堆栈内存溢出
  简体   繁体   English

Google Apps Marketplace的权限问题

[英]Permission problems with Google Apps Marketplace

 原文  2015-09-02 07:49:15       python/ google-apps/ google-apps-marketplace

问题描述

We created an application for Google Apps Marketplace, and we want to add a new feature - get all the domain's user defined schemas. 我们为Google Apps Marketplace创建了一个应用程序,我们想添加一个新功能-获取域中所有用户定义的架构。 But I didn't find out how to grant our application permission to do it. 但是我没有找到如何授予我们的应用程序权限来执行此操作。 Do we have to get permission again from all our customers? 我们是否必须再次获得所有客户的许可? Or maybe create a new Google Apps Marketplace application and ask permission for it only from the customers who need it? 还是创建一个新的Google Apps Marketplace应用程序,并仅从需要它的客户那里获得许可? (not all our customers need this feature). (并非我们所有的客户都需要此功能)。

Here is my code, it fails in two ways: 这是我的代码,它以两种方式失败: 

class EmailSettingsClient:
    headers = None
    domain = None

    def __init__(self, admin_email):
        self.initCredentials(admin_email)
        logging.debug("headers={}".format(self.headers))

    def initCredentials(self, admin_email):
        http = httplib2.Http()
        credentials = SignedJwtAssertionCredentials(
            SERVICE_EMAIL, 
            PRIVATE_KEY, 
            scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.userschema.readonly',
            sub=str(admin_email) # it doesn't work with this line.
        )
        http = credentials.authorize(http)
        service = build(serviceName='admin', version='directory_v1', http=http)
        creds = credentials.to_json()
        access_token  = credentials.token_response['access_token']
        self.headers = {
            'Content-type': 'application/atom+xml',
            'Authorization': 'Bearer '+access_token
        }

    def get_all_domain_custom_schemas(self, feed_uri):
        customer_id = "..." # domain customerId
        logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
        request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
        reply = requests.get(request_url, headers=self.headers)
        # data = json.loads(reply.content)
        logging.info(reply.content)
        customer_id = "my_customer"
        logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
        request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
        reply = requests.get(request_url, headers=self.headers)
        # data = json.loads(reply.content)
        logging.info(reply.content)

class GetAllDomainCustomSchemasHandler(RequestHandler):
    def post(self):
        return self.get()

    def get(self):
        domain_str = self.request.get('domain')
        domain = Domain.get_by_key_name(domain_str)
        feed_uri = self.request.get('feed_uri', "")

        email_settings_client = EmailSettingsClient(domain.admin)
        email_settings_client.get_all_domain_custom_schemas(feed_uri)
        return

One , it throws an exception if we use the "sub" parameter from another user with the domain admin's email address. 一个 ,如果我们将另一个用户的“ sub”参数与域管理员的电子邮件地址一起使用,则会引发异常。 And Two , if I don't include the "sub" parameter and run the application from the domain admin's account, it returns an error message: When I tried with the domain customerId, I got this error message: 还有两个 ,如果我不包含“ sub”参数并从域管理员的帐户运行该应用程序,它将返回一条错误消息:当我尝试使用域customerId时,出现了以下错误消息: 

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "forbidden",
    "message": "Not Authorized to access this resource/api"
   }
  ],
  "code": 403,
  "message": "Not Authorized to access this resource/api"
 }
}

And when I tried with "my_customer", I got this error message: 当我尝试使用“ my_customer”时,收到以下错误消息: 

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "backendError",
    "message": "Service unavailable. Please try again"
   }
  ],
  "code": 503,
  "message": "Service unavailable. Please try again"
 }
}

I'm sure I missed something, but I didn't find out how to make it work. 我确定我错过了一些东西,但是我没有找到如何使它起作用的方法。 Any suggestions? 有什么建议么?

1 个解决方案

解决方案1
 1 已采纳  2015-09-02 08:30:13

Eventually I found out that we can add this permission in the Google Developers Console, under APIs / Google Apps Marketplace SDK / Configuration. 最终,我发现我们可以在Google Developers Console的APIs / Google Apps Marketplace SDK / Configuration下添加此权限。 I added https://www.googleapis.com/auth/admin.directory.userschema.readonly , and each domain admin has to approve the new permissions. 我添加了https://www.googleapis.com/auth/admin.directory.userschema.readonly ,每个域管理员都必须批准新权限。 If you have more information you can edit this answer or post a new answer. 如果您有更多信息,则可以编辑此答案或发布新答案。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google App Engine和Google Apps Marketplace - Google App Engine and the Google Apps Marketplace Google Apps Marketplace - 获取所有域用户 - Google Apps Marketplace - Getting all domain users 在Google Apps Marketplace中获取用户许可证-错误 - Getting user license in Google Apps Marketplace - Error 如何获取 Google Apps 市场通知 - How to get Google Apps marketplace notification 谷歌应用程序引擎上的psycopg2问题 - problems with psycopg2 on google apps engine 使用Python客户端验证GSuite Marketplace应用的GSuite(Google Apps)域的许可证 - Using Python client to verify license of GSuite (Google Apps) domain for a GSuite Marketplace App Google Apps Engine(GAE)拒绝urllib2.urlopen(url)权限 - urllib2.urlopen(url) permission denied on Google apps engine (GAE) Python权限问题Ubuntu - Python Permission Problems Ubuntu 是否有一个python openid应用程序发现库,以将appengine应用程序添加到应用程序市场 - Is there a python openid apps-discovery library to get appengine apps onto the apps marketplace 权限被拒绝或主机密钥问题 - Permission denied or Host key problems
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM