deepblue/GoogleDriveManagement
1
0
Fork 0
mirror of https://github.com/GAM-team/GAM.git synced 2025-07-10 06:33:34 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

further improvements to scope check.

Browse Source
This commit is contained in:
Jay Lee
2016-11-02 10:20:27 -04:00
parent f8341be9ea
commit fefe9de384
1 changed files with 31 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/gam.py
View File

@ -1199,25 +1199,42 @@ def buildGplusGAPIObject(user):
def doCheckServiceAccount(users): def doCheckServiceAccount(users):
for user in users: for user in users:
failed_scopes = False all_scopes_pass = True
all_scopes = [] all_scopes = []
print u'User: %s' % (user)
for api, scopes in API_SCOPE_MAPPING.items(): for api, scopes in API_SCOPE_MAPPING.items():
#print u'Checking %s access for %s' % (user, api)
for scope in scopes: for scope in scopes:
if scope in all_scopes:
continue # don't check same scope twice
all_scopes.append(scope) all_scopes.append(scope)
try: all_scopes = sorted(all_scopes)
service = buildGAPIServiceObject(api, act_as=user, use_scopes=scope) for scope in all_scopes:
service._http.request.credentials.refresh(httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])) try:
result = u'PASS' service = buildGAPIServiceObject(api, act_as=user, use_scopes=scope)
except oauth2client.client.HttpAccessTokenRefreshError: service._http.request.credentials.refresh(httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL]))
result = u'FAIL' result = u'PASS'
failed_scopes = True except oauth2client.client.HttpAccessTokenRefreshError:
print u'Scope: {0:60} {1}'.format(scope, result) result = u'FAIL'
if failed_scopes: all_scopes_pass = False
print u'\nSome scopes failed. Please make sure your service account is authorized for:\n\n%s' % ','.join(all_scopes) print u' Scope: {0:60} {1}'.format(scope, result)
service_account = service._http.request.credentials.serialization_data[u'client_id']
if all_scopes_pass:
print u'\nAll scopes passed!\nService account %s is fully authorized.' % service_account
else: else:
print u'\nAll scopes passed!' user_domain = user[user.find(u'@')+1:]
return not failed_scopes print u'''
ERROR: Some scopes failed! Please go to:
https://admin.google.com/%s/AdminHome?#OGX:ManageOauthClients
and grant Client name:
%s
Access to scopes:
%s\n''' % (user_domain, service_account, ','.join(all_scopes))
sys.exit(int(not all_scopes_pass))
def showReport(): def showReport():
@ -6821,7 +6838,6 @@ def doCreateProject():
for i in range(1, 5): for i in range(1, 5):
print u'Checking project status...' print u'Checking project status...'
status = callGAPI(crm.operations(), u'get', name=operation_name) status = callGAPI(crm.operations(), u'get', name=operation_name)
print status
if u'error' in status: if u'error' in status:
if u'message' in status[u'error'] and status[u'error'][u'message'].find(u'Callers must accept ToS') != -1: if u'message' in status[u'error'] and status[u'error'][u'message'].find(u'Callers must accept ToS') != -1:
print u'''Please go to: print u'''Please go to:
@ -6833,7 +6849,6 @@ and accept the Terms of Service (ToS). As soon as you've accepted the ToS popup,
create_again = True create_again = True
break break
else: else:
print status
sys.exit(1) sys.exit(1)
if u'done' in status and status[u'done']: if u'done' in status and status[u'done']:
break break