0

我正在尝试列出在我的组织内创建的所有共享驱动器中的所有文件。虽然,当我尝试获取特定驱动器的文件时,我得到:

Error 403: The attempted action requires shared drive membership., teamDriveMembershipRequired

这是有道理的,因为我的用户不属于那个Shared Drive。我可以冒充一个拥有者的用户,并且我认为这会起作用,尽管Drives List(我用来获取共享驱动器列表的 API)没有提供有关共享驱动器所有者的详细信息。

如果我冒充管理员用户或使用服务帐户DriveId获取相同的 403 错误。

package main

imports ... 

func main() {
    d := drive.New(drive.Service{
        Ctx:     ctx,
        User:    nil,
        Query:   "",
        Limiter: &driveQuota,
    })

    driveList := d.GetDrivesList()
    for _, sharedDrive := range driveList.Drives {
        files := d.GetSharedDriveFiles(sharedDrive.Id)
        for _, f := range files {
            j, _ := f.MarshalJSON()
            logrus.Println(string(j))
        }
    }
}

package drive

imports ...

func New(options Service) Service {
    var c *http.Client
    if options.User != nil {
        c = client.New(options.Ctx, options.User.PrimaryEmail, drive.DriveScope)
    } else {
        apiUser := os.Getenv("API_USER")
        c = client.New(options.Ctx, apiUser, drive.DriveScope)
    }

    srv, err := drive.NewService(options.Ctx, option.WithHTTPClient(c))
    errorchecker.Check(err, "Unable to create Drive service")

    return Service{srv, options.Ctx, options.User, options.Query, options.Limiter}
}

func (d *Service) GetDrivesList() *drive.DriveList {
    srv := d.service

    driveList, err := srv.Drives.List().UseDomainAdminAccess(true).Do()
    errorchecker.Check(err, "Unable to get Drives list")

    return driveList
}

func (d *Service) GetSharedDriveFiles(id string) []*drive.File  {
    srv := d.service

    var sharedDriveFiles []*drive.File
    listFiles := func(r *drive.FileList) error {
        sharedDriveFiles = append(sharedDriveFiles, r.Files...)
        return nil
    }

    err := srv.Files.List().Corpora("drive").DriveId(id).SupportsAllDrives(true).IncludeItemsFromAllDrives(true).Fields("files(id,ownedByMe,permissions,shared,sharingUser,trashed,properties,appProperties,name)").PageSize(1000).Pages(d.Ctx, listFiles)
    errorchecker.Check(err, "Unable to get Shared Drive files")

    return sharedDriveFiles
}

package client

imports ...

func New(ctx context.Context, subject interface{}, scope ...string) *http.Client {
    cert := os.Getenv("CERT")
    b, err := ioutil.ReadFile(cert)
    errorchecker.Check(err, "Unable to read secret file")

    config, err := google.JWTConfigFromJSON(b, scope...)
    errorchecker.Check(err, "Unable to parse utils secret file to config")

    if subject != nil {
        config.Subject = subject.(string)
    }

    return config.Client(ctx)
}
4

1 回答 1

0

看来我的问题与此答案有关,而不与我的身份验证方式有关。即使作为管理员,如果我不属于共享驱动器,我也无权访问共享驱动器中的文件。

于 2021-04-22T07:52:45.253 回答