问题
Tl;Dr My partner and I published a Google Sheets add-on that is "randomonly" throwing "You do not have access to perform that action" when opening a spreadsheet. The onOpen function doesn't require authorization to be executed.
Is there a way to reproduce/debug this error?
The following is "minimal complete and verifiable example" except that so far I was not able to reproduce the error. It is a simple onOpen function that the only thing that it does is to create a menu with two options.
file Addon.gs
function onOpen(e) {
SpreadsheetApp.getUi().createAddonMenu()
.addItem('Menu item 1', 'doSomething1')
.addItem('Menu item 2', 'doSomething2')
.addToUi()
}
function doSomething1(){
SpreadsheetApp.getUi().alert('Something 1');
}
function doSomething2(){
SpreadsheetApp.getUi().alert('Something 2');
}
Yesterday the Stackdriver logs shows the following error
You do not have access to perform that action. Please ask the owner of this item to grant access to you. at onOpen(Addon:109)
where line 109 is .addToUi().
The same error occurred on previous versions of our add-on too
The onOpen function were not suffered any change on these versions (14, 18, 20).
I created a spreadsheet, shared it with other accounts that haven't installed the add-on with editor access and viewer access but the error didn't happens.
Additional details about the add-on that I think that I didn't included in the "mcve"
The add-on has
- several files, both
.gsand.html - use one well known library (cUseful from Bruce McPherson)
- use advanced services (Admin Directory and Google Classroom)
- appsscript.json file is customized, the required oAuth scopes matching the scopes set on the OAuth consent page and the G Suite Marketplace Settings page.
- has
varstatements on the Global Scope to assign literals (most of them assign the name of sheets to and numbers to variables) and namespaces to be called later from client side code from a sidebar.
I found that Stack Overflow has several questions about the "You do not have access to perform that action" error message but none of them is about an onOpen function without statements that require authorization to be executed.
I don't think this question is related to the multiple account logged in error because it occurs when a function that requires authorization is called from client-side code by using google.script.run but in this case the error occurs when the spreadsheet add on adds the addToUi() method which doesn't require authorization to be executed.
I made a small variant of the previous code to log the open event object.
function onOpen(e) {
console.info(e);
SpreadsheetApp.getUi().createAddonMenu()
.addItem('Menu item 1', 'doSomething1')
.addItem('Menu item 2', 'doSomething2')
.addToUi()
}
function doSomething1(){
SpreadsheetApp.getUi().alert('Something 1');
}
function doSomething2(){
SpreadsheetApp.getUi().alert('Something 2');
}
Then I created a new spreadsheet, used it to make a test as add-on set to enabled (AuthMode = LIMITED), then I shared the spreadsheet with anyone with the link can edit, and opened the spreadsheet using Chrome in incognito but the menu was not shown and there isn't a log entry in script executions page
I replaced the default project for an Google Cloud Standard project in order to be able to use Stackdriver logging. This is what is being logged while an anonymous user access the spreadsheet
We're sorry, a server error occurred while reading from storage. Error code PERMISSION_DENIED.
Due to the above error, I created a bounded script which show some "undefined" messages. Each of this messages corresponds to an item on the Executions page of the script with Type = Editor. The curious thing I that I didn't ran the script from the editor.
If you would like to help by automatically logging an opening event open
use this link to the run as add-on on enabled mode
use this other link to run as a bounded script (different script project, same Google Cloud project)
Regarding the onOpen trigger not being opened by anonymous users there is question and a related issue marked as fixed but apparently the problem appeared again.
Related question: Google apps javascript doesn't run for anonymous users?
Related issue onOpen event not firing for anonymous users in New Sheets
I did another try,
- I changed a bit the code, by including that read the locale on open and use this value to for a dynamic menu
function onOpen(e) {
var locale = SpreadsheetApp.getActiveSpreadsheet().getSpreadsheetLocale();
var menu = SpreadsheetApp.getUi().createAddonMenu();
if( locale !== 'en_US' ){
menu.addItem( 'Change to en_US', 'changeToUS' )
} else {
menu.addItem( 'Change to es_ES', 'changeToES' )
}
menu.addToUi();
}
function changeToUS(){
console.info( 'Changing to en_US' );
SpreadsheetApp.getActiveSpreadsheet().setSpreadsheetLocale( 'en_US' );
console.info( 'Changed to en_US' );
}
function changeToES(){
console.info( 'Changing to es_ES' );
SpreadsheetApp.getActiveSpreadsheet().setSpreadsheetLocale( 'es_ES' );
console.info( 'Changed to es_ES' );
}
- Disable new Apps Script runtime powered by Chrome V8
- Share the spreadsheet with anyone with the link
Open the spreadsheet with another account with multiple accounts signed in. This account is the default account.
The following screen shows that there is an anonymous user viewing the spreadsheet
- Using the other account, click Addons > Script project name > Change to en_US. This showed the elusive error message on the user screen
- But the error was not shown in the script executions page
So I added a Google Cloud Standard project, refreshed the spreadsheet used the other account but now instead of showing the error, the warning telling that the code was insecure was shown, I continue to authorize the script. Then I click again on the menu and this time the script was executed.
Then I removed the script authorization, open the spreasheet with the second account, no error, but after the tab refresh due to the location change the spreadsheet was opened with the default account instead of the account used to click the menu.
So far it looks that I should do the "whole enchilada" (publish as add-on) to be able to reproduce the error.
回答1:
I've read the conversation and investigated a bit, and I think you should contact G Suite Support regarding the Add-on authorization issue. However, the Anonymous users are not able the run triggers issue is an intended behavior. There is a more recent Feature Request asking for this to be implemented.
来源:https://stackoverflow.com/questions/61962935/how-to-reproduce-you-do-not-have-access-to-perform-that-action-on-onopen-that