我有一个项目,其中列出了用户(不是团队驱动器)在GSuite域驱动器中与组织外部用户外部共享的所有文件的权限-我使用带有访问令牌的Drive API v3来执行此操作特定用户。然后,域管理员会进入并运行脚本以删除外部用户的权限-这是通过具有域管理员权限的高级驱动器服务完成的。我在删除外部用户和文件的某些组合对这些文件的访问权时遇到问题,但实际上找不到与共享驱动器相关的错误,而我试图删除不在共享文件中的文件的权限驱动器,但位于用户的驱动器中。它在99.8%的情况下都有效,但在剩余的0.2%的情况下失败了,这很奇怪。据我所知,文件/权限并没有什么特别的地方。
我尝试使用带有端点的Drive API v2和v3删除权限无效:
https://www.googleapis.com/drive/[v2|v3]/files/[fileId]/permissions/[permissionId]
我当前用于删除特定文件和用户权限的代码是:
Drive.Permissions.remove(fileId, permissionId,{useDomainAdminAccess: true});
预期结果:权限已成功删除。
实际结果([fileId]是实际的文件ID,出于隐私目的未显示):
GoogleJsonResponseException: API call to drive.permissions.delete failed with error: Shared drive not found: [fileId]
更新
当然,很高兴添加更多详细信息:
//CODE THAT GETS THE LIST OF PERMISSIONS FROM GOOGLE DRIVE FOR USERS EXTERNAL FROM THE ORGANIZATION THAT HAVE ACCESS TO FILES FROM USERS IN THE ORGANIZATION
function processDriveFilesForUser(userEmail, oldPageToken, readFiles, accessToken, userDomain) {
if (!accessToken) {
return null;
}
var params = {
pageSize: 1000,
spaces: 'drive',
q: '"me" in owners and trashed = false'.replace('me', userEmail),
fields: 'files(id, name, permissions(id,emailAddress)),nextPageToken',
orderBy: 'modifiedTime desc'
};
var data = [];
var pageToken = oldPageToken;
do {
if (pageToken) {
params.pageToken = pageToken;
}
var response = makeHttpGetRequest"('https://www.googleapis.com/drive/v3/files', params, accessToken);
if (response && response.error) {
return '';
}
var files = response && response.files ? response.files : [];
for (var f = 0; f < files.length; f += 1) {
try {
var permissions = files[f].permissions || [];
for (var p = 0; p < permissions.length; p += 1) {
var permission = permissions[p];
if (permission.emailAddress && permission.emailAddress !== userEmail && permission.emailAddress.indexOf(userDomain) === -1) {
data.push([userEmail, files[f].id, files[f].name, permission.emailAddress.toLowerCase(), "x".concat(permission.id)]);
}
}
} catch (err) {// do nothing
}
}
pageToken = response && response.nextPageToken ? response.nextPageToken : '';
} while (pageToken )());
return pageToken;
}
function makeHttpGetRequest(apiUrl, params, accessToken, isAdmin) {
var url = makeQueryString(apiUrl, params);
var response = UrlFetchApp.fetch(url, {
headers: {
Authorization: "Bearer ".concat(accessToken)
},
muteHttpExceptions: true
});
if(response.getResponseCode() != 200){
console.log("Response code: " + response.getResponseCode() + ", response: " + response.getContentText() + ", url: " + apiUrl + " params " + JSON.stringify(params) + " is admin? " + isAdmin);
}
return JSON.parse(response);
};
//CODE THATE REMOVES PERMISSIONS FOR USERS IN THE BLOCK LIST (AMONG EXTERNAL USERS)
function blockUsersInGoogleDrive(ss,sheetName){
var sheet = ss.getSheetByName(sheetName);
var data = sheet.getDataRange().getValues();
var count = data.length;
var row = 0;
var hasErrors = false;
var blocks = getBlockList();
console.log("block list " + JSON.stringify(blocks));
for (row = 0; row < count ; row += 1) {
var _data$row = _slicedToArray(data[row], 5),
userEmail = _data$row[0],
fileId = _data$row[1],
fileName = _data$row[2],
sharedEmail = _data$row[3],
_data$row$ = _data$row[4],
permissionId = _data$row$ === void 0 ? '' : _data$row$;
if (userEmail && sharedEmail && fileId && permissionId) {
if (blocks.indexOf(sharedEmail) !== -1 || blocks.indexOf(getDomainFromEmail(sharedEmail)) !== -1) {
Utilities.sleep(200);
var pid = permissionId.replace("x","");
Drive.Permissions.remove(fileId, pid,{useDomainAdminAccess: true});
}
}
}
}
再次感谢!