Merge branch 'main' of https://github.com/GAM-team/GAM

Updated `gam report <ActivityApplicationName>` to display `id:<actor.profileId>` in the `emailAddress` column
when `actor.email` is empty. This typically occurs when the actor is not in your workspace.

Updated `gam <UserTypeEntity> copy drivefile` to ignore ACLs referencing deleted user/groups.

.github/workflows/build.yml

@@ -17,7 +17,7 @@ defaults:
     working-directory: src
 
 env:
-  SCRATCH_COUNTER: 6
+  SCRATCH_COUNTER: 7
   OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
   OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
   OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -1005,7 +1005,7 @@ jobs:
 
   merge:
     if: (github.event_name == 'push' || github.event_name == 'schedule')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     permissions:
       contents: write
@@ -1019,7 +1019,7 @@ jobs:
 
   publish:
     if: github.event_name == 'push'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: merge
     permissions:
       contents: write

src/GamCommands.txt

@@ -1677,6 +1677,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
         (range <Date> <Date>)|
         (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
         (reminder <Number> email|popup))|
+	(resource <ResourceID>)|
         (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
         (sequence <Integer>)|
         (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -1707,8 +1708,10 @@ The following attributes are equivalent:
         clearattendees|
         clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
+        clearresources|
         (clearsharedproperty <PropertyKey>)|
         (removeattendee <EmailAddress>)|
+        (removeresource <ResourceID>)|
         (replacedescription <RegularExpression> <String>)|
         (selectremoveattendees <UserTypeEntity>)
 
@@ -4448,7 +4451,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
         [event|events <EventNameList>] [ip <String>]
         [groupidfilter <String>]
         [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-        [countsonly [summary] [eventrowfilter]]
+        [countsonly [bydate|summary] [eventrowfilter]]
         (addcsvdata <FieldName> <String>)* [shownoactivities]
 
 <CustomerServiceName> ::=

src/GamUpdate.txt

@@ -1,3 +1,31 @@
+7.02.11
+
+Updated `gam report <ActivityApplicationName>` to display `id:<actor.profileId>` in the `emailAddress` column
+when `actor.email` is empty. This typically occurs when the actor is not in your workspace.
+
+Updated `gam <UserTypeEntity> copy drivefile` to ignore ACLs referencing deleted user/groups.
+
+7.02.10
+
+Added option `bydate` to `gam report <ActivityApplicationName> ... countsonly` that provides an additional display option.
+* `countsonly` - Display a row per user across all dates with all event counts on one row
+* `countsonly bydate` - Display a row per user per date for all dates with any events with all events counts on the row
+* `countsonly summary` - Display a row per event with counts for each event summarized across users and dates
+
+7.02.09
+
+Added option `clearresources` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that allows clearing all resources from a user's calendar events. For example, to clear all resources from a user's future events:
+```
+gam user user@domain.com update events primary matchfield attendeespattern @resource.calendar.google.com after now clearresources
+```
+
+Added option `resource <ResourceID>` to `<EventAttribute>` for use in `gam <UserTypeEntity> create|update events`
+that adds a resource to an event.
+
+Added option `removeresource <ResourceID>` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that removes a resource from an event.
+
 7.02.08
 
