DWD Site Verification API and Search Console API #1806

src/GamCommands.txt

@@ -6597,7 +6597,7 @@ gam <UserTypeEntity> print chatemojis [todrive <ToDriveAttribute>*]
         (folderColorRgb <ColorValue>)|
         (indexabletext <String>)|
         (inheritedpermissionsdisabled [<Boolean>])|
-        (itemdownloadrestriction (restrictedforreaders [<Boolean>]) (restrictedforwriters [<Boolean>]))|
+        (itemdownloadrestriction restrictedforreaders|restrictedforwriters [<Boolean>])|
         (keeprevisionforever|pinned)|
         (lastviewedbyme <Time>)|
         (mimetype <MimeType>)|
@@ -8703,3 +8703,11 @@ gam <UserTypeEntity> print youtubechannels [todrive <ToDriveAttribute>*]
 gam create|add verify|verification <DomainName>
 gam update verify|verification <DomainName> cname|txt|text|site|file
 gam info verify|verification
+
+# Web Resourses and Sites
+
+gam <UserTypeEntity> show webresources
+gam <UserTypeEntity> print webresources [todrive <ToDriveAttribute>*]
+gam <UserTypeEntity> show webmastersites
+gam <UserTypeEntity> print webmastersites [todrive <ToDriveAttribute>*]
+```

src/GamUpdate.txt

@@ -1,5 +1,18 @@
+7.17.00
+
+Added commands to discover Sites and WebResources that managed users (previously unmanaged) may have access to for better governance and visibility.
+These are special purpose commands and will not generally be used.
+```
+gam <UserTypeEntity> show webresources
+gam <UserTypeEntity> print webresources [todrive <ToDriveAttribute>*]
+gam <UserTypeEntity> show webmastersites
+gam <UserTypeEntity> print webmastersites [todrive <ToDriveAttribute>*]
+```
+
 7.16.01
 
+The Drive API now supports setting download restrictions on individual files.
+
 Added `downloadrestictions` and `<DriveDownloadRestrictionsSubfieldName>` to `<DriveFieldName>`.
 ```
 <DriveDownloadRestrictionsSubfieldName> ::=
@@ -7,7 +20,7 @@ Added `downloadrestictions` and `<DriveDownloadRestrictionsSubfieldName>` to `<D
   downloadrestrictions.effectivedownloadrestrictionwithcontext
 ```
 
-Added `itemdownloadrestriction (restrictedforreaders [<Boolean>]) (restrictedforwriters [<Boolean>])`
+Added `itemdownloadrestriction restrictedforreaders|restrictedforwriters [<Boolean>]`
 to `<DriveFileAttribute>`.
 
 From the Drive API documentation:

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.16.01'
+__version__ = '7.17.00'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -47077,6 +47077,72 @@ def doInfoSiteVerification():
   else:
     printKeyValueList(['No Sites Verified.'])
 
+# gam <UserTypeEntity> show webresources
+# gam <UserTypeEntity> print webresources [todrive <ToDriveAttribute>*]
+def printShowWebResources(users):
+  csvPF = CSVPrintFile(['User', 'site.identifier']) if Act.csvFormat() else None
+  while Cmd.ArgumentsRemaining():
+    myarg = getArgument()
+    if csvPF and myarg == 'todrive':
+      csvPF.GetTodriveParameters()
+    else:
+      unknownArgumentExit()
+  i, count, users = getEntityArgument(users)
+  for user in users:
+    i += 1
+    user, verif = buildGAPIServiceObject(API.SITEVERIFICATION, user, i, count)
+    if not verif:
+      continue
+    sites = callGAPIitems(verif.webResource(), 'list', 'items')
+    jcount = len(sites)
+    if not csvPF:
+      entityPerformActionNumItems([Ent.USER, user], jcount, Ent.WEB_RESOURCE, i, count)
+      Ind.Increment()
+      j = 0
+      for site in sorted(sites, key=lambda k: (k['site']['type'], k['site']['identifier'])):
+        j += 1
+        _showSiteVerificationInfo(site)
+      Ind.Decrement()
+    else:
+      for site in sites:
+        row = flattenJSON(site, flattened={'User': user})
+        csvPF.WriteRowTitles(row)
+  if csvPF:
+    csvPF.writeCSVfile('Web Resources')
+
+# gam <UserTypeEntity> show webmastersites
+# gam <UserTypeEntity> print webmastersites [todrive <ToDriveAttribute>*]
+def printShowWebMasterSites(users):
+  csvPF = CSVPrintFile(['User', 'siteUrl']) if Act.csvFormat() else None
+  while Cmd.ArgumentsRemaining():
+    myarg = getArgument()
+    if csvPF and myarg == 'todrive':
+      csvPF.GetTodriveParameters()
+    else:
+      unknownArgumentExit()
+  i, count, users = getEntityArgument(users)
+  for user in users:
+    i += 1
+    user, searchconsole = buildGAPIServiceObject(API.SEARCHCONSOLE, user, i, count)
+    if not searchconsole:
+      continue
+    sites = callGAPIitems(searchconsole.sites(), 'list', 'siteEntry')
+    jcount = len(sites)
+    if not csvPF:
+      entityPerformActionNumItems([Ent.USER, user], jcount, Ent.WEB_MASTERSITE, i, count)
+      Ind.Increment()
+      j = 0
+      for site in sorted(sites, key=lambda k: k['siteUrl']):
+        j += 1
+        _showSiteVerificationInfo(site)
+      Ind.Decrement()
+    else:
+      for site in sites:
+        row = flattenJSON(site, flattened={'User': user})
+        csvPF.WriteRowTitles(row)
+  if csvPF:
+    csvPF.writeCSVfile('Web Master Sites')
+
 def checkCourseExists(croom, courseId, i=0, count=0, entityType=Ent.COURSE):
   courseId = addCourseIdScope(courseId)
   try:
@@ -53818,6 +53884,8 @@ DRIVE_FILE_CONTENT_RESTRICTIONS_CHOICE_MAP = {
   }
 
