6
votes

Context

I'm building a php web app that needs to upload files to a Google Drive which belongs to a user (let's call him Bob). I used a Google Drive service account (let's call it [email protected]).

Bob created a folder ("uploads") in his Google Drive and shared it with [email protected].

The service account ([email protected]) can user the Drive API to list the files in that shared upload folder and upload files to it. The uploaded files show up in Bob's Google Drive as well. So far so good.

The problem

The owner of the files uploaded by [email protected] is [email protected], as one could expect. This has the following consequences:

  1. Since [email protected] is the owner of the uploaded files, they count against that account's quota. However, Bob purchased increased space for his Google Drive and wants the uploaded files to count against his quota to not run out of space in the service account.
  2. When a file previously uploaded by [email protected] is deleted (by Bob) from the shared upload folder, a few things happen:
    • The deleted file does not show up in the uploads folder for either user.
    • Bob can still see the deleted file in his "All Items" view.
    • The deleted file still chows up when the service account lists all files through the API but it doesn't have any parent (i.e. it's orphaned).
    • When getting the deleted file details through the API, it shows that it's using up quota.

What to do?

How can this use case be handled (cleanly)? I see 2 possible solutions:

  1. When uploading a file, set the ownership to Bob. Is that possible? This does not work! First, it doesn't work with uploaded files for regular account. Second, the service account has an email @developer.gserviceaccount.com while Bob's account has @gmail.com. from the doc says:

Google Apps Customers: You can't make someone outside of your domain the owner of your Google Doc. Only Google Apps customers in Premier, Government, and Education domains can transfer ownership of a synced or uploaded file (like a PDF or image file).

Consumer Drive users: You can't transfer ownership of a synced or uploaded file (like a PDF or an image file).

  1. Don't use a service account and have the web app use Bob's account directly instead. This does require getting an OAuth access token for Bob however. Also, using a service account with a shared upload folder allowed me to restrict the access of the service account to only the upload folder.
  2. Periodically search for orphaned files in the service account to clean them up. This however does not solve the issue of the quota used for the non-deleted files...

Please help!

Info regarding offline access and access tokens

1

1 Answers

2
votes

I think that you should see this page: Perform Google Apps Domain-Wide Delegation of Authority. This page shows how to use SA to invoke requests in behalf of Bob user. This page contains Java code which describes how to create Drive object for Bob. Using this Drive you will be able to upload file and the owner of the file will be Bob not [email protected]. I am using this method a lot and it works for me.