Added the following options to <PermissionMatch> that allow more powerful matching.

Added the following options to `<PermissionMatch>` that allow more powerful matching. ``` nottype <DriveFileACLType> typelist <DriveFileACLTypeList> nottypelist <DriveFileACLTypeList> rolelist <DriveFileACLRoleList> notrolelist <DriveFileACLRoleList> ``` * See: https://github.com/taers232c/GAMADV-XTD3/wiki/Permission-Matches#define-a-match
2026-06-22 15:11:37 +00:00 · 2024-02-03 12:09:09 -08:00
parent 51c7a542e3
commit 6ed3f8ebfc
11 changed files with 143 additions and 44 deletions
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -664,6 +664,7 @@ If an item contains spaces, it should be surrounded by ".
 <DeviceUserList> ::= "<DeviceUserID>(,<DeviceUserID>)*"
 <DomainNameList> ::= "<DomainName>(,<DomainName>)*"
 <DriveFileACLRoleList> ::= "<DriveFileACLRole>(,<DriveFileACLRole>)*"
+<DriveFileACLTypeList> ::= "<DriveFileACLType>(,<DriveFileACLType>)*"
 <DriveFileList> ::= "<DriveFileItem>(,<DriveFileItem>)*"
 <DriveFilePermissionList> ::= "<DriveFilePermission>(,<DriveFilePermission>)*"
 <DriveFilePermissionIDList> ::= "<DriveFilePermissionID>(,<DriveFilePermissionID>)*"
@@ -4635,6 +4636,23 @@ gam <UserTypeEntity> show shareddrives
        [fields <SharedDriveFieldNameList>]
        [guiroles [<Boolean>]] [formatjson]

+<PermissionMatch> ::=
+        pm|permissionmatch [not]
+            [type|nottype <DriveFileACLType>] [role|notrole <DriveFileACLRole>]
+            [typelist|nottypelist <DriveFileACLTypeList>] [rolelist|notrolelist <DriveFileACLRoleList>]
+            [allowfilediscovery|withlink <Boolean>]
+            [emailaddress <RegularExpression>] [emailaddressList <EmailAddressList>]
+            [permissionidlist <PermissionIDList>
+            [name|displayname <String>]
+            [domain|notdomain <RegularExpression>] [domainlist|notdomainlist <DomainNameList>]
+            [expirationstart <Time>] [expirationend <Time>]
+            [deleted <Boolean>] [inherited <Boolean>]
+        em|endmatch
+<PermissionMatchMode> ::=
+        pmm|permissionmatchmode or|and
+<PermissionMatchAction> ::=
+        pma|permissionmatchaction process|skip
+
 These commands are used to manage the ACLs on the Team Drives themselves, not the files/folders on the Team Drives.

 <DrivePermissionsFieldName> ::=
@@ -5810,7 +5828,6 @@ gam <UserTypeEntity> create focustime
        [declinemessage <String>]
        [summary <String>]
        (timerange <Time> <Time> [recurrence <String>])+
-        [timezone <String>]

 gam <UserTypeEntity> create outofoffice
        [declinemode none|all|new]
@@ -6587,19 +6604,6 @@ gam <UserTypeEntity> collect orphans
        writerscanshare
 <DriveFieldNameList> ::= "<DriveFieldName>(,<DriveFieldName>)*"

-<PermissionMatch> ::=
-        permissionmatch|pm [not]
-            [type anyone|user|group|domain] [role|notrole <DriveFileACLRole>] [allowfilediscovery|withlink <Boolean>]
-            [emailaddress <RegularExpression>] [name|displayname <String>]
-            [domain|notdomain <RegularExpression>] [domainlist|notdomainlist <DomainNameList>]
-            [expirationstart <Time>] [expirationend <Time>]
-            [deleted <Boolean>] [inherited <Boolean>]
-        endmatch|em
-<PermissionMatchMode> ::=
-        permissionmatchmode|pmm or|and
-<PermissionMatchAction> ::=
-        permissionmatchaction|pma process|skip
-
 gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [returnidonly]
        [filepath|fullpath] [pathdelimiter <Character>]
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -2,6 +2,18 @@

 Merged GAM-Team version

+6.67.35
+
+Added the following options to `<PermissionMatch>` that allow more powerful matching.
+```
+nottype	<DriveFileACLType>
+typelist <DriveFileACLTypeList>
+nottypelist <DriveFileACLTypeList>
+rolelist <DriveFileACLRoleList>
+notrolelist <DriveFileACLRoleList>
+```
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Permission-Matches#define-a-match
+
 6.67.34

