Skip to first unread message
Craig Smith
Jul 22, 2019, 2:53:11 PM7/22/19
to Google Apps Script Community
In the last couple of days, I have run into a new error when using my add-on that I can only assume has something to do with upcoming changes Google is making to the drive app since it has worked for well over a year. The error is "Access denied: DriveApp." The error is happening on the second line of the code below. Basically I am making a copy of a document that is a template file that I will use to merge spreadsheet data into. The template file is owned by another Gmail account but is Published on the web with no sign-in required. If I manually copy the template file and then switch my template to the copy that I now own, I do not get the error. I publicly published a similar template from another account in my domain and did not get the error. In looking at my error logs it looks like I am the only user who is getting this error so far, but I assume others will run into it at some point. I thought I would post this to see if others have run into this or for any help if I am completely missing something. I assume the main work around is that all templates have to be owned by the user, or at a minimum be within the Domain, which may be the case when you consider the upcoming Scope changes.
var tempBody = DocumentApp.openById(DocId).getBody();
var copyId = DriveApp.getFileById(DocId).makeCopy(SaveAsName).getId();
var copyDoc = DocumentApp.openById(copyId);
My Add-on has been published for a little over a year. I had to take out a minor function in order to get around the Mail App restricted scope. I have read the May 30th Blog post about the upcoming security changes for the Drive App, but I don't think I have enough information to figure out how to proceed. I assume I will want to use the drive.file scope along with the Google Picker to steer clear of any Restricted scopes. I currently don't use the Google Picker, but think I should to start implementing it now and get a jump on the transition.
The add-on currently saves the document or file id's the user inputs for their template files which are saved in the document properties. The way I read the upcoming scopes is these id's would not be authorized because they were not individually picked by the user with the Google Picker. Once a user picks a drive file with the Google Picker from the add-on, then it is then added to a list of files that the use has authorized for this particular add-on. I assume the user does not have to pick the files for each session and they are saved permanently. This is just my opinion of how it may work, but I hope someone has more knowledge of what is coming.
Alan Wells
Jul 22, 2019, 3:33:25 PM7/22/19
to Google Apps Script Community
The Google Picker API will need to be enabled in the Google Cloud Project associated with your Apps Script project. The client side code for the Google Picker needs an API key that you will need to generate by clicking the "Create Credentials" button. The "Create Credentials" button is available in a couple different ways. You'll be asked to restrict access to the API key. I think the only restriction available to use is to the Google Picker. The "Web" option requires a url to restrict the access to, but I don't think you can do that with an add-on. But if anyone knows better, please let us know.
On Monday, July 22, Craig Smith wrote:
Hopefully this isn't a bug in Apps Script. I thought that the new
Drive restrictions weren't coming until later. I'm not sure what the
deadline date is.
Is the "Access denied: DriveApp." coming from a G Suite account? Free/consumer account? Your account?
In the last couple of days, I have run into a new error ...... is "Access denied: DriveApp." The error is happening on the second line of the code below.
Craig Smith
Jul 22, 2019, 3:59:17 PM7/22/19
to Google Apps Script Community
It is coming from my G Suite account. The same one I publish the add-on with. If I switch to a different user on my domain and use the template from a regular Gmail account outside my domain I still get the error. I have another G Suite account for a different domain that I have the Add-on installed and I do not get the error on that account. At least not yet. I can only assume it is something being rolled out. My first experience with this error was this past Saturday or Sunday, I don't use this particular feature everyday, but I know it has worked well previously on all accounts.
I think it has to do with copying a published document that is owned by a regular Gmail account that is outside my domain.
Alan Wells
Jul 23, 2019, 9:22:18 AM7/23/19
to Google Apps Script Community
Hopefully Google will provide an answer at some point.
The documentation provides information about G Suite admin settings for sharing files from within the domain to outside of the domain, but I don't see anything about accessing files from outside of the domain from an add-on.
You could contact G Suite support, but technically, Apps Script is a totally unsupported product, even to paying customers.
Hopefully, there is someone who can give you a better answer.
Reply all
Reply to author
Forward
0 new messages