 DRIVE_FILE_ITEM_DOWNLOAD_RESTRICTION_CHOICE_MAP = {
+  'downloadrestrictedforreaders': 'restrictedForReaders',
+  'downloadrestrictedforwriters': 'restrictedForWriters',
   'restrictedforreaders': 'restrictedForReaders',
   'restrictedforwriters': 'restrictedForWriters',
   }
@@ -53873,6 +53941,20 @@ def getDriveFileAddRemoveParentAttribute(myarg, parameters):
     return False
   return True
 
+def _getDriveFileDownloadRestrictions(myarg, body):
+  subField = myarg
+  if subField.startswith('downloadrestrictions.'):
+    _, subField = subField.split('.', 1)
+  if subField.startswith('itemdownloadrestriction.'):
+    _, subField = subField.split('.', 1)
+  if subField == 'itemdownloadrestriction':
+    subField = getChoice(DRIVE_FILE_ITEM_DOWNLOAD_RESTRICTION_CHOICE_MAP)
+  if subField in DRIVE_FILE_ITEM_DOWNLOAD_RESTRICTION_CHOICE_MAP:
+    body.setdefault('downloadRestrictions', {'itemDownloadRestriction': {}})
+    body['downloadRestrictions']['itemDownloadRestriction'][DRIVE_FILE_ITEM_DOWNLOAD_RESTRICTION_CHOICE_MAP[subField]] = getBoolean()
+    return True
+  return False
+
 def getDriveFileCopyAttribute(myarg, body, parameters):
   if myarg == 'ignoredefaultvisibility':
     parameters[DFA_IGNORE_DEFAULT_VISIBILITY] = getBoolean()
@@ -53908,10 +53990,8 @@ def getDriveFileCopyAttribute(myarg, body, parameters):
           else:
             Cmd.Backup()
             usageErrorExit(Msg.REASON_ONLY_VALID_WITH_CONTENTRESTRICTIONS_READONLY_TRUE)
-  elif myarg == 'itemdownloadrestriction':
-    body.setdefault('downloadRestrictions', {'itemDownloadRestriction': {}})
-    restriction = getChoice(DRIVE_FILE_ITEM_DOWNLOAD_RESTRICTION_CHOICE_MAP, mapChoice=True)
-    body['downloadRestrictions']['itemDownloadRestriction'][restriction] = getBoolean()
+  elif _getDriveFileDownloadRestrictions(myarg, body):
+    pass
   elif myarg == 'inheritedpermissionsdisabled':
     body['inheritedPermissionsDisabled'] = getBoolean()
   elif myarg == 'property':
@@ -78284,6 +78364,8 @@ USER_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_USERLIST:		doPrintUserList,
       Cmd.ARG_VACATION:		printShowVacation,
       Cmd.ARG_VAULTHOLD:	printShowUserVaultHolds,
+      Cmd.ARG_WEBMASTERSITE:	printShowWebMasterSites,
+      Cmd.ARG_WEBRESOURCE:	printShowWebResources,
       Cmd.ARG_WORKINGLOCATION:	printShowWorkingLocation,
       Cmd.ARG_YOUTUBECHANNEL:	printShowYouTubeChannel,
      }
@@ -78394,6 +78476,8 @@ USER_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_TOKEN:		printShowTokens,
       Cmd.ARG_VAULTHOLD:	printShowUserVaultHolds,
       Cmd.ARG_VACATION:		printShowVacation,
+      Cmd.ARG_WEBMASTERSITE:	printShowWebMasterSites,
+      Cmd.ARG_WEBRESOURCE:	printShowWebResources,
       Cmd.ARG_WORKINGLOCATION:	printShowWorkingLocation,
       Cmd.ARG_YOUTUBECHANNEL:	printShowYouTubeChannel,
      }
@@ -78645,6 +78729,8 @@ USER_COMMANDS_OBJ_ALIASES = {
   Cmd.ARG_USERS:		Cmd.ARG_USER,
   Cmd.ARG_VAULTHOLDS:		Cmd.ARG_VAULTHOLD,
   Cmd.ARG_VERIFICATIONCODES:	Cmd.ARG_BACKUPCODE,
+  Cmd.ARG_WEBMASTERSITES:	Cmd.ARG_WEBMASTERSITE,
+  Cmd.ARG_WEBRESOURCES: 	Cmd.ARG_WEBRESOURCE,
   Cmd.ARG_WORKINGLOCATIONS:	Cmd.ARG_WORKINGLOCATION,
   Cmd.ARG_YOUTUBECHANNELS:	Cmd.ARG_YOUTUBECHANNEL,
   }

