Google Apps Marketplace 的权限问题
Permission problems with Google Apps Marketplace
我们为 Google Apps Marketplace 创建了一个应用程序,我们想添加一个新功能 - 获取域的所有用户定义架构。但是我没有找到如何授予我们的应用程序权限。我们是否必须再次获得所有客户的许可?或者创建一个新的 Google Apps Marketplace 应用程序并仅向需要它的客户征求许可? (并非我们所有的客户都需要此功能)。
这是我的代码,它在两个方面失败了:
class EmailSettingsClient:
headers = None
domain = None
def __init__(self, admin_email):
self.initCredentials(admin_email)
logging.debug("headers={}".format(self.headers))
def initCredentials(self, admin_email):
http = httplib2.Http()
credentials = SignedJwtAssertionCredentials(
SERVICE_EMAIL,
PRIVATE_KEY,
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.userschema.readonly',
sub=str(admin_email) # it doesn't work with this line.
)
http = credentials.authorize(http)
service = build(serviceName='admin', version='directory_v1', http=http)
creds = credentials.to_json()
access_token = credentials.token_response['access_token']
self.headers = {
'Content-type': 'application/atom+xml',
'Authorization': 'Bearer '+access_token
}
def get_all_domain_custom_schemas(self, feed_uri):
customer_id = "..." # domain customerId
logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
reply = requests.get(request_url, headers=self.headers)
# data = json.loads(reply.content)
logging.info(reply.content)
customer_id = "my_customer"
logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
reply = requests.get(request_url, headers=self.headers)
# data = json.loads(reply.content)
logging.info(reply.content)
class GetAllDomainCustomSchemasHandler(RequestHandler):
def post(self):
return self.get()
def get(self):
domain_str = self.request.get('domain')
domain = Domain.get_by_key_name(domain_str)
feed_uri = self.request.get('feed_uri', "")
email_settings_client = EmailSettingsClient(domain.admin)
email_settings_client.get_all_domain_custom_schemas(feed_uri)
return
One,如果我们使用域管理员电子邮件地址的另一个用户的 "sub" 参数,它会抛出异常。 Two,如果我不包含 "sub" 参数和 运行 来自域管理员帐户的应用程序,它会 returns 一条错误消息:当我尝试使用域 customerId 时,收到此错误消息:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
当我尝试使用 "my_customer" 时,我收到了这条错误消息:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Service unavailable. Please try again"
}
],
"code": 503,
"message": "Service unavailable. Please try again"
}
}
我确定我错过了什么,但我不知道如何让它发挥作用。有什么建议吗?
最终我发现我们可以在 Google 开发人员控制台的 APIs / Google Apps Marketplace SDK / 配置下添加此权限。我添加了 https://www.googleapis.com/auth/admin.directory.userschema.readonly,每个域管理员都必须批准新权限。如果您有更多信息,可以编辑此答案或 post 新答案。
我们为 Google Apps Marketplace 创建了一个应用程序,我们想添加一个新功能 - 获取域的所有用户定义架构。但是我没有找到如何授予我们的应用程序权限。我们是否必须再次获得所有客户的许可?或者创建一个新的 Google Apps Marketplace 应用程序并仅向需要它的客户征求许可? (并非我们所有的客户都需要此功能)。
这是我的代码,它在两个方面失败了:
class EmailSettingsClient:
headers = None
domain = None
def __init__(self, admin_email):
self.initCredentials(admin_email)
logging.debug("headers={}".format(self.headers))
def initCredentials(self, admin_email):
http = httplib2.Http()
credentials = SignedJwtAssertionCredentials(
SERVICE_EMAIL,
PRIVATE_KEY,
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.userschema.readonly',
sub=str(admin_email) # it doesn't work with this line.
)
http = credentials.authorize(http)
service = build(serviceName='admin', version='directory_v1', http=http)
creds = credentials.to_json()
access_token = credentials.token_response['access_token']
self.headers = {
'Content-type': 'application/atom+xml',
'Authorization': 'Bearer '+access_token
}
def get_all_domain_custom_schemas(self, feed_uri):
customer_id = "..." # domain customerId
logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
reply = requests.get(request_url, headers=self.headers)
# data = json.loads(reply.content)
logging.info(reply.content)
customer_id = "my_customer"
logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
reply = requests.get(request_url, headers=self.headers)
# data = json.loads(reply.content)
logging.info(reply.content)
class GetAllDomainCustomSchemasHandler(RequestHandler):
def post(self):
return self.get()
def get(self):
domain_str = self.request.get('domain')
domain = Domain.get_by_key_name(domain_str)
feed_uri = self.request.get('feed_uri', "")
email_settings_client = EmailSettingsClient(domain.admin)
email_settings_client.get_all_domain_custom_schemas(feed_uri)
return
One,如果我们使用域管理员电子邮件地址的另一个用户的 "sub" 参数,它会抛出异常。 Two,如果我不包含 "sub" 参数和 运行 来自域管理员帐户的应用程序,它会 returns 一条错误消息:当我尝试使用域 customerId 时,收到此错误消息:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
当我尝试使用 "my_customer" 时,我收到了这条错误消息:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Service unavailable. Please try again"
}
],
"code": 503,
"message": "Service unavailable. Please try again"
}
}
我确定我错过了什么,但我不知道如何让它发挥作用。有什么建议吗?
最终我发现我们可以在 Google 开发人员控制台的 APIs / Google Apps Marketplace SDK / 配置下添加此权限。我添加了 https://www.googleapis.com/auth/admin.directory.userschema.readonly,每个域管理员都必须批准新权限。如果您有更多信息,可以编辑此答案或 post 新答案。