授权非管理员用户使用 Google Apps 脚本中的 运行 Admin SDK
Authorizing a non admin user to run Admin SDK in Google Apps Script
我想允许我们域中的非管理员用户能够使用 Google Sheet,这是 运行ning 代码:
- 列出我们组织中的一些团体
- Delete/Add 用户
这需要管理员权限,因此以下代码不会 运行 在非管理员帐户中...如何授权非管理员用户使用 运行 管理员代码?
var RatatoskSheet = SpreadsheetApp.getActiveSpreadsheet();
// -- ADD USER TO GROUP -- Set trigger to onedit -- //
function addUsertoGroup(e) {
var sheet = e.source.getActiveSheet();
if (sheet.getName() === 'AddUser') { //Hinders edits on other sheets
var userData = SpreadsheetApp.getActive().getSheetByName('AddUser');
var userEmail = userData.getRange(2, 1).getValue(); //Gets data from AddUser.A2
var groupId = userData.getRange(2, 2).getValue(); //Gets data from cell B2
var newMember = {
email: userEmail,
role: "MEMBER"
};
AdminDirectory.Members.insert(newMember, groupId); // Adds new member to a Google group
var groupData = SpreadsheetApp.getActive().getSheetByName('GroupAddress');
var groupTwo = [userEmail, groupId]
groupData.appendRow(groupTwo); //Add member and group to GroupAddress
var header = ['UserEmail', 'GroupID'];
userData.clear(); //Reset AddUser (Delete all)
userData.appendRow(header).setFrozenRows(1);
}
}
// -- REMOVE USER FROM GROUP -- Set trigger of this function to onedit -- //
function deleteGroupMember(e) {
var sheet = e.source.getActiveSheet();
if (sheet.getName() === 'RemoveUser') { //Hinders edits on other sheets
var RemoveUserData = SpreadsheetApp.getActive().getSheetByName('RemoveUser');
var groupData = SpreadsheetApp.getActive().getSheetByName('GroupAddress');
var userEmail = RemoveUserData.getRange(2, 1).getValue(); //Gets data from RemoveUser.A2
var groupId = RemoveUserData.getRange(2, 2).getValue(); //Gets data from RemoveUser.B2
AdminDirectory.Members.remove(groupId, userEmail); //Removes member from a Google group
var removeDataValues = RemoveUserData.getDataRange().getValues();
var groupDataValues = groupData.getDataRange().getValues();
var resultArray = [];
for (var n in groupDataValues) { //
var keep = true
for (var p in removeDataValues) {
if (groupDataValues[n][0] == removeDataValues[p][0] && groupDataValues[n][1] == removeDataValues[p][1]) {
keep = false;
break;
}
}
if (keep) {
resultArray.push(groupDataValues[n])
};
}
var start = 2; //Starts from Row 2 //
var killTheRows = groupData.getLastRow() - start + 1; // // These lines deletes all rows in GroupAddress
groupData.deleteRows(start, killTheRows); //Delete all rows with values//
groupData.getRange(2, 1, resultArray.length, resultArray[0].length).setValues(resultArray); //Repopulate the rows in GroupAddress
var header = ['UserEmail', 'GroupID'];
RemoveUserData.clear();
RemoveUserData.appendRow(header).setFrozenRows(1);
}
}
// -- LISTS ALL GROUPS AND USERS WITHIN THEM -- Set this as a timed trigger to error correct once a day -- //
function listAllGroups() {
var grouprows = [];
var pageToken;
var page;
do {
page = AdminDirectory.Groups.list({
domain: 'THEDOMAIN',
maxResults: 200,
pageToken: pageToken
});
var groups = page.groups;
if (groups) {
for (var i = 0; i < groups.length; i++) {
var group = groups[i];
if (group.email.substring(0, 5) === "staff") {
grouprows.push(group.email);
}
}
}
pageToken = page.nextPageToken;
} while (pageToken);
var rows = [];
var pageToken, page2;
for (var j = 0; j < grouprows.length; j++) {
do {
page2 = AdminDirectory.Members.list(grouprows[j], {
domainName: 'YOURDOMAIN',
maxResults: 500,
pageToken: pageToken,
});
var members = page2.members;
if (members) {
for (var i = 0; i < members.length; i++) {
var member = members[i];
var row = [member.email, grouprows[j]];
rows.push(row);
}
}
pageToken = page2.nextPageToken;
} while (pageToken);
if (rows.length > 1) {
var groupData = RatatoskSheet.getSheetByName("GroupAddress");
var header = ['UserEmail', 'GroupID'];
groupData.clear();
groupData.appendRow(header).setFrozenRows(1);
groupData.getRange(2, 1, rows.length, header.length).setValues(rows);
}
}
groupData.deleteRow(2); //NB! Removes first group(all@yourdomain.com) Make this whole line a comment if unsure.
}
实现此目的的一种方法是创建服务帐户并使用全域授权。
之后,由于您希望继续使用 Apps 脚本,因此您必须获取此服务帐户的访问令牌并使用 UrlFetchApp 发出请求,因为您无法在创建请求时传递访问令牌使用 Admin SDK Directory 高级服务请求。
因此,请求最终看起来类似于:
var options = {
method: "GET",
contentType: "application/json",
muteHttpExceptions: true,
};
var response = UrlFetchApp.fetch('https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/members', {
headers: {
Authorization: 'Bearer ' + token
}
});
但是,此方法可能取决于您为帐户设置的限制。
另一种选择是将脚本部署为 Web 应用程序
为了部署 Web 应用程序,脚本应包含 doGet(e) 或 doPost(e) 和 return HTML 服务 HtmlOutput 对象或内容服务 TextOutput 对象。
执行此操作后,您应该使用以下设置部署网络应用程序:
执行为:我
谁有访问权限:域中的任何人
参考
我想允许我们域中的非管理员用户能够使用 Google Sheet,这是 运行ning 代码:
- 列出我们组织中的一些团体
- Delete/Add 用户
这需要管理员权限,因此以下代码不会 运行 在非管理员帐户中...如何授权非管理员用户使用 运行 管理员代码?
