Google文档:无法在python中使用管理访问/模拟(禁止403)导出/下载用户文档

时间:2012-04-12 13:25:01

标签: google-docs-api

我已经彻底阅读了这篇文章:https://developers.google.com/google-apps/documents-list/#using_google_apps_administrative_access_to_impersonate_other_domain_users 我已经用谷歌搜索了它。

到目前为止,我已经能够:

  1. 授权:

    • 的ClientLogin
    • OAuth令牌(使用我的域密钥)
  2. 检索域中所有用户的文档订阅源(在#1中以任一方式授权)
    我正在使用Feed中的“条目”导出/下载文档,并且对于未与admin共享的文档,我们始终禁止其他用户使用该条目。我正在使用的Feed查询如下: https://docs.google.com/feeds/userid@mydomain.com/private/full/?v=3 (我曾尝试使用和不使用?v = 3)

  3. 我还尝试在uri上添加xoauth_requestor_id(我在帖子中也看到了xoauth_requestor),并将其作为客户端属性添加:client.xoauth_requestor_id = ...

    代码片段:

    客户端登录(使用管理员凭据):

    client.http_client.debug = cfg.get('HTTPDEBUG')
    client.ClientLogin( cfg.get('ADMINUSER'), cfg.get('ADMINPASS'), 'HOSTED' )
    

    的OAuth:

    client.http_client.debug = cfg.get('HTTPDEBUG')
    client.SetOAuthInputParameters( gdata.auth.OAuthSignatureMethod.HMAC_SHA1, cfg.get('DOMAIN'), cfg.get('APPS.SECRET') )
    oatip = gdata.auth.OAuthInputParams( gdata.auth.OAuthSignatureMethod.HMAC_SHA1, cfg.get('DOMAIN'), cfg.get('APPS.SECRET') )
    oat = gdata.auth.OAuthToken( scopes = cfg.get('APPS.%s.SCOPES' % section), oauth_input_params = oatip )
    oat.set_token_string( cfg.get('APPS.%s.TOKEN' % section) )
    client.current_token = oat
    

    检索到Feed后:

    # pathname eg whatever.doc
    client.Export(entry, pathname)
    # have also tried
    client.Export(entry, pathname, extra_params = { 'v': 3 } )
    # and tried
    client.Export(entry, pathname, extra_params = { 'v': 3, 'xoauth_requestor_id': 'admin@mydomain.com' } )
    

    有关于我在这里缺少什么的任何建议或指示? 感谢

1 个答案:

答案 0 :(得分:1)

你非常接近正确的实施。在上面的示例中,您有:

client.Export(entry, pathname, extra_params = { 'v': 3, 'xoauth_requestor_id': 'admin@mydomain.com' } )

xoauth_requestor_id必须设置为您模拟的用户。您还需要使用2-legged OAuth 1.0a,并在令牌或客户端中设置xoauth_requestor_id。

import gdata.docs.client
import gdata.gauth

import tempfile


# Replace with values from your Google Apps domain admin console
CONSUMER_KEY = ''
CONSUMER_SECRET = ''

# Set this to the user you're impersonating, NOT the admin user
username = 'userid@mydomain.com'
destination = tempfile.mkstemp()

token = gdata.gauth.TwoLeggedOAuthHmacToken(
    consumer_key, consumer_secret, username)
# Setting xoauth_requestor_id in the DocsClient constructor is not required
# because we set it in the token above, but I'm showing it here in case your
# token is constructed via some other mechanism and you need another way to
# set xoauth_requestor_id.
client = gdata.docs.client.DocsClient(
    auth_token=token, xoauth_requestor_id=username)
# Replace this with the resource your application needs
resource = client.GetAllResources()[0]
client.DownloadResource(resource, path)
print 'Downloaded %s to %s' % (resource.title.text, destination)

以下是TwoLeggedOAuthHmacToken类的源代码中的引用:

  1. http://code.google.com/p/gdata-python-client/source/browse/src/gdata/gauth.py#1062
  2. 以下是源代码中提供xoauth_requestor_id构造函数参数的引用(按顺序读取):

    1. http://code.google.com/p/gdata-python-client/source/browse/src/atom/client.py#42
    2. http://code.google.com/p/gdata-python-client/source/browse/src/atom/client.py#179
    3. http://code.google.com/p/gdata-python-client/source/browse/src/gdata/client.py#136