Transferring Specific Files/Folders over with Google Admin SDK API - google-admin-sdk

Google API Admin SDK Data Transfer: Can be found here
I have been able to successfully copy over all files from 1 Google account to another, but I am looking to copy over just 1 specific file. Scopes and permissions are correct.
The successful API request body to move all files is:
{
"oldOwnerUserId": "{ID transferring from}",
"newOwnerUserId": "{ID Transferring to}",
"applicationDataTransfers": [
{
"applicationId": "{Google Drive Application ID}"
}
]
}
The ID for the Google Drive Folder I'm looking to copy over is 1HCrNywrvoUly_MrYndR. How can I adapt this code to only transfer over this Google Drive folder?
Alternatively, is there a way I can create default folders in other user's accounts through the Google API? I need to create a set of blank folders for every new user that creates an account and haven't been able to find a way to create folders in other accounts using the Google Drive API. This workaround is to create all folders in my Google Drive and then using the Admin SDK API to ship off the completed folder to the new user.

After digging around, I found a solution that was way less complicated than using a Google Service Account. All you need is Admin credentials.
if you create a folder in your own Google Drive through the API, you can load it up with whatever you want. After that, you can then change the permissions of the parent folder to make the target user an owner. You then delete your own permissions and voila, that file now belongs to the other person.

Answer:
The Admin SDK API does not have methods which allow you to copy a single file or folder from one user account's Drive to another. For this, you must use the Google Drive API.
More Information:
You will need to use a service account to do this, as to authorise an application as more than one user you must have an application being run with an account that has domain-wide delegation, but once this has been set up in your Google Cloud Project Console, you can use the regular Google Drive API methods to copy individual files or folders from one Drive to another.
Things to be aware of:
You will need to use the delete and add methods of the Drive API to create the files/folders, rather than copying them.
If there are files inside a folder you wish to copy over, you will need to copy these recursively into the newly created folder.
You can get a list of the files in a folder using the list method of Drive: files in the API.
References:
Google Cloud - Understanding service accounts
Google Drive API
Method Files: create
Method Files: delete
Method Files: list

Related

Google Drive: What combination of scopes lets an app read existing files but not have edit/delete privileges?

I've found that with https://www.googleapis.com/auth/drive scope, my app can read all existing files (and their contents) in a Google Drive, but when I auth the app, it says that this scope can also delete files in the drive and I don't want to grant that.
I know that by itself https://www.googleapis.com/auth/drive.file only allows the app to read files created by the app itself or especially granted access.
I've tried other combinations, but can't find one where the the app can read the contents of any file I can see, but can't delete anything. This is the closest I've come:
https://www.googleapis.com/auth/drive.metadata
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/drive.activity
https://www.googleapis.com/auth/documents
Is there a combination that will achieve my goal?
Based on your needs, you should be eyeing https://www.googleapis.com/auth/drive.readonly. This enables you to read the file metadata and content.
Allows read-only access to file metadata and file content.
Resource:
Scopes
There isn't one if you have access to read and write to a file then you will also have access to delete that file.
Its how they have permissions setup.
If you don't want to upload and only download try drive readonly.
scopes#drive
If you're not intending to create any files or save any data to Drive, then you have the https://www.googleapis.com/auth/drive.readonly scope.
Note that this is a restricted scope that will grant your app with read-only access to the user's entire Drive, but it will also prevent your app from creating any new files or editing existing ones.
If you want your application to be able to access the entire Drive, and you're planning to release your app to the public, you should submit your application to a restricted scope verification and security assessment; otherwise your app will be limited to 100 users, and users will see a warning while your app is unverified.
Here's more information:
OAuth 2.0 Scopes for Google APIs - Drive API, v3
Additional Requirements for Specific API Scopes section in the Google API Services User Data Policy
OAuth API verification FAQs

Location of the spreadsheets when created by the API

Yesterday I've configured a new project in the Cloud Platform and added the Sheets API to it and made functions to generate access_token to make API calls (in Elixir programming language). Today, when creating a new spreadsheet with the access token, the responde body returns me the spreadsheet and all the info about it, but, when accessing the Drive of the account that I've used on the Google Cloud console to create the new project I can't find the sheet there. Plus, when clicking in the spreadsheet url provided on the response body it prompts me to the Request Access page (when I'm trying to access with the email that holds the project # Cloud platform).
So the questions are, where are the files being stored and how can I access them?
Thanks in advance!

