I am working on an application in which a user can create a list and publish it publicly. The contents of the list appear on my site as a web page, but also exist as a text file on the disk of the user who created it. Everything is passed in javascript and works well, however I am currently using scope https://www.googleapis.com/auth/drive.
This is a very scary permission to have, so I would like to leave it. However, when a user tries to read a file, if they have only a region https://www.googleapis.com/auth/drive.file, a common file (access to it by id) for them does not exist until I launched them, although the flow of exchange.
I assume that although it was a file created in my application, this file was never opened by viewing the user in my application, so it does not fall into this area. This seems a little silly, because anyone (even if they are not logged in as any user) can download a file from Google using only its identifier.
I want not to run them on the mailing flow, because if the user has not logged into my application yet, they are more or less stuck on this screen. The application is not installed as a viewer for this type of file for them, therefore they are not presented as a proposed application for its use.
Am I doing something wrong or is there no way to support this seemingly very common use case, allowing the user to exchange links with their files, although the application’s open URL?
I don’t understand why I need full access to the user drive, as I am trying to access a file that is not even on my drive.
Note . I also have realtime-api mounted on top of the file, which also works, but shoudln't really have anything to do with the main exchange.
Some relevant code snippets that create and set permissions for a file:
Create file
gapi.client.load('drive', 'v2', function() {
var insertHash = {
'resource': {
mimeType: 'application/vnd.mysite.com',
title: title
};
};
gapi.client.drive.files.insert(insertHash).execute(next);
});
Grant All Permissions
gapi.client.drive.permissions.insert({
fileId: $scope.id, resource: {
type: 'anyone',
role: 'writer'
}
}).execute(function(resp) {
console.log(resp);
});
Try to access the file as a viewer, the https://www.googleapis.com/auth/drivescope command fails
gapi.client.drive.files.get({fileId: $scope.id}).execute(function(resp) {
console.log(resp);
next(resp);
});