Apps Script libraries
59 views
Skip to first unread message
Andrew Apell
Dec 4, 2020, 11:19:43 PM12/4/20
to Google Apps Script Community
Hello good people!
If you have a publicly shared library, is it possible to identify the person who is using it e.g. by viewing their email?
Andrew Apell
Dec 5, 2020, 2:22:36 AM12/5/20
to Google Apps Script Community
In other words: Is it possible to limit the use of a library depending on which account is accessing it?
Adam Morris
Dec 5, 2020, 2:49:51 AM12/5/20
to google-apps-sc...@googlegroups.com
A project is like a drive file that has sharing. Just give them view access same way you would google doc. Make sense?
--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/41448f4f-26f5-4b26-8fb4-365a92642b4en%40googlegroups.com.
Andrew Apell
Dec 5, 2020, 3:01:43 AM12/5/20
to Google Apps Script Community
Maybe I was not clear.
I have actually just created the library and have tested that it is working.
What I want to do now is to share the library publicly but only allow users whom I authorise to be able to run it successfully.
Why? Because this library is from a paid add-on and I my subscribers to be the only ones who can access it.
Adam Morris
Dec 5, 2020, 5:14:46 AM12/5/20
to google-apps-sc...@googlegroups.com
Oh I see. You can implement that by implementing your own check. You can use session class to get email.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/83efc241-70a8-4a18-b8da-35c225a20059n%40googlegroups.com.
Bruce Mcpherson
Dec 5, 2020, 6:48:07 AM12/5/20
to google-apps-sc...@googlegroups.com
Not quite the same, but I gave a talk a few years ago at a GDG in london about using Google analytics to measure library and library version usage. It might be handy.
I also wrote about using the user property store to measure library usage a few years ago,
Not sure how relevant these techniques are for you nowadays, but it may get you some ideas.
The down side is potentially needing extra oauth permissions for some of this stuff.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/CAHQVb%2BSOV7nEfFxZJhR4zpaUAYADh90t8Gg-D%2Bz2S_U7111gew%40mail.gmail.com.
Bruce Mcpherson
Dec 5, 2020, 7:33:11 AM12/5/20
to google-apps-sc...@googlegroups.com
.. so using the 2nd technique, assuming your addon has propertyservice access, your addon could write something in the userproperty store. Your library could then be setup to only work if it finds some secret value in the userproperty store ( you'd need to pass the store to it from your add on).
Alan Wells
Dec 5, 2020, 9:19:47 AM12/5/20
to Google Apps Script Community
In your situation, where you want to restrict access to non-paying users, personally, I'd never use a library.
If someone can view your code, then they can duplicate it, . . . put it into their own Apps Script file, and run it.
That would be illegal for someone to do if your code is not licensed for free public use,
but how are you going to track them down and prosecute them?
It's never going to happen.
Would anyone ever steal your code?
I don't know, maybe, maybe not.
If the Apps Script team would provide a way to lock down library code,
then (in my opinion) it would open up a powerful and popular capability.
If it were me, I'd make it a priority.
Andrew Apell
Dec 5, 2020, 12:29:50 PM12/5/20
to Google Apps Script Community
You mean it is possible for them to see the code? If yes, how?
Andrew Apell
Dec 5, 2020, 12:30:26 PM12/5/20
to Google Apps Script Community
Thanks Bruce. I'm already adapting your idea to my specific case.
Regards
Andrew Apell
Dec 5, 2020, 12:41:52 PM12/5/20
to Google Apps Script Community
UPDATE:
I see how... I have to share the file for it to work and the second you do that, it is open to the public.
So now I need to know this: Is there anyway to allow other users to call custom functions from my add-on, inside their own script?
Alan Wells
Dec 5, 2020, 1:09:01 PM12/5/20
to Google Apps Script Community
Custom functions can use
UrlFetchApp.fetch(url);
So they would need to create a custom function, in the Apps Script file bound to their Sheet which then would use UrlFetchApp.fetch(url)
to make a request to your API. But the problem with that, is that the code will run in your account against your quota.
I don't think you're going to find anyway around needing code in your API to run from your account instead of theirs.
It wouldn't make any sense to publish an API from your Apps Script file, . . .to much traffic.
So, can their custom Sheets function call your API? Yes.
And you'd want them to pass some kind of key in the payload to verify that they are authorized to use the API.
You'd need to provide the code for them to add to their bound script.
I wouldn't use a library for that even though you could, because regardless, they will need code in their script file.
And you'll need to give them code that they can copy and paste in with instructions.
I'd use a Cloud Platform service for the API. There are free tiers that are free up to a couple million requests I think.
Reply all
Reply to author
Forward
0 new messages