Transfer ownership of Google Drive documents

喜你入骨 提交于 2019-12-11 08:35:26

问题


We develop application in C# which need to transfer ownership of all Google Drive documents related to the curtain domain to a single certain user without permission of original owner. We are using trial version of Google Apps business account.

In principal, we need to do this: http://screencast.com/t/effVWLxL0Mr4 but in C# code.

Accourding to the documentation, it is implemented in OAuth2 as superadmin functionality. https://support.google.com/a/answer/1247799?hl=en (1). But document was deprecated and more over we did not find any API call to do that.

Using account of project creator, it is appeared, that he can not access to all files and can not see files is not shared with him.

In Google Admin Console in manage API client access we added access rights to him to access files without permission to files without permission. Link: screencast.com/t/zU9cc6Psyb. We added routes access routes there according to that document link: trovepromo-tf.trove-stg.com/0m1-sds/support.google.com/a/answer/162106?hl=en and tried again. It did not work out...

Also, We found out that we need to use service account to have access to all data of all users of the domain, therefore we generated API keys for service account link: screencast.com/t/rNKuz6zchwV in the created project and got authenticated in the application using the following code:

var certificate = new X509Certificate2(@"C:\Temp\key.p12", "notasecret", X509KeyStorageFlags.Exportable);

        ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer("Service account email")
           {
               User= "admin@domain.com",
               Scopes = new[] { DriveService.Scope.Drive }
           }.FromCertificate(certificate));

but when we try to get list of folders, we get error :"access_denied", Description:"Requested client not authorized.", Uri:""

Please help us to transfer ownership of one user to another by service account!

Update from 13-08-2014:

Dear, It seems I have problem with user impersonalization.
1) When I use api to connect on behalf of user. During the authentication it redirects to browser and ask permisstion. After that all is completely fine, I can manimulate with folders except one one thing: I can not transfer ownership to him 2) When I use service account without impersonalization, authentication looks like the following:

ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(ServiceAccountId)
           {

               Scopes = new[] { DriveService.Scope.Drive, 
                                          DriveService.Scope.DriveAppdata,
                                          DriveService.Scope.DriveFile, 
                                          DriveService.Scope.DriveScripts,
                                          DirectoryService.Scope.AdminDirectoryUser,
                                          DirectoryService.Scope.AdminDirectoryGroup,
                                          DirectoryService.Scope.AdminDirectoryOrgunit,
                                          DirectoryService.Scope.AdminDirectoryUserReadonly 
                },


           }.FromCertificate(certificate));

Then I can access to all files shared to service account but (again) I can not transfer the rights.

3) Then I try impersonalize Service account by adding sypeadministrator email account to the user User = myaddress@mydomain.com

ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(ServiceAccountId)
           {

               Scopes = new[] { DriveService.Scope.Drive, 
                                          DriveService.Scope.DriveAppdata,
                                          DriveService.Scope.DriveFile, 
                                          DriveService.Scope.DriveScripts,
                                          DirectoryService.Scope.AdminDirectoryUser,
                                          DirectoryService.Scope.AdminDirectoryGroup,
                                          DirectoryService.Scope.AdminDirectoryOrgunit,
                                          DirectoryService.Scope.AdminDirectoryUserReadonly 
                },
             User = AdminEmail,

           }.FromCertificate(certificate));

Then I have Error:"access_denied", Description:"Requested client not authorized.", Uri:""

How can I impersonalize service account correctly?

Updated 13-08-2014

We found out that basic api for authentication is here: https://developers.google.com/accounts/docs/OAuth2ServiceAccount#creatingjwt

Normally, all what I showed before is an .net implementation of the protocol.

How can we please do impersonalization of of user in .net code. We did not find any working .net implementation of it.


回答1:


I finally found an answer.

I could impersonalize an account by using the following construction:

Thanks to all, who tried to help me!

        var initializer = new ServiceAccountCredential.Initializer(ServiceAccountId)
        {
            Scopes = scope,
            User = AdminEmail1
        };

        var credential = new ServiceAccountCredential(initializer.FromCertificate(certificate));

        var driveService = new DriveService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = ApplicationName
        });


来源:https://stackoverflow.com/questions/25218753/transfer-ownership-of-google-drive-documents

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!