使用 Google Drive API 从其他所有者删除文件
问题描述
我正在尝试做一个小型应用程序,它可以读取与我组织的不同用户共享的文件夹,获取文件然后删除它们.
I'm trying to do a small application that reads a shared folder with different users of my organization, get the files and then delete them.
问题是我无法删除其他用户的文件,因为我只能删除我拥有的文件(收到 403 Insufficient permissions for this file)
The problem is that I can't delete the file of a different user, because I can only delete files of my ownership (receiving a 403 Insufficient permissions for this file)
我找到的另一个解决方案是更改文件的所有者,但我得到了同样的错误.
Another solution I found is change the owner of the file, but I get the same error.
我使用本机应用程序 oAuth 以及组织的 SuperAdmin 帐户和服务帐户对其进行测试,但它们都不起作用.
I test it with a Native Application oAuth with a SuperAdmin account of the organization and with a service account, and none of them works.
我的一段代码试图改变所有权:
A piece of my code trying to change the ownership:
new_permission = {
'value': "admin@organization.com",
'type': "user",
'role': "writer"
}
perm = drive_service.permissions().insert(fileId=idfield, body=new_permission).execute()
perm['role'] = 'owner'
drive_service.permissions().update(fileId=idfield, permissionId=perm['id'], transferOwnership=True, body=perm).execute()
我花了数小时搜索和尝试找到的不同解决方案,但没有一个有效(例如,文件所有权转移失败 - 即使作为超级管理员(Google Drive API,Java)).
I spend hours searching and trying different solutions I found, but no one works (for example, Transfer ownership of a file fails - even as Super Administrator (Google Drive API, Java)).
有人有什么想法吗?谢谢!
Somebody has some idea? Thanks!
解决方案
目前最好的解决方案包括两个步骤:
The best solution right now involves two steps:
- 作为管理员帐户,确定每个文件的当前所有者.
- 使用委托授权,模拟每个文件的所有者并将所有权转让给管理员帐户.
- As the admin account, determine the current owner for each file.
- Using delegated authorization, impersonate the owner of each file and transfer ownership to the admin account.
所有者的电子邮件地址需要使用委托授权,但在 API 返回的权限对象中并不总是可见.如果出现以下任一情况,电子邮件地址将可见:
The email address of the owner is required to use delegated authorization, but isn't always visible in the permissions objects returned by the API. The email address will be visible if either:
- 用户拥有 Google+ 帐户,其个人资料的联系信息"部分包含他们的主要电子邮件地址,并且电子邮件地址的可见性设置为包含管理员帐户的级别.
- 用户位于 Google Apps 域中,并且该域已在管理控制台中的Google Apps > 联系人 > 高级设置"下启用联系人共享.
相关文章