I am developing an add-on for Google Docs. The add-on is being constantly updated and therefore I have created an auto-update mechanism which works by saving the last script version used to a Document Property for each document, and then I check if there is a new version available by listing all script versions with the Apps Script API, like so:
var oauthtoken = ScriptApp.getOAuthToken();
var resp = UrlFetchApp.fetch(`https://script.googleapis.com/v1/projects/${ScriptApp.getScriptId()}/versions`, {
headers: {
'Authorization': 'Bearer ' oauthtoken,
'method': 'GET',
'muteHttpExceptions': true,
}
});
resp = JSON.parse(res.getContentText());
var last_version = resp.versions[0].versionNumber;
var current_version = PropertiesService.getDocumentProperties().getProperty('ADD_ON_VERSION');
if (version != last_version) {
PropertiesService.getDocumentProperties().setProperty('ADD_ON_VERSION', last_version);
// new version available
}
The problem with this is that if a user does not have access to the Script (script wasn't shared with him - like a Google Drive file share), the request to https://script.googleapis.com/v1/projects/{sciprt_id}/versions
yeilds a 403 Unauthorized error.
Is there a way to give the entire organization access to specifically this request URL?
CodePudding user response:
- Only script files explicitly shared with a user or previously opened bya a user will show up in
- Files that are only shared as "Anyone with the link" will not show up in anyone's https://script.google.com/home/shared or elsewhere - unless a user knows the script id/ url and has manually opened the script at least once.
Reference:
What you can see in "Shared with me"
Files shared with you.
Folders shared with you.
Files shared with a link that you have opened.
Just imagine what would happen otherwise - all publicly shared Apps Script files of which there are thousands - if not millions - would show up in your https://script.google.com/home/shared and
Shared with me
, as well as with the API method Files:list!