 Fixed bug in `gam print|show chromepolicies` that caused a trap when neither

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.02.08'
+__version__ = '7.02.11'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -13090,13 +13090,13 @@ def _checkDataRequiredServices(result, tryDate, dataRequiredServices, parameterS
 #  0: Backup to earlier date
 #  1: Data available
   oneDay = datetime.timedelta(days=1)
-  warnings = result.get('warnings', [])
+  dataWarnings = result.get('warnings', [])
   usageReports = result.get('usageReports', [])
   # move to day before if we don't have at least one usageReport with parameters
   if not usageReports or not usageReports[0].get('parameters', []):
     tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
     return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
-  for warning in warnings:
+  for warning in dataWarnings:
     if warning['code'] == 'PARTIAL_DATA_AVAILABLE':
       for app in warning['data']:
         if app['key'] == 'application' and app['value'] != 'docs' and app['value'] in dataRequiredServices:
@@ -13521,7 +13521,7 @@ REPORT_ACTIVITIES_TIME_OBJECTS = {'time'}
 #	[event|events <EventNameList>] [ip <String>]
 #	[groupidfilter <String>]
 #	[maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-#	[countsonly [summary] [eventrowfilter]]
+#	[countsonly [bydate|summary] [eventrowfilter]]
 #	(addcsvdata <FieldName> <String>)* [shownoactivities]
 # gam report users|user [todrive <ToDriveAttribute>*]
 #	[(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
@@ -13794,8 +13794,8 @@ def doReport():
   filterTimes = {}
   maxActivities = maxEvents = 0
   maxResults = 1000
-  aggregateByDate = aggregateByUser = convertMbToGb = countsOnly = eventRowFilter = exitUserLoop = \
-    noAuthorizedApps = normalizeUsers = select = summary = userCustomerRange = False
+  aggregateByDate = aggregateByUser = convertMbToGb = countsOnly = countsByDate = countsSummary = \
+    eventRowFilter = exitUserLoop = noAuthorizedApps = normalizeUsers = select = userCustomerRange = False
   limitDateChanges = -1
   allVerifyUser = userKey = 'all'
   cd = orgUnit = orgUnitId = None
@@ -13893,8 +13893,10 @@ def doReport():
       actorIpAddress = getString(Cmd.OB_STRING)
     elif activityReports and myarg == 'countsonly':
       countsOnly = True
+    elif activityReports and myarg == 'bydate':
+      countsByDate = True
     elif activityReports and myarg == 'summary':
-      summary = True
+      countsSummary = True
     elif activityReports and myarg == 'eventrowfilter':
       eventRowFilter = True
     elif activityReports and myarg == 'groupidfilter':
@@ -13928,6 +13930,8 @@ def doReport():
       unknownArgumentExit()
   if aggregateByDate and aggregateByUser:
     usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('aggregateByDate', 'aggregateByUser'))
+  if countsOnly and countsByDate and countsSummary:
+    usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('bydate', 'summary'))
   parameters = ','.join(parameters) if parameters else None
   if usageReports and not includeServices:
     includeServices = set(fullDataServices)
@@ -14144,8 +14148,12 @@ def doReport():
       pageMessage = getPageMessage()
       users = [normalizeEmailAddressOrUID(userKey)]
       orgUnitId = None
+    zeroEventCounts = {}
     if not eventNames:
       eventNames.append(None)
+    else:
+      for eventName in eventNames:
+        zeroEventCounts[eventName] = 0
     i = 0
     count = len(users)
     for user in users:
@@ -14177,9 +14185,22 @@ def doReport():
           accessErrorExit(None)
         for activity in feed:
           events = activity.pop('events')
-          actor = activity['actor'].get('email', activity['actor'].get('key', UNKNOWN))
+          actor = activity['actor'].get('email')
+          if not actor:
+            actor = 'id:'+activity['actor'].get('profileId', UNKNOWN)
           if showOrgUnit:
             activity['actor']['orgUnitPath'] = userOrgUnits.get(actor, UNKNOWN)
+          if countsOnly and countsByDate:
+            eventTime = activity.get('id', {}).get('time', UNKNOWN)
+            if eventTime != UNKNOWN:
+              try:
+                eventTime, _ = iso8601.parse_date(eventTime)
+              except (iso8601.ParseError, OverflowError):
+                eventTime = UNKNOWN
+            if eventTime != UNKNOWN:
+              eventDate = eventTime.strftime(YYYYMMDD_FORMAT)
+            else:
+              eventDate = UNKNOWN
           if not countsOnly or eventRowFilter:
             activity_row = flattenJSON(activity, timeObjects=REPORT_ACTIVITIES_TIME_OBJECTS)
             purge_parameters = True
@@ -14230,18 +14251,32 @@ def doReport():
                 if numEvents >= maxEvents > 0:
                   break
               elif csvPF.CheckRowTitles(row):
-                if not summary:
+                eventName = event['name']
+                if not countsSummary:
                   eventCounts.setdefault(actor, {})
-                  eventCounts[actor].setdefault(event['name'], 0)
-                  eventCounts[actor][event['name']] += 1
+                  if not countsByDate:
+                    eventCounts[actor].setdefault(eventName, 0)
+                    eventCounts[actor][eventName] += 1
+                  else:
+                    eventCounts[actor].setdefault(eventDate, {})
+                    eventCounts[actor][eventDate].setdefault(eventName, 0)
+                    eventCounts[actor][eventDate][eventName] += 1
                 else:
-                  eventCounts.setdefault(event['name'], 0)
-                  eventCounts[event['name']] += 1
-          elif not summary:
+                  eventCounts.setdefault(eventName, 0)
+                  eventCounts[eventName] += 1
+          elif not countsSummary:
             eventCounts.setdefault(actor, {})
-            for event in events:
-              eventCounts[actor].setdefault(event['name'], 0)
-              eventCounts[actor][event['name']] += 1
+            if not countsByDate:
+              for event in events:
+                eventName = event['name']
+                eventCounts[actor].setdefault(eventName, 0)
+                eventCounts[actor][eventName] += 1
+            else:
+              for event in events:
+                eventName = event['name']
+                eventCounts[actor].setdefault(eventDate, {})
+                eventCounts[actor][eventDate].setdefault(eventName, 0)
+                eventCounts[actor][eventDate][eventName] += 1
           else:
             for event in events:
               eventCounts.setdefault(event['name'], 0)
@@ -14256,31 +14291,46 @@ def doReport():
     else:
       if eventRowFilter:
         csvPF.SetRowFilter([], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
-      if not summary:
-        csvPF.SetTitles('emailAddress')
+      if not countsSummary:
+        titles = ['emailAddress']
+        if countsOnly and countsByDate:
+          titles.append('date')
+        csvPF.SetTitles(titles)
+        csvPF.SetSortTitles(titles)
         if addCSVData:
           csvPF.AddTitles(sorted(addCSVData.keys()))
         if eventCounts:
-          for actor, events in iter(eventCounts.items()):
-            row = {'emailAddress': actor}
-            for event, count in iter(events.items()):
-              row[event] = count
-            if addCSVData:
-              row.update(addCSVData)
-            csvPF.WriteRowTitles(row)
+          if not countsByDate:
+            for actor, events in iter(eventCounts.items()):
+              row = {'emailAddress': actor}
+              row.update(zeroEventCounts)
+              for event, count in iter(events.items()):
+                row[event] = count
+              if addCSVData:
+                row.update(addCSVData)
+              csvPF.WriteRowTitles(row)
+          else:
+            for actor, eventDates in iter(eventCounts.items()):
+              for eventDate, events in iter(eventDates.items()):
+                row = {'emailAddress': actor, 'date': eventDate}
+                row.update(zeroEventCounts)
+                for event, count in iter(events.items()):
+                  row[event] = count
+                if addCSVData:
+                  row.update(addCSVData)
+                csvPF.WriteRowTitles(row)
         elif showNoActivities:
           row = {'emailAddress': 'NoActivities'}
           if addCSVData:
             row.update(addCSVData)
             csvPF.WriteRow(row)
-        csvPF.SetSortTitles(['emailAddress'])
       else:
         csvPF.SetTitles(['event', 'count'])
         if addCSVData:
           csvPF.AddTitles(sorted(addCSVData.keys()))
         if eventCounts:
-          for event in sorted(eventCounts):
-            row = {'event': event, 'count': eventCounts[event]}
+          for event, count in sorted(iter(eventCounts.items())):
+            row = {'event': event, 'count': count}
             if addCSVData:
               row.update(addCSVData)
             csvPF.WriteRow(row)
@@ -38327,6 +38377,7 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
           for subfield in subfields:
             body.pop(subfield, None)
 