var RatatoskSheet = SpreadsheetApp.getActiveSpreadsheet();
// -- ADD USER TO GROUP -- Set trigger to onedit -- //
function addUsertoGroup(e) {
var sheet = e.source.getActiveSheet();
if (sheet.getName() === 'AddUser') { //Hinders edits on other sheets
var userData = SpreadsheetApp.getActive().getSheetByName('AddUser');
var userEmail = userData.getRange(2, 1).getValue(); //Gets data from AddUser.A2
var groupId = userData.getRange(2, 2).getValue(); //Gets data from cell B2
var newMember = {
email: userEmail,
role: "MEMBER"
};
AdminDirectory.Members.insert(newMember, groupId); // Adds new member to a Google group
var groupData = SpreadsheetApp.getActive().getSheetByName('GroupAddress');
var groupTwo = [userEmail, groupId]
groupData.appendRow(groupTwo); //Add member and group to GroupAddress
var header = ['UserEmail', 'GroupID'];
userData.clear(); //Reset AddUser (Delete all)
userData.appendRow(header).setFrozenRows(1);
}
}
// -- REMOVE USER FROM GROUP -- Set trigger of this function to onedit -- //
function deleteGroupMember(e) {
var sheet = e.source.getActiveSheet();
if (sheet.getName() === 'RemoveUser') { //Hinders edits on other sheets
var RemoveUserData = SpreadsheetApp.getActive().getSheetByName('RemoveUser');
var groupData = SpreadsheetApp.getActive().getSheetByName('GroupAddress');
var userEmail = RemoveUserData.getRange(2, 1).getValue(); //Gets data from RemoveUser.A2
var groupId = RemoveUserData.getRange(2, 2).getValue(); //Gets data from RemoveUser.B2
AdminDirectory.Members.remove(groupId, userEmail); //Removes member from a Google group
var removeDataValues = RemoveUserData.getDataRange().getValues();
var groupDataValues = groupData.getDataRange().getValues();
var resultArray = [];
for (var n in groupDataValues) { //
var keep = true
for (var p in removeDataValues) {
if (groupDataValues[n][0] == removeDataValues[p][0] && groupDataValues[n][1] == removeDataValues[p][1]) {
keep = false;
break;
}
}
if (keep) {
resultArray.push(groupDataValues[n])
};
}
var start = 2; //Starts from Row 2 //
var killTheRows = groupData.getLastRow() - start + 1; // // These lines deletes all rows in GroupAddress
groupData.deleteRows(start, killTheRows); //Delete all rows with values//
groupData.getRange(2, 1, resultArray.length, resultArray[0].length).setValues(resultArray); //Repopulate the rows in GroupAddress
var header = ['UserEmail', 'GroupID'];
RemoveUserData.clear();
RemoveUserData.appendRow(header).setFrozenRows(1);
}
}
// -- LISTS ALL GROUPS AND USERS WITHIN THEM -- Set this as a timed trigger to error correct once a day -- //
function listAllGroups() {
var grouprows = [];
var pageToken;
var page;
do {
page = AdminDirectory.Groups.list({
domain: 'THEDOMAIN',
maxResults: 200,
pageToken: pageToken
});
var groups = page.groups;
if (groups) {
for (var i = 0; i < groups.length; i++) {
var group = groups[i];
if (group.email.substring(0, 5) === "staff") {
grouprows.push(group.email);
}
}
}
pageToken = page.nextPageToken;
} while (pageToken);
var rows = [];
var pageToken, page2;
for (var j = 0; j < grouprows.length; j++) {
do {
page2 = AdminDirectory.Members.list(grouprows[j], {
domainName: 'YOURDOMAIN',
maxResults: 500,
pageToken: pageToken,
});
var members = page2.members;
if (members) {
for (var i = 0; i < members.length; i++) {
var member = members[i];
var row = [member.email, grouprows[j]];
rows.push(row);
}
}
pageToken = page2.nextPageToken;
} while (pageToken);
if (rows.length > 1) {
var groupData = RatatoskSheet.getSheetByName("GroupAddress");
var header = ['UserEmail', 'GroupID'];
groupData.clear();
groupData.appendRow(header).setFrozenRows(1);
groupData.getRange(2, 1, rows.length, header.length).setValues(rows);
}
}
groupData.deleteRow(2); //NB! Removes first group(all@yourdomain.com) Make this whole line a comment if unsure.
}
实现此目的的一种方法是创建服务帐户并使用全域授权。
之后,由于您希望继续使用 Apps 脚本,因此您必须获取此服务帐户的访问令牌并使用 UrlFetchApp 发出请求,因为您无法在创建请求时传递访问令牌使用 Admin SDK Directory 高级服务请求。
因此,请求最终看起来类似于:
var options = {
method: "GET",
contentType: "application/json",
muteHttpExceptions: true,
};
var response = UrlFetchApp.fetch('https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/members', {
headers: {
Authorization: 'Bearer ' + token
}
});
但是,此方法可能取决于您为帐户设置的限制。
另一种选择是将脚本部署为 Web 应用程序
为了部署 Web 应用程序,脚本应包含 doGet(e) 或 doPost(e) 和 return HTML 服务 HtmlOutput 对象或内容服务 TextOutput 对象。
执行此操作后,您应该使用以下设置部署网络应用程序:
执行为:我
谁有访问权限:域中的任何人