In the last couple of days, I have run into a new error when using my add-on that I can only assume has something to do with upcoming changes Google is making to the drive app since it has worked for well over a year. The error is "Access denied: DriveApp." The error is happening on the second line of the code below. Basically I am making a copy of a document that is a template file that I will use to merge spreadsheet data into. The template file is owned by another Gmail account but is Published on the web with no sign-in required. If I manually copy the template file and then switch my template to the copy that I now own, I do not get the error. I publicly published a similar template from another account in my domain and did not get the error. In looking at my error logs it looks like I am the only user who is getting this error so far, but I assume others will run into it at some point. I thought I would post this to see if others have run into this or for any help if I am completely missing something. I assume the main work around is that all templates have to be owned by the user, or at a minimum be within the Domain, which may be the case when you consider the upcoming Scope changes.
var tempBody = DocumentApp.openById(DocId).getBody();
var copyId = DriveApp.getFileById(DocId).makeCopy(SaveAsName).getId();
var copyDoc = DocumentApp.openById(copyId);
My Add-on has been published for a little over a year. I had to take out a minor function in order to get around the Mail App restricted scope. I have read the May 30th Blog post about the upcoming security changes for the Drive App, but I don't think I have enough information to figure out how to proceed. I assume I will want to use the drive.file scope along with the Google Picker to steer clear of any Restricted scopes. I currently don't use the Google Picker, but think I should to start implementing it now and get a jump on the transition.
The add-on currently saves the document or file id's the user inputs for their template files which are saved in the document properties. The way I read the upcoming scopes is these id's would not be authorized because they were not individually picked by the user with the Google Picker. Once a user picks a drive file with the Google Picker from the add-on, then it is then added to a list of files that the use has authorized for this particular add-on. I assume the user does not have to pick the files for each session and they are saved permanently. This is just my opinion of how it may work, but I hope someone has more knowledge of what is coming.