Clarification on Active User Scope and Script Authorization

0
votes

I have a spreadsheet with a UI app script. The app reads/updates from the spreadsheet.

My current settings are: Execute the app as "me".

Who has access to the app: "anyone".

I'm essentially sending out workflows that have assignments by email. Those emails can be outside of the domain but would all be gmail addresses.

I had hoped I'd be able to access the Session.getActiveUser() as I need to allow certain functionality on the app based on user accessing the UiApp. That function does not seem to provide any info unless I'm logged in as the script owner. Session.getActiveUser() is blank when accessing from a different address.

Is there a way to get the active user without having to Execute the app as "User accessing the app". I'd rather not have to share the spreadsheet with all the end users.

Thanks for any suggestions.

2
google-apps-script
Sharing the spreadsheet in this context doesn't mean anybody could open the spreadsheet directly as a document as long as the url of the spreadsheet remains unknown. The app will indeed need to have access to it if you deploy your app as 'User accessing the webapp' but no one can find the url of the sheet unless you publish it. I use this configuration very often but of course I don't know your exact use case... ;-) In my case the app itself determines what a specific user can do or not (by enabling /disabling certain functions / panels depending on the logged user.Serge insas
@Serge, I'm confused by your comment. By nature of sharing the spreadsheet the item shows up in the users "Shared with Me" list in google drive/docs. It's important that the user does not have access to the spreadsheet but works solely off the UiApp. Did I misunderstand your comment. If there's a way to share the spreadsheet so that the app can access the sheet as the "User accessing the webapp" w/o providing direct access to the spreadsheet then please explain how. Everything I've seen puts the spreadsheet in the users list of documents.jrad
My spreadsheet has "anyone with the link" so the app can read and write to it but the name of the spreadsheet and its url is unknown (except for me) so it never appears in the document list of the user even if the user "writes" something in the document through the webapp (since he never actually "opens" it). I checked that on different accounts and never found any exception.Serge insas
Here is an example of an app like this, can you find the source spreadsheet ? database accessSerge insas
@serge...perfect. That was the difference maker. I didn't think about change the permissions to "anyone with the link". 1. It did not show the spreadsheet in the public account list of documents. 2. When trying to access the UIApp URL it did pull active user while signed in on public account. 3. When not signed in and tried to access URL it required my signin before I could access the webapp. Helpful information...not completely intuitive but a smooth work around. Thanks for the info.jrad

2 Answers

0
votes

Rewrite from comments for readability :

Sharing the spreadsheet in this context doesn't mean anybody could open the spreadsheet directly as a document as long as the url of the spreadsheet remains unknown. The app will indeed need to have access to it if you deploy your app as 'User accessing the webapp' but no one can find the url of the sheet unless you publish it. I use this configuration very often but of course I don't know your exact use case... ;-) In my case the app itself determines what a specific user can do or not (by enabling /disabling certain functions / panels depending on the logged user.

Here is an example of an app like this, can you find the source spreadsheet ?

My spreadsheet has "anyone with the link" so the app can read and write to it but the name of the spreadsheet and its url is unknown (except for me) so it never appears in the document list of the user even if the user "writes" something in the document through the webapp (since he never actually "opens" it). I checked that on different accounts and never found any exception.

0
votes

The active user and the property's like email etc.. Are not accessible with a public google account. It is accessible and useable with a google apps account within your own domain. See http://www.google.com/intl/en/enterprise/apps/business/pricing.html

Otherwise it's just a point of privacy on the web. A litle disappointing i can imagine but logical if you think about it.

I do have another tip for you. Have al look at this link http://shop.oreilly.com/product/0636920023210.do O'reilly also implemented a workflowsystem. It uses the url parameters to pass email (identity) information. Not really secure, but in combination with the Utilities.DigestAlgorithm SHA encoding you could take steps to encode your url email-parameters.

Hope this is helpfull.