src/gam/gamlib/glapi.py

@@ -85,6 +85,7 @@ PRINTERS = 'printers'
 PUBSUB = 'pubsub'
 REPORTS = 'reports'
 RESELLER = 'reseller'
+SEARCHCONSOLE = 'searchconsole'
 SERVICEACCOUNTLOOKUP = 'serviceaccountlookup'
 SERVICEMANAGEMENT = 'servicemanagement'
 SERVICEUSAGE = 'serviceusage'
@@ -198,6 +199,7 @@ PROJECT_APIS = [
   'people.googleapis.com',
   'pubsub.googleapis.com',
   'reseller.googleapis.com',
+  'searchconsole.googleapis.com',
   'sheets.googleapis.com',
   'siteverification.googleapis.com',
   'storage-api.googleapis.com',
@@ -271,6 +273,7 @@ _INFO = {
   PUBSUB: {'name': 'Pub / Sub API', 'version': 'v1', 'v2discovery': True},
   REPORTS: {'name': 'Reports API', 'version': 'reports_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
   RESELLER: {'name': 'Reseller API', 'version': 'v1', 'v2discovery': True},
+  SEARCHCONSOLE: {'name': 'Search Console API', 'version': 'v1', 'v2discovery': True},
   SERVICEACCOUNTLOOKUP: {'name': 'Service Account Lookup pseudo-API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
   SERVICEMANAGEMENT: {'name': 'Service Management API', 'version': 'v1', 'v2discovery': True},
   SERVICEUSAGE: {'name': 'Service Usage API', 'version': 'v1', 'v2discovery': True},
@@ -697,10 +700,20 @@ _SVCACCT_SCOPES = [
    'api': PEOPLE_OTHERCONTACTS,
    'subscopes': [],
    'scope': 'https://www.googleapis.com/auth/contacts.other.readonly'},
+  {'name': 'Search Console  API - read only',
+   'api': SEARCHCONSOLE,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://www.googleapis.com/auth/webmasters.readonly'},
   {'name': 'Sheets API',
    'api': SHEETS,
    'subscopes': READONLY,
    'scope': 'https://www.googleapis.com/auth/spreadsheets'},
+  {'name': 'Site Verification API',
+   'api': SITEVERIFICATION,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://www.googleapis.com/auth/siteverification'},
   {'name': 'Tag Manager API - Accounts, Containers, Workspaces, Tags - read only',
    'api': TAGMANAGER,
    'subscopes': [],

src/gam/gamlib/glclargs.py

@@ -830,6 +830,10 @@ class GamCLArgs():
   ARG_VERIFICATION = 'verification'
   ARG_VERIFICATIONCODES = 'verificationcodes'
   ARG_VERIFY = 'verify'
+  ARG_WEBMASTERSITE = 'webmastersite'
+  ARG_WEBMASTERSITES = 'webmastersites'
+  ARG_WEBRESOURCE = 'webresource'
+  ARG_WEBRESOURCES = 'webresources'
   ARG_WORKINGLOCATION = 'workinglocation'
   ARG_WORKINGLOCATIONS = 'workinglocations'
   ARG_YOUTUBECHANNEL = 'youtubechannel'

src/gam/gamlib/glentity.py

@@ -394,6 +394,8 @@ class GamEntity():
   VAULT_MATTER_ID = 'vlmi'
   VAULT_OPERATION = 'vlto'
   VAULT_QUERY = 'vltq'
+  WEB_MASTERSITE = 'wems'
+  WEB_RESOURCE = 'were'
   WEBCLIPS_ENABLED = 'webc'
   YOUTUBE_CHANNEL = 'ytch'
   # _NAMES[0] is plural, _NAMES[1] is singular unless the item name is explicitly plural (Calendar Settings)
@@ -752,6 +754,8 @@ class GamEntity():
     VAULT_OPERATION: ['Vault Operations', 'Vault Operation'],
     VAULT_QUERY: ['Vault Queries', 'Vault Query'],
     WEBCLIPS_ENABLED: ['Web Clips Enabled', 'Web Clips Enabled'],
+    WEB_MASTERSITE: ['Web Master Sites', 'Web Master Site'],
+    WEB_RESOURCE: ['Web Resources', 'Web Resource'],
     YOUTUBE_CHANNEL: ['YouTube Channels', 'YouTube Channel'],
     ROLE_MANAGER: ['Managers', 'Manager'],
     ROLE_MEMBER: ['Members', 'Member'],