auth/drive.file scope and file picker

[Craig Smith]

I am working on a spreadsheet add-on that deals with sending mail with attachments and merging spreadsheet data into documents. I previously used the auth/drive scope because I use DriveApp.getFileById(thisFileId).getBlob()  and also .makeCopy(SaveAsName).getId() in the add-on. 

I am trying to limit my scope away from restricted auth/drive scope to the recommended auth/drive.file scope.  I may be completely off on my reading of the auth/drive.file scope. My understanding is the per-file access to files created or opened by the app is granted when the user selects a file with the file picker. I would assume then that a drive file the user picks could then be opened by DriveApp.getFileById(thisFileId), but I am getting a permission error that I need (auth/drive or auth/drive.readonly) in order to do this. What file authorization is granted when using this scope?

It could be that I am missing something on the picker file integration. I have it working basically using the developer example here (https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs). I also can not use the DriveApp.getRootFolder(); in the getOAuthToken() function because it also says I need the auth/drive or auth/drive.readonly scope. 

I guess the other option is to use the auth/drive.readonly scope which is sensitive, but not restricted. I don’t know if  this would be in addition to the auth/drive.file scope or in place of it. Am I the only one who finds it hard to figure out what they are expecting? 

[Alan Wells]

You should be able to use:

Drive.Files.copy(resource, fileId)

to copy a spreadsheet.

I'm not sure about the specifics for the resource, but you should be able to use that as an alternative to using .makeCopy(SaveAsName)

Getting a files content, can be a little tricky with the drive advanced service from what I've experienced. I have not tried getting a spreadsheet's content. I've overwritten PDF and text files.

It is bit of work creating new code, and there is less information out there for the advanced Drive service. But, personally, if I can avoid asking for yet another permission from my users, then I go down that road.

So, I'm quite sure that you can accomplish what you want without using DriveApp. I don't think you're going down a dead end road by trying to do what you want with advanced Drive service. I have abandoned DriveApp altogether. It's a lot of work to make the transition, but I think that's the best long term answer.

[Craig Smith]

Thanks for the reply. I will try to see what I can do with the drive.file methods and see if I can get it to work without too much trouble. I hope I can figure it out because I know I want to avoid the restricted auth/drive scopes. I don't think I see any other options and don't want to abandon the add-on if I don't have to.

I may not be keeping up enough with the changes that are taking place with scopes, but I just received an email yesterday on my published app that states almost all my scopes are sensitive. I have published the add-on for the last year and a half with the same scopes, so I don't understand how they have not been verified before. I resubmitted the ones they asked for approval. 

Previous verified scopes

/auth/spreadsheets

/auth/document

/auth/drive    *** I am trying to limit this one with the file picker and new scope, which relates to my initial question. 

Your project(s) listed below have not been verified and may be using the following sensitive scopes:

MergeFactory (project-id-6219019382541371315)

https://www.googleapis.com/auth/script.send_mail

https://www.googleapis.com/auth/script.external_request

https://www.googleapis.com/auth/script.scriptapp

https://www.googleapis.com/auth/script.container.ui

One other question on the file picker. It seems to be working correctly in selecting files from my Drive and I am able to capture the details of the files. The question is if I view the browser console after the picker opens in my drive, the attached errors are in the console. I am not sure if this has to do with my GCP api settings or if this is normal since it is functioning.?

[Clay Smith]

Hi Craig, I also was emailed about updating AddOns that have been published for a long time. I suspect Google is just getting to this. I find a lot of the request generalized without very specific directives. I'm just working through the requests now. So you're not alone in this. 

-Clay

[Craig Smith]

I resolved a little of bit of the problem with the Drive.File.copy advanced Drive Services. I have posted some code below in case it can help anyone else trying to avoid the DriveApp. I can open files with the DocumentApp or SpreadsheetApp since I already use these in the add-on, but have not figured out how to open any other types of attachment files for Drive without using the DriveApp. I was hoping to continue being able to attach other types of files from Drive to an email. 

/**

 * Test Function for drive.files stuff

 */

function testDrive() {

  //var copyFile = Drive.Files.copy(resource, fileId, optionalArgs);

  var emailObject = {};

  var blobs = [];

  var newFileName = "New Doc Name";

  var templateFileId = "1PbgbJIO7imPBFSqDSYDCKuv7GjnxuIkyyk1zopvVKmo";

  var emailTo = "some...@email.com";

  var emailSubject = "Drive Test Email";

  var emailTextBody = "Drive test email. This should have an attachment";

  var copyFileResource = Drive.Files.copy({"title": newFileName}, templateFileId);

  var newFileId = copyFileResource.id;

  var newFile = DocumentApp.openById(newFileId);

  // update or merge info into new file

  blobs.push(newFile.getBlob());

  emailObject.attachments = blobs;

  MailApp.sendEmail(emailTo, emailSubject, emailTextBody, emailObject );

}