0

I want to read one specific, shared, private spreadsheet in a user's Drive (it's a private extension for a group of users with access to this spreadsheet and I'm using Oauth to determine whether the user was shared the spreadsheet - or is there a better way?).

Is there a way to limit the scope / permission to just that one file so it doesn't request access to the user's entire Drive?

1 Answers1

1

There are two ways you can limit the permissions.

  1. You can request read only with https://www.googleapis.com/auth/drive.readonly. probably not what you're looking for, but I thought I'd include it for completeness.
  2. You can request https://www.googleapis.com/auth/drive.file which limits access to files created by the app, or shared with it. So for this option, you will need to go into Drive and share the file to the app.

edit: I just tried this, using a NON Service Account, and it doesn't work. Whether it only works for Service Accounts, or is just a bug, I have no idea. a possible workaround maybe be to use the picker.

pinoyyid
  • 21,499
  • 14
  • 64
  • 115
  • BRILLIANT JUST BRILLIANT! #2 is perfect for my needs! I listened to the Google Developers video for scopes and they never mentioned this! –  Mar 24 '14 at 17:49
  • Before writing any code, I suggest you test that everything works the way you expect using the OAuth Playground. – pinoyyid Mar 24 '14 at 18:00
  • O.M.G. I just got OAuth to work after 3 days of testing. SO HAPPY! I seriously couldn't have done it without you, learned so much! I can't upvote your answer because I don't have 15 rep but I will when I get it!! –  Mar 24 '14 at 18:06
  • when you create the app in the API console, under API/Credentials you will see an email address. Note the disclaimer I just added to my answer. I suggest you un-accept my answer until you successfully test it out. – pinoyyid Mar 25 '14 at 05:52
  • I'll check it out tomorrow. To my understanding there is an app email which I believe you share the doc with –  Mar 25 '14 at 07:54
  • one last question. What would be the difference from using `chrome.identity` to `gapi.auth.authorize()`? If I have to load gapi to use Drive's api anyways, what's the purpose of `chrome.identity`? The documentation seriously doesn't give any information... –  Mar 25 '14 at 14:19
  • last time I checked, gapi doesn't work in extensions due to CSP. conversely, chrome.identity is for extensions only. So if you're writing an extension, chrome.identity is the way to go. One thing to double check works for you is the extent to which chrome.identity uses the chrome logged in user. – pinoyyid Mar 25 '14 at 14:22
  • Sorry if this is a dumb question, but if we don't have access to gapi, how do you get data from the Drive without `gapi.client.drive.files.get()`? –  Mar 25 '14 at 14:32
  • The Drive API is a simple REST/JSON api that you can implement with xmlhttrequest, or any common js library (I use AngularJS). the gapi library is (imho) more trouble than its's worth – pinoyyid Mar 25 '14 at 14:37
  • What is the link to download a private spreadsheet if I have the key? There are two API's [Drive](https://developers.google.com/drive/v2/reference/) and [Spreadsheets](https://developers.google.com/google-apps/spreadsheets/). Do I really need to use Drive's API if I just want the content from a spreadsheet? And can I get it in JSON? According to this [guy's answer](http://stackoverflow.com/questions/11541232/google-api-javascript-client-how-to-get-contents-of-file-using-drive-api?lq=1) you can only get it in native formats. Thanks, this is my last question sorry! –  Mar 25 '14 at 19:06
  • In Drive, you will use one of the exportLink properties, depending on what format you want. JSON isn't one of the options. The difference between the two APIs is that Drive treats the file as an atomic blob of content, whereas the Spreadsheet API treats it as a collection of rows and cells. Because you are asking for it in JSON, I surmise that you are looking to download the entire spreadsheet and then process its contents in JavaScript. Using the csv exportLink is probably your best bet, since there are several JS libraries that you can then use to parse it. – pinoyyid Mar 26 '14 at 09:30
  • that's probably my last question, I can take it from here :) Thanks for all your help! –  Mar 26 '14 at 15:03