問題描述
我正在嘗試使用以下代碼將所有權從服務帳戶創建的文檔轉移給位于同一 Google Apps 帳戶中的另一個用戶,但出現以下錯誤
I am attempting to transfer ownership from a Service Account created document to another user who resides within the same Google Apps account using the code below but am getting the following error
資源主體包含不可直接寫入的字段.[403]錯誤 [消息[資源正文包含不可直接寫入的字段.] Location[ - ] Reason[fieldNotWritable] Domain[global]]
var service = GetService();
try
{
var permission = GetPermission(fileId, email);
permission.Role = "owner";
var updatePermission = service.Permissions.Update(permission, fileId, permission.Id);
updatePermission.TransferOwnership = true;
return updatePermission.Execute();
}
catch (Exception e)
{
Console.WriteLine("An error occurred: " + e.Message);
}
return null;
注釋掉//permission.Role = "owner";返回下面的錯誤
Commenting out // permission.Role = "owner"; returns the error below
當權限角色為所有者"時,必須啟用 transferOwnership 參數.[403] 錯誤 [消息[當權限角色為所有者"時,必須啟用 transferOwnership 參數.] Location[transferOwnership - parameter] Reason[forbidden] Domain[global]]
分配任何其他權限都可以正常工作.因此,這是服務帳戶無法將所有權轉移到不使用@gserviceaccount.com 電子郵件地址的任何其他帳戶的限制(即our-project@appspot.gserviceaccount.com > email@domain.com)?
Assigning any other permissions works fine. Therefore, is this a limitation of the Service Account not being able to transfer ownership to any other account that doesn't use the @gserviceaccount.com email address (i.e. our-project@appspot.gserviceaccount.com > email@domain.com)?
email@domain.com 電子郵件地址已創建并在 Google Apps 中進行管理.
The email@domain.com email address has been created and is managed within Google Apps.
在這種情況下,這是無法實現的,關于下一步該去哪里的任何指示?我們需要多個用戶能夠通過 API 即時創建文檔并分配權限和轉移所有權.
In the case, it is not achievable, any pointers on where to look next? We need multiple users to have the ability to create documents ad hoc and assign permissions and transfer ownership on the fly via the API.
謝謝
推薦答案
我找到了答案,并為遇到此問題的其他人發帖.
I have found the answer and am posting for anyone else who comes across this question.
- 您不能使用 Google 推薦的服務帳戶密鑰 JSON 文件".
- 您需要使用 p.12 證書文件進行身份驗證.
創建模擬賬戶驅動服務的代碼如下.
- You can not use the 'Service Account Key JSON file' as recommended by Google.
- You need to use the p.12 certificate file for authentication.
The code to create a drive service for mimicking accounts is as follows.
public DriveService GetService(string certificatePath, string certificatePassword, string googleAppsEmailAccount, string emailAccountToMimic, bool allowWrite = true)
{
var certificate = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(googleAppsEmailAccount)
{
Scopes = new[] { allowWrite ? DriveService.Scope.Drive : DriveService.Scope.DriveReadonly },
User = emailAccountToMimic
}.FromCertificate(certificate));
// Create the service.
return new DriveService(new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName
});
}
您需要按照此處列出的步驟在域范圍內委派服務帳戶的權限.
You need to follow the steps listed here to delegate domain-wide authority to the service account.
這篇關于Google Drive API - 從服務帳戶轉移所有權的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!