Secure image Urls

I am making a app that allows users to upload images to their profile page. I was using firebase Storage to store the images using a folder for each user. The problem I have is the Url for the images are accessible without evening signing into my app. Can I limit access to users that have signed in to my app? Im using a custom sign in token. Or do I need to switch to another storage provider.
It sounds like you're using Firebase Storage's download URLs. These are (by definition) URLs that give anyone who has them read-only access to the file. Download URLs are only generated when you call getDownloadUrl() (or the equivalent method on the platform you use). So if you don't want this behavior, don't call getDownloadUrl().
If you don't have a download URL, the files in Storage are only available by using the Firebase SDK. At that point all access to the files is secured through the security rules that you've defined for your project. For more on this, see the Firebase documentation on securing access to files.

Google Drive Change File Ownership Using RESTapi in Python

I manage a domain of users and would like to be able to transfer all the documents of a user to another user. As far as I understand the best way to achieve that is to find the fileID's of all files belonging to one user and transfer them to another user. However, I have problem constructing a query.
UPDATE:
So the correct query to retrieve the list of files would be:
response = drive_service.files().list(q="'user#company.com' in owners").execute()
However, it only works for me as an admin. If I try to retrieve the list of files for any other user in my domain it returns an empty list.
Files.list will retrieve all the user's files, in this case it will get all your own files. In order for that query to work would be only if that user is also owner one(or more) of your files.
Even as an admin you cannot access users files directly.
To access other user's files, as an admin you need to impersonate the users and then perform actions in their behalf.
This is achieved by using a service account with domain wide delegation of authority.
Here you can find more information on that as well as a python example.
Hope it helps.
If you want to transfer all the files of one user into another user's Drive, the easiest way would be to use the Data Transfer API provided by Google. This way you don't have to list the files and transfer them one by one. Also you only need the admin access token and wouldn't need domain wide delegation either. You can get the official documentation here

Files:insert - Google Drive SDK - Python Example - What is Drive API service instance?

USING: Windows7, Python 2.7, Google App Engine
Google's documentation for inserting(creating) a file to Google Drive using Python and the Drive API. Here is the link showing the code near the bottom of the page:
Write a file to a Google Drive using Python
A function named: insert_file is defined in the Python module.
def insert_file(service, title, description, parent_id, mime_type, filename):
The insert_file function takes 6 arguments passed into it. The first arg is service.
In the comment section of the example code, it is indicated that the service arg takes the Drive API service instance as the input.
Args:
service: Drive API service instance.
title: Title of the file to insert, including the extension.
description: Description of the file to insert.
parent_id: Parent folders ID.
mime_type: MIME type of the file to insert.
filename: Filename of the file to insert.
What is the Drive API service instance? I have no idea what that is or what the valid settings are. Is it the authorization scope that is expressed as a URL? I do know what the title and description are. The title is the new name of the file being written, and the description is a detail, presumably put into the files metadata. I'm not sure how to get the parent_id or the Parent folder either. How is that info obtained? Do I get that manually from Google Drive? I know what the MIME type setting is.
If someone could give an explanation of what the Drive API service instance is, and give an example, that would be great. I did a search for Drive API service instance, and couldn't find an explanation. I searched the internet. I searched Google Developers. I found nothing.
Quickstart provides more boilerplate and a full working walk-through.
http = httplib2.Http()
http = credentials.authorize(http)
service = build('drive', 'v2', http=http)
The service is the API service that you want to instantiate. There are lots of services. An app can communicate with Google Maps, or Google tasks, or email, or Drive.
Google API's for Python
So, the service is the API service. Build instantiates the API service. This is from the video, minute 12:46.
YouTube example for Google Drive API Service
I found something about Parent Folders in the documentation.
Google Drive API
The Google Drive API has a files:insert API. The files:insert API makes a request with various parameters. There is, what is called, the Request body which has it's own parameters. One of the parameters for the Request Body is parents[]. It is an optional parameter. For insert, if the parents[] parameter is blank, the file gets created in the users root directory. So, I guess if you want the file to be written to a particular folder, you need to give the parents[] parameter a name. I'm assuming that is what the parent_id arg in the insert_file function is for, but I'm not sure. I need to look at the actual function, but that's not given.
After doing searches on Parent ID it looks like that is the folder ID. When you go to your Google Drive, and click on a folder, the URL in the browsers address field changes. Just click on the folder and the URL will look something like this:
https://drive.google.com/?tab=wo&authuser=0#folders/0B52YKjuEE44yUVZfdDNzNnR3SFE
The parentID is the long part on the end after the forward slash.
I guess I need to look at the Google Quickstart files again.
There are at least three examples that I've found:
Quickstart example. Google Drive SDK
Dr Edit. Google Drive SDK examples
Another Quickstart example Google Drive API
The first one is the simpliest. Dr Edit has the most files maybe? The last one looks like its more current? I don't know. It's kind of confusing about which example to use. The Drive SDK and the Drive API examples only deal with authorization of an account for some outside app to access a users account.