我已经彻底阅读了这篇文章:https://developers.google.com/google-apps/documents-list/#using_google_apps_administrative_access_to_impersonate_other_domain_users 我已经用谷歌搜索了它。
到目前为止,我已经能够:
授权:
检索域中所有用户的文档订阅源(在#1中以任一方式授权)
我正在使用Feed中的“条目”导出/下载文档,并且对于未与admin共享的文档,我们始终禁止其他用户使用该条目。我正在使用的Feed查询如下:
https://docs.google.com/feeds/userid@mydomain.com/private/full/?v=3
(我曾尝试使用和不使用?v = 3)
我还尝试在uri上添加xoauth_requestor_id(我在帖子中也看到了xoauth_requestor),并将其作为客户端属性添加:client.xoauth_requestor_id = ...
代码片段:
客户端登录(使用管理员凭据):
client.http_client.debug = cfg.get('HTTPDEBUG')
client.ClientLogin( cfg.get('ADMINUSER'), cfg.get('ADMINPASS'), 'HOSTED' )
的OAuth:
client.http_client.debug = cfg.get('HTTPDEBUG')
client.SetOAuthInputParameters( gdata.auth.OAuthSignatureMethod.HMAC_SHA1, cfg.get('DOMAIN'), cfg.get('APPS.SECRET') )
oatip = gdata.auth.OAuthInputParams( gdata.auth.OAuthSignatureMethod.HMAC_SHA1, cfg.get('DOMAIN'), cfg.get('APPS.SECRET') )
oat = gdata.auth.OAuthToken( scopes = cfg.get('APPS.%s.SCOPES' % section), oauth_input_params = oatip )
oat.set_token_string( cfg.get('APPS.%s.TOKEN' % section) )
client.current_token = oat
检索到Feed后:
# pathname eg whatever.doc
client.Export(entry, pathname)
# have also tried
client.Export(entry, pathname, extra_params = { 'v': 3 } )
# and tried
client.Export(entry, pathname, extra_params = { 'v': 3, 'xoauth_requestor_id': 'admin@mydomain.com' } )
有关于我在这里缺少什么的任何建议或指示? 感谢
答案 0 :(得分:1)
你非常接近正确的实施。在上面的示例中,您有:
client.Export(entry, pathname, extra_params = { 'v': 3, 'xoauth_requestor_id': 'admin@mydomain.com' } )
xoauth_requestor_id必须设置为您模拟的用户。您还需要使用2-legged OAuth 1.0a,并在令牌或客户端中设置xoauth_requestor_id。
import gdata.docs.client
import gdata.gauth
import tempfile
# Replace with values from your Google Apps domain admin console
CONSUMER_KEY = ''
CONSUMER_SECRET = ''
# Set this to the user you're impersonating, NOT the admin user
username = 'userid@mydomain.com'
destination = tempfile.mkstemp()
token = gdata.gauth.TwoLeggedOAuthHmacToken(
consumer_key, consumer_secret, username)
# Setting xoauth_requestor_id in the DocsClient constructor is not required
# because we set it in the token above, but I'm showing it here in case your
# token is constructed via some other mechanism and you need another way to
# set xoauth_requestor_id.
client = gdata.docs.client.DocsClient(
auth_token=token, xoauth_requestor_id=username)
# Replace this with the resource your application needs
resource = client.GetAllResources()[0]
client.DownloadResource(resource, path)
print 'Downloaded %s to %s' % (resource.title.text, destination)
以下是TwoLeggedOAuthHmacToken类的源代码中的引用:
以下是源代码中提供xoauth_requestor_id构造函数参数的引用(按顺序读取):