.com/api-client-library/ruby/guide/performance#fields
Related
We have an application that needs to append data to users' designated Gsheet.
They should enter the sheet ID on our app, authorize it and then click export. Our app would then append a new row of data.
We are not clear what is the best or the necessary Oath 2 scope that is appropriate for that.
https://www.googleapis.com/auth/drive.file
or
https://www.googleapis.com/auth/spreadsheets
Any help is appreciated.
What you should do is check the documentation for what ever method you are trying to use. I am going to guess that you are using Method: spreadsheets.values.update
This method requires one of the following scopes
Which one you pick is up to you. They will both work. Technically if your not going to be accessing any of the google drive api methods then there's probably no reason to use the drive scope.
You can check the scopes#Sheets documentation for information on exactly what each scope gives you access to.
As you can see the sheets scope gives you access to all sheets a user has, while the drive.file scope will only give you access to files that where created by your app. Not just sheets.
We use people api to get a list of contact_groups.
Although we use sync_token, we cannot get deleted groups. But people list do not have this problem. How to solve?
service = Google::Apis::PeopleV1::PeopleServiceService.new
service.client_options.application_name = 'xxx'
service.authorization=Signet::OAuth2::Client.new(credentials)
response = service.list_contact_groups(sync_token: xxxx-xxxx-xxxx)
Contactgroups.list returns a list of contact groups a contact group contains a Contact group metadata which contains a deleted paramater.
True if the contact group resource has been deleted. Populated only for contactGroups.list requests that include a sync token.
I am not 100% sure i understand your question.
Search only deleted
There is no way to search only on deleted groups. You are going to have to cache the full contactgroups.list method and scan the data locally.
Data not returned
If you are not seeing the deleted groups and you are 100% sure that this user has access to this information. Then i would suggest that this information is not available via the api it is a common issue that not all of the fields in Google apis are publicly available to third party developers like us. If this is the case then i suggest that you post an issue on the forum here that the information should be populated.
I am trying to copy a file from my app to google drive.I am unable to do so using the scopes drive.file and drive.metadata but able to do so by drive scope. Since drive scope gives more access than needed i want to keep only the required scope for file copy.
Please let me know the minimal scope that is required for file copy.
Also want to know if the order or scope definition matters here like if passing the scope as "drive.file drive metadata" differs from "drive.metatdata drive.file".
Any advice or suggestions will be greatly appreciated.
In order to copy a file you are going to need write access to the drive account file.create
This request requires authorization with at least one of the following scopes (read more about authentication and authorization).
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/drive.appdata
If you have tried with https://www.googleapis.com/auth/drive.file i suggest that you try to refresh your authentication if you changed the scopes in your application without authenticating the user you will not have access using the old scopes.
So I can successfully generate a temporary signed url on google cloud storage, with an expiry time etc.
However the signed URL still has the clearly visible bucket name and file name.
Now I understand that when the download occurs, the filename will be visible.. as we have downloaded that file. However it would be nice to obscure the bucket and filename in the URL?
Is this possible, the documentation does not give any clues and a google search session has not really given any results that help.
I don't think there's a way. Bucket naming best practices basically state that bucket and object names are "public", that you should avoid using sensitive information as part of those names, and advice you to use random names if you are concerned about name guessing/enumeration.
A possible workaround for this would be to proxy the "get" for the Cloud Storage objects using Cloud Functions or App Engine, so the app retrieves the objects from Cloud Storage and then send it to the client.
This is more costly, and would require to write more code.
I can think on another possible workaround which consists in protect your Signed URL by code (such as PHP), so that users cannot know what the URL is. Nevertheless, taking in account that you want to avoid any displayed-data on the network activity when downloading, you should test this workaround first to see if this works as intended.
I have an application that needs to upload file to Google Drive via the ordinary Google Drive API. It needs to upload, but it never needs to download anything, list directories, read metadata or anything like that. It basically uses Google Drive as a drop box to store results of some computations.
Because of the principle of least authority, I would like to give this application the authorization to create new files, but not read or modify anything. Is this possible? I cannot see anything like this in this list, so I suspect the answer is no, but would like more informed comments.
By principle of least authority "user/process should have necessities/privileges". A file created by an app is owned(create/modify/delete) by app and no access to rest of resources.
If this definition fits in your scope then use
https://www.googleapis.com/auth/drive.file
"Per-file access to files created or opened by the app"
As stated in Choose Auth Scopes
Auth scopes express the permissions you request users to authorize for your app. While many Drive apps can function with just the required set of scopes, you may need to consider using other available scopes.
As far as I know, you can choose from the list of scopes available for the Drive API, combine them or mix and match if necessary. And, you can also add other scopes if your app requires access to any other Google APIs as given in Google APIs scopes.
To learn more about scopes, you can watch the video of Google engineers discussing related tips and tricks within the given documentation. I hope that helps.