+  cd = None
   if function == 'insert' and myarg in {'id', 'eventid'}:
     body['id'] = getEventID()
   elif function == 'import' and myarg == 'icaluid':
@@ -38407,6 +38458,17 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
       if responseStatus is not None:
         addAttendee['responseStatus'] = responseStatus
       parameters['attendees'].append(addAttendee)
+  elif function == 'update' and myarg == 'clearresources':
+    parameters['clearResources'] = True
+  elif myarg == 'resource':
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    parameters['attendees'].append({'email': _validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True),
+                                    'responseStatus': 'accepted', 'resource': True})
+  elif myarg == 'removeresource':
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    parameters['removeAttendees'].add(_validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True))
   elif myarg == 'json':
     jsonData = getJSON(EVENT_JSON_CLEAR_FIELDS)
     if function == 'insert':
@@ -38716,7 +38778,7 @@ def _validateCalendarGetEvents(origUser, user, origCal, calId, j, jcount, calend
 
 def _getCalendarCreateImportUpdateEventOptions(function, entityType):
   body = {}
-  parameters = {'clearAttendees': False, 'replaceMode': False,
+  parameters = {'clearAttendees': False, 'replaceMode': False, 'clearResources': False,
                 'attendees': [], 'removeAttendees': set(),
                 'replaceDescription': [], 'sendUpdates': 'none',
                 'csvPF': None, 'FJQC': FormatJSONQuoteChar(None), 'showDayOfWeek': False}
@@ -38827,7 +38889,7 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
   updateFieldList = []
   if parameters['replaceDescription']:
     updateFieldList.append('description')
-  if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees']):
+  if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees'] or parameters['clearResources']):
     updateFieldList.append('attendees')
   updateFields = ','.join(updateFieldList)
   if 'attendees' not in updateFieldList:
@@ -38878,6 +38940,8 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
               body['attendees'] = []
             if parameters['removeAttendees']:
               body['attendees'] = [attendee for attendee in body['attendees'] if attendee['email'].lower() not in parameters['removeAttendees']]
+            if parameters['clearResources']:
+              body['attendees'] = [attendee for attendee in body['attendees'] if not attendee['email'].lower().endswith('@resource.calendar.google.com')]
         event = callGAPI(cal.events(), 'patch',
                          throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN,
                                                                    GAPI.INVALID, GAPI.REQUIRED, GAPI.TIME_RANGE_EMPTY, GAPI.EVENT_DURATION_EXCEEDS_LIMIT,
@@ -39627,18 +39691,19 @@ def doCalendarsPrintShowSettings(calIds):
   if csvPF:
     csvPF.writeCSVfile('Calendar Settings')
 