 Added option `movetoorgunitdelay <Integer>` to `gam <UserTypeEntity> create shareddrive <Name> ... ou|org|orgunit <OrgUnitItem>`.
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -52518,16 +52518,31 @@ class PermissionMatch():
    body = {}
    while Cmd.ArgumentsRemaining():
      myarg = getArgument()
-      if myarg == 'type':
-        body['type'] = getChoice(DRIVEFILE_ACL_PERMISSION_TYPES)
+      if myarg in {'type', 'nottype'}:
+        body[myarg] = set(getChoice(DRIVEFILE_ACL_PERMISSION_TYPES))
        self.permissionFields.add('type')
-      elif myarg == 'role':
+      elif myarg in {'typelist', 'nottypelist'}:
+        arg = 'type' if myarg == 'typelist' else 'nottype'
+        body[arg] = set()
+        for ptype in getString(Cmd.OB_PERMISSION_TYPE_LIST).lower().replace(',', ' ').split():
+          if ptype in DRIVEFILE_ACL_PERMISSION_TYPES:
+            body[arg].add(ptype)
+          else:
+            invalidChoiceExit(ptype, DRIVEFILE_ACL_PERMISSION_TYPES, True)
+        self.permissionFields.add('type')
+      elif myarg in {'role', 'notrole'}:
        roleLocation = Cmd.Location()
-        body['role'] = getChoice(DRIVEFILE_ACL_ROLES_MAP, mapChoice=True)
+        body[myarg] = set(getChoice(DRIVEFILE_ACL_ROLES_MAP, mapChoice=True))
        self.permissionFields.add('role')
-      elif myarg == 'notrole':
+      elif myarg in {'rolelist', 'notrolelist'}:
+        arg = 'role' if myarg == 'rolelist' else 'notrole'
+        body[arg] = set()
        roleLocation = Cmd.Location()
-        body['notrole'] = getChoice(DRIVEFILE_ACL_ROLES_MAP, mapChoice=True)
+        for prole in getString(Cmd.OB_PERMISSION_ROLE_LIST).lower().replace(',', ' ').split():
+          if prole in DRIVEFILE_ACL_ROLES_MAP:
+            body[arg].add(DRIVEFILE_ACL_ROLES_MAP[prole])
+          else:
+            invalidChoiceExit(prole, DRIVEFILE_ACL_ROLES_MAP, True)
        self.permissionFields.add('role')
      elif myarg == 'emailaddress':
        body['emailAddress'] = getREPattern(re.IGNORECASE)
@@ -52610,10 +52625,13 @@ class PermissionMatch():
    match = False
    for field, value in iter(permissionMatch[1].items()):
      if field in {'type', 'role'}:
-        if value != permission.get(field, ''):
+        if permission.get(field, '') not in value:
+          break
+      elif field in {'nottype'}:
+        if permission.get('type', '') in value:
          break
      elif field in {'notrole'}:
-        if value == permission.get('role', ''):
+        if permission.get('role', '') in value:
          break
      elif field in {'allowFileDiscovery', 'deleted'}:
        if value != permission.get(field, False):
@@ -58437,7 +58455,7 @@ def transferDrive(users):
          if addTargetParent or removeTargetParents:
            op = 'Add/Remove Target Parents'
            callGAPI(targetDrive.files(), 'update',
-                     throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.INSUFFICIENT_PARENT_PERMISSIONS],
+                     throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.CANNOT_ADD_PARENT, GAPI.INSUFFICIENT_PARENT_PERMISSIONS],
                     retryReasons=[GAPI.BAD_REQUEST, GAPI.FILE_NOT_FOUND], triesLimit=3,
                     fileId=childFileId,
                     addParents=addTargetParent, removeParents=','.join(removeTargetParents), fields='')
@@ -58448,7 +58466,7 @@ def transferDrive(users):
          else:
            entityModifierNewValueItemValueListActionPerformed([Ent.USER, sourceUser, childFileType, childFileName], Act.MODIFIER_TO, None, [Ent.USER, targetUser], j, jcount)
      except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.unknownError,
-              GAPI.badRequest, GAPI.sharingRateLimitExceeded, GAPI.insufficientParentPermissions) as e:
+              GAPI.badRequest, GAPI.sharingRateLimitExceeded, GAPI.cannotAddParent, GAPI.insufficientParentPermissions) as e:
        entityActionFailedWarning([Ent.USER, actionUser, childFileType, childFileName], f'{op}: {str(e)}', j, jcount)
      except (GAPI.insufficientFilePermissions, GAPI.fileOwnerNotMemberOfWriterDomain, GAPI.crossDomainMoveRestriction) as e:
        if not createShortcutsForNonmovableFiles:
--- a/src/gam/gamlib/glcfg.py
+++ b/src/gam/gamlib/glcfg.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-

-# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
 #
 # All Rights Reserved.
 #
--- a/src/gam/gamlib/glclargs.py
+++ b/src/gam/gamlib/glclargs.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-

-# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
 #
 # All Rights Reserved.
 #
@@ -931,6 +931,8 @@ class GamCLArgs():
  OB_PARAMETER_VALUE = 'ParameterValue'
  OB_PASSWORD = 'Password'
  OB_PERMISSION_ID_LIST = 'PermissionIDList'
+  OB_PERMISSION_ROLE_LIST = 'PermissionRoleList'
+  OB_PERMISSION_TYPE_LIST = 'PermissionTypeList'
  OB_PHOTO_FILENAME_PATTERN = 'FilenameNamePattern'
  OB_PRINTER_ID = 'PrinterID'
  OB_PRIVILEGE_LIST = 'PrivilegeList'