Getting past permissions for a file through the API/Apps Script

0
votes

I'm trying to create a list of files stored in my Google Drive and also a list of their current and previous permissions. Specifically, I want to create a list of files in my Google Drive which at any point in the past have had the 'Anyone with a link can view/edit (etc)' permission set.

I have created a Google Apps Script to do this and I can iterate through all the files OK and I can get files which currently have that permission set, but I can't see a way to get the history of the file's permissions.

I have found and activated the revisions list API: https://developers.google.com/drive/api/v2/reference/revisions/list

This gets revisions but I can't see anywhere that it lists the sharing history of a revision.

Is what I'm attempting to do possible?

2
google-apps-scriptgoogle-drive-api

2 Answers

1
votes

It's definitely possible using the Drive Activity API. You can use the Quickstart for Google Apps Script to view all the activity of an item (file or folder) or done by a User. In this case I modified the Quickstart to show the Permissions changes of a given Drive Id.

function listDriveActivity() {
  var request = {
     itemName: "items/1bFQvSJ8pMdss4jInrrg7bxdae3dKgu-tJqC1A2TktMs", //Id of the file
    pageSize: 10};
  var response = DriveActivity.Activity.query(request);
  var activities = response.activities;

  if (activities && activities.length > 0) {
    Logger.log('Recent activity:');

      for (var i = 0; i < activities.length; i++) {
      var activity = activities[i];
      var time = getTimeInfo(activity);
      var action = getActionInfo(activity.primaryActionDetail);
      var actors = activity.actors.map(getActorInfo);
      var targets = activity.targets.map(getTargetInfo);

      if (action == "permissionChange"){ //Only show permissionChange activity
      Logger.log(
          '%s: %s, %s, %s', time, truncated(actors), action,
          truncated(targets));
      }
    }
  } else {
    Logger.log('No activity.');
  }
}

/** Returns a string representation of the first elements in a list. */
function truncated(array, opt_limit) {
  var limit = opt_limit || 2;
  var contents = array.slice(0, limit).join(', ');
  var more = array.length > limit ? ', ...' : '';
  return '[' + contents + more + ']';
}

/** Returns the name of a set property in an object, or else "unknown". */
function getOneOf(object) {
  for (var key in object) {
    return key;
  }
  return 'unknown';
}

/** Returns a time associated with an activity. */
function getTimeInfo(activity) {
  if ('timestamp' in activity) {
    return activity.timestamp;
  }
  if ('timeRange' in activity) {
    return activity.timeRange.endTime;
  }
  return 'unknown';
}

/** Returns the type of action. */
function getActionInfo(actionDetail) {
  return getOneOf(actionDetail);
}

/** Returns user information, or the type of user if not a known user. */
function getUserInfo(user) {
  if ('knownUser' in user) {
    var knownUser = user.knownUser;
    var isMe = knownUser.isCurrentUser || false;
    return isMe ? 'people/me' : knownUser.personName;
  }
  return getOneOf(user);
}

/** Returns actor information, or the type of actor if not a user. */
function getActorInfo(actor) {
  if ('user' in actor) {
    return getUserInfo(actor.user)
  }
  return getOneOf(actor);
}

/** Returns the type of a target and an associated title. */
function getTargetInfo(target) {
  if ('driveItem' in target) {
    var title = target.driveItem.title || 'unknown';
    return 'driveItem:"' + title + '"';
  }
  if ('drive' in target) {
    var title = target.drive.title || 'unknown';
    return 'drive:"' + title + '"';
  }
  if ('fileComment' in target) {
    var parent = target.fileComment.parent || {};
    var title = parent.title || 'unknown';
    return 'fileComment:"' + title + '"';
  }
  return getOneOf(target) + ':unknown';
}

Remember to enable the Drive Activity API in Resources > Advanced Google Services

In my example this returns the logs:

enter image description here

You can also look deeper into the Permissions by using the permissionChange Parameters in the query.

0
votes

If you have a business/enterprise/edu account the admin audit logs will tell you this for 6 months of data. Or it will at least tell you when a permission was changed from x to y.

Can't think of a method for personal.