-def _validateResourceId(resourceId, i, count):
-  cd = buildGAPIObject(API.DIRECTORY)
+def _validateResourceId(cd, resourceId, i, count, exitOnNotFound):
   try:
     return callGAPI(cd.resources().calendars(), 'get',
                     throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                     customer=GC.Values[GC.CUSTOMER_ID], calendarResourceId=resourceId, fields='resourceEmail')['resourceEmail']
   except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
+    if exitOnNotFound:
+      entityDoesNotExistExit(Ent.RESOURCE_CALENDAR, resourceId, i, count)
     checkEntityAFDNEorAccessErrorExit(cd, Ent.RESOURCE_CALENDAR, resourceId, i, count)
     return None
 
-def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=True):
-  calId = _validateResourceId(resourceId, i, count)
+def _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=True):
+  calId = _validateResourceId(cd, resourceId, i, count, False)
   if not calId:
     return (None, None, 0)
   if ACLScopeEntity['dict']:
@@ -39656,23 +39721,25 @@ def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAct
 # gam resources <ResourceEntity> create calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
 def doResourceCreateCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   role, ACLScopeEntity, sendNotifications = getCalendarCreateUpdateACLsOptions(True)
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
     if jcount == 0:
       continue
     _createCalendarACLs(cal, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
 
 def _resourceUpdateDeleteCalendarACLs(entityList, function, ACLScopeEntity, role, sendNotifications):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
     if jcount == 0:
       continue
     _updateDeleteCalendarACLs(cal, function, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
@@ -39695,13 +39762,14 @@ def doResourceDeleteCalendarACLs(entityList):
 #	[formatjson]
 def doResourceInfoCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   ACLScopeEntity = getCalendarSiteACLScopeEntity()
   FJQC = _getCalendarInfoACLOptions()
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
     if jcount == 0:
       continue
     _infoCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, ruleIds, jcount, FJQC)
@@ -39720,12 +39788,13 @@ def doResourceInfoCalendarACLs(entityList):
 #	[formatjson]
 def doResourcePrintShowCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   csvPF, FJQC, noSelfOwner, addCSVData = _getCalendarPrintShowACLOptions(['resourceId', 'resourceEmail'])
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId = _validateResourceId(resourceId, i, count)
+    calId = _validateResourceId(cd, resourceId, i, count, False)
     if not calId:
       continue
     _printShowCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, csvPF, FJQC, noSelfOwner, addCSVData)
@@ -59038,8 +59107,8 @@ def _copyPermissions(drive, user, i, count, j, jcount,
       notCopiedMessage = f'domain {domain} excluded'
     elif domain and copyMoveOptions['includePermissionsFromDomains'] and domain not in copyMoveOptions['includePermissionsFromDomains']:
       notCopiedMessage = f'domain {domain} not included'
-    elif permission.pop('deleted', False):
-      notCopiedMessage = f"{permission['type']} {permission['emailAddress']} deleted"
+    elif permission.pop('deleted', False) or (permission['type'] in {'group', 'user'} and not emailAddress):
+      notCopiedMessage = f"{permission['type']} deleted or has blank email address"
     elif ((copyInherited == 'copySheetProtectedRangesInheritedPermissions' and copyMoveOptions[copyInherited]) or
           (copyNonInherited == 'copySheetProtectedRangesNonInheritedPermissions' and
            copyMoveOptions[copyNonInherited] != COPY_NONINHERITED_PERMISSIONS_NEVER)):
@@ -67554,10 +67623,10 @@ def updatePhoto(users):
     body = {'photoData': base64.urlsafe_b64encode(image_data).decode(UTF8)}
     try:
       callGAPI(cd.users().photos(), 'update',
-               throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT],
+               throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT, GAPI.CONDITION_NOT_MET],
                userKey=user, body=body, fields='')
       entityActionPerformed([Ent.USER, user, Ent.PHOTO, filename], i, count)
-    except GAPI.invalidInput as e:
+    except (GAPI.invalidInput, GAPI.conditionNotMet) as e:
       entityActionFailedWarning([Ent.USER, user, Ent.PHOTO, filename], str(e), i, count)
     except (GAPI.userNotFound, GAPI.forbidden):
       entityUnknownWarning(Ent.USER, user, i, count)