[英]Authorizing a non admin user to run Admin SDK in Google Apps Script
我想允许我们域中的非管理员用户能够使用运行代码的 Google Sheet:
这需要管理员权限,因此以下代码不会在非管理员帐户中运行...如何授权非管理员用户运行管理员代码?
var RatatoskSheet = SpreadsheetApp.getActiveSpreadsheet();
// -- ADD USER TO GROUP -- Set trigger to onedit -- //
function addUsertoGroup(e) {
var sheet = e.source.getActiveSheet();
if (sheet.getName() === 'AddUser') { //Hinders edits on other sheets
var userData = SpreadsheetApp.getActive().getSheetByName('AddUser');
var userEmail = userData.getRange(2, 1).getValue(); //Gets data from AddUser.A2
var groupId = userData.getRange(2, 2).getValue(); //Gets data from cell B2
var newMember = {
email: userEmail,
role: "MEMBER"
};
AdminDirectory.Members.insert(newMember, groupId); // Adds new member to a Google group
var groupData = SpreadsheetApp.getActive().getSheetByName('GroupAddress');
var groupTwo = [userEmail, groupId]
groupData.appendRow(groupTwo); //Add member and group to GroupAddress
var header = ['UserEmail', 'GroupID'];
userData.clear(); //Reset AddUser (Delete all)
userData.appendRow(header).setFrozenRows(1);
}
}
// -- REMOVE USER FROM GROUP -- Set trigger of this function to onedit -- //
function deleteGroupMember(e) {
var sheet = e.source.getActiveSheet();
if (sheet.getName() === 'RemoveUser') { //Hinders edits on other sheets
var RemoveUserData = SpreadsheetApp.getActive().getSheetByName('RemoveUser');
var groupData = SpreadsheetApp.getActive().getSheetByName('GroupAddress');
var userEmail = RemoveUserData.getRange(2, 1).getValue(); //Gets data from RemoveUser.A2
var groupId = RemoveUserData.getRange(2, 2).getValue(); //Gets data from RemoveUser.B2
AdminDirectory.Members.remove(groupId, userEmail); //Removes member from a Google group
var removeDataValues = RemoveUserData.getDataRange().getValues();
var groupDataValues = groupData.getDataRange().getValues();
var resultArray = [];
for (var n in groupDataValues) { //
var keep = true
for (var p in removeDataValues) {
if (groupDataValues[n][0] == removeDataValues[p][0] && groupDataValues[n][1] == removeDataValues[p][1]) {
keep = false;
break;
}
}
if (keep) {
resultArray.push(groupDataValues[n])
};
}
var start = 2; //Starts from Row 2 //
var killTheRows = groupData.getLastRow() - start + 1; // // These lines deletes all rows in GroupAddress
groupData.deleteRows(start, killTheRows); //Delete all rows with values//
groupData.getRange(2, 1, resultArray.length, resultArray[0].length).setValues(resultArray); //Repopulate the rows in GroupAddress
var header = ['UserEmail', 'GroupID'];
RemoveUserData.clear();
RemoveUserData.appendRow(header).setFrozenRows(1);
}
}
// -- LISTS ALL GROUPS AND USERS WITHIN THEM -- Set this as a timed trigger to error correct once a day -- //
function listAllGroups() {
var grouprows = [];
var pageToken;
var page;
do {
page = AdminDirectory.Groups.list({
domain: 'THEDOMAIN',
maxResults: 200,
pageToken: pageToken
});
var groups = page.groups;
if (groups) {
for (var i = 0; i < groups.length; i++) {
var group = groups[i];
if (group.email.substring(0, 5) === "staff") {
grouprows.push(group.email);
}
}
}
pageToken = page.nextPageToken;
} while (pageToken);
var rows = [];
var pageToken, page2;
for (var j = 0; j < grouprows.length; j++) {
do {
page2 = AdminDirectory.Members.list(grouprows[j], {
domainName: 'YOURDOMAIN',
maxResults: 500,
pageToken: pageToken,
});
var members = page2.members;
if (members) {
for (var i = 0; i < members.length; i++) {
var member = members[i];
var row = [member.email, grouprows[j]];
rows.push(row);
}
}
pageToken = page2.nextPageToken;
} while (pageToken);
if (rows.length > 1) {
var groupData = RatatoskSheet.getSheetByName("GroupAddress");
var header = ['UserEmail', 'GroupID'];
groupData.clear();
groupData.appendRow(header).setFrozenRows(1);
groupData.getRange(2, 1, rows.length, header.length).setValues(rows);
}
}
groupData.deleteRow(2); //NB! Removes first group(all@yourdomain.com) Make this whole line a comment if unsure.
}
实现此目的的一种方法是创建服务帐户并使用域范围的授权委托。
之后,由于您想继续使用 Apps 脚本,您必须获取此服务帐户的访问令牌并使用UrlFetchApp
发出请求,因为在使用 Admin SDK Directory 高级服务发出请求时无法传递访问令牌。
因此,请求最终看起来类似于:
var options = {
method: "GET",
contentType: "application/json",
muteHttpExceptions: true,
};
var response = UrlFetchApp.fetch('https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/members', {
headers: {
Authorization: 'Bearer ' + token
}
});
但是,此方法可能取决于您为帐户设置的限制。
另一种选择是将您的脚本部署为 Web 应用程序
对于部署 Web 应用程序,脚本应包含doGet(e)
或doPost(e)
并返回 HTML 服务HtmlOutput
对象或内容服务TextOutput
对象。
执行此操作后,您应该使用以下设置部署 Web 应用程序:
执行为:我
谁有权访问:域内的任何人
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.