mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Fixed bug in gam print shareddriveorganizers that caused a trap when an organizer was a deleted user.
This commit is contained in:
@@ -2,12 +2,13 @@
|
|||||||
|
|
||||||
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
is enabled promptig you to update your service account authorization so that the scope can be removed.
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
```
|
```
|
||||||
gam <UserTypeEntity> delete permissions
|
gam <UserTypeEntity> delete permissions
|
||||||
gam <UserTypeEntity> delete drivefileacl
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
@@ -19,6 +20,8 @@ gam <UserTypeEntity> claim ownership
|
|||||||
gam <UserTypeEntity> transfer drive
|
gam <UserTypeEntity> transfer drive
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
Updated to Python 3.13.4
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
7.08.02
|
7.08.02
|
||||||
|
|||||||
@@ -63563,9 +63563,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
if 'role' not in body:
|
if 'role' not in body:
|
||||||
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
||||||
updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
||||||
if csvPF and showTitles:
|
if csvPF and showTitles:
|
||||||
csvPF.AddTitles(fileNameTitle)
|
csvPF.AddTitles(fileNameTitle)
|
||||||
@@ -63603,7 +63600,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
permission = callGAPI(drive.permissions(), 'update',
|
permission = callGAPI(drive.permissions(), 'update',
|
||||||
bailOnInternalError=True,
|
bailOnInternalError=True,
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**updateKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
||||||
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63869,9 +63866,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
unknownArgumentExit()
|
||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
i, count, users = getEntityArgument(users)
|
i, count, users = getEntityArgument(users)
|
||||||
for user in users:
|
for user in users:
|
||||||
i += 1
|
i += 1
|
||||||
@@ -63904,7 +63898,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
break
|
break
|
||||||
callGAPI(drive.permissions(), 'delete',
|
callGAPI(drive.permissions(), 'delete',
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**deleteKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
||||||
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -66222,7 +66216,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
useDomainAdminAccess=useDomainAdminAccess,
|
useDomainAdminAccess=useDomainAdminAccess,
|
||||||
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
||||||
for permission in permissions:
|
for permission in permissions:
|
||||||
if permission['type'] in includeTypes and permission['role'] in roles:
|
if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
|
||||||
if domainList:
|
if domainList:
|
||||||
_, domain = permission['emailAddress'].lower().split('@', 1)
|
_, domain = permission['emailAddress'].lower().split('@', 1)
|
||||||
if domain not in domainList:
|
if domain not in domainList:
|
||||||
|
|||||||
Reference in New Issue
Block a user