|
|
|
|
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
|
|
|
|
__version__ = '7.02.06'
|
|
|
|
|
__version__ = '7.03.05'
|
|
|
|
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
|
|
|
|
|
|
|
|
|
#pylint: disable=wrong-import-position
|
|
|
|
|
@@ -4727,7 +4727,7 @@ def clearServiceCache(service):
|
|
|
|
|
|
|
|
|
|
DISCOVERY_URIS = [googleapiclient.discovery.V1_DISCOVERY_URI, googleapiclient.discovery.V2_DISCOVERY_URI]
|
|
|
|
|
|
|
|
|
|
# Used for API.CLOUDRESOURCEMANAGER, API.SERVICEUSAGE, API.IAM, API.IAP
|
|
|
|
|
# Used for API.CLOUDRESOURCEMANAGER, API.SERVICEUSAGE, API.IAM
|
|
|
|
|
def getAPIService(api, httpObj):
|
|
|
|
|
api, version, v2discovery = API.getVersion(api)
|
|
|
|
|
return googleapiclient.discovery.build(api, version, http=httpObj, cache_discovery=False,
|
|
|
|
|
@@ -11361,13 +11361,32 @@ def doEnableAPIs():
|
|
|
|
|
url = f'https://console.cloud.google.com/apis/enableflow?apiid={apiid}&project={projectId}'
|
|
|
|
|
writeStdout(f' {url}\n\n')
|
|
|
|
|
|
|
|
|
|
def _waitForSvcAcctCompletion(i):
|
|
|
|
|
sleep_time = i*5
|
|
|
|
|
if i > 3:
|
|
|
|
|
sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
|
|
|
|
|
time.sleep(sleep_time)
|
|
|
|
|
|
|
|
|
|
def _grantRotateRights(iam, projectId, service_account, email, account_type='serviceAccount'):
|
|
|
|
|
printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
|
|
|
|
|
Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
|
|
|
|
|
body = {'policy': {'bindings': [{'role': 'roles/iam.serviceAccountKeyAdmin',
|
|
|
|
|
'members': [f'{account_type}:{email}']}]}}
|
|
|
|
|
callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
|
|
|
|
|
resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
|
|
|
|
|
maxRetries = 10
|
|
|
|
|
printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
|
|
|
|
|
Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
|
|
|
|
|
for retry in range(1, maxRetries+1):
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
|
|
|
|
|
throwReasons=[GAPI.INVALID_ARGUMENT],
|
|
|
|
|
resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
|
|
|
|
|
return True
|
|
|
|
|
except GAPI.invalidArgument as e:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
|
|
|
|
|
if 'does not exist' not in str(e) or retry == maxRetries:
|
|
|
|
|
return False
|
|
|
|
|
_waitForSvcAcctCompletion(retry)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
|
|
|
|
|
iam = getAPIService(API.IAM, httpObj)
|
|
|
|
|
@@ -11392,24 +11411,12 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
|
|
|
|
|
clientId=service_account['uniqueId']):
|
|
|
|
|
return False
|
|
|
|
|
sa_email = service_account['name'].rsplit('/', 1)[-1]
|
|
|
|
|
_grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def setGAMProjectConsentScreen(httpObj, projectId, appInfo):
|
|
|
|
|
sys.stdout.write(Msg.SETTING_GAM_PROJECT_CONSENT_SCREEN)
|
|
|
|
|
iap = getAPIService(API.IAP, httpObj)
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(iap.projects().brands(), 'create',
|
|
|
|
|
throwReasons=[GAPI.ALREADY_EXISTS, GAPI.INVALID_ARGUMENT],
|
|
|
|
|
parent=f'projects/{projectId}', body=appInfo)
|
|
|
|
|
except (GAPI.invalidArgument, GAPI.alreadyExists):
|
|
|
|
|
pass
|
|
|
|
|
return _grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
|
|
|
|
|
|
|
|
|
|
def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):
|
|
|
|
|
def _checkClientAndSecret(csHttpObj, client_id, client_secret):
|
|
|
|
|
post_data = {'client_id': client_id, 'client_secret': client_secret,
|
|
|
|
|
'code': 'ThisIsAnInvalidCodeOnlyBeingUsedToTestIfClientAndSecretAreValid',
|
|
|
|
|
# 'redirect_uri': 'urn:ietf:wg:oauth:2.0:oob', 'grant_type': 'authorization_code'}
|
|
|
|
|
'redirect_uri': 'http://127.0.0.1:8080', 'grant_type': 'authorization_code'}
|
|
|
|
|
_, content = csHttpObj.request(API.GOOGLE_OAUTH2_TOKEN_ENDPOINT, 'POST', urlencode(post_data),
|
|
|
|
|
headers={'Content-type': 'application/x-www-form-urlencoded'})
|
|
|
|
|
@@ -11434,16 +11441,14 @@ def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo,
|
|
|
|
|
|
|
|
|
|
if not enableGAMProjectAPIs(httpObj, projectInfo['projectId'], login_hint, False):
|
|
|
|
|
return
|
|
|
|
|
if appInfo:
|
|
|
|
|
setGAMProjectConsentScreen(httpObj, projectInfo['projectId'], appInfo)
|
|
|
|
|
console_url = f'https://console.cloud.google.com/apis/credentials/oauthclient?project={projectInfo["projectId"]}&authuser={login_hint}'
|
|
|
|
|
sys.stdout.write(Msg.SETTING_GAM_PROJECT_CONSENT_SCREEN_CREATING_CLIENT)
|
|
|
|
|
console_url = f'https://console.cloud.google.com/auth/clients?project={projectInfo["projectId"]}&authuser={login_hint}'
|
|
|
|
|
csHttpObj = getHttpObj()
|
|
|
|
|
while True:
|
|
|
|
|
sys.stdout.write(Msg.CREATE_PROJECT_INSTRUCTIONS.format(console_url))
|
|
|
|
|
sys.stdout.write(Msg.CREATE_CLIENT_INSTRUCTIONS.format(console_url, appInfo['applicationTitle'], appInfo['supportEmail']))
|
|
|
|
|
client_id = readStdin(Msg.ENTER_YOUR_CLIENT_ID).strip()
|
|
|
|
|
if not client_id:
|
|
|
|
|
client_id = readStdin('').strip()
|
|
|
|
|
sys.stdout.write(Msg.GO_BACK_TO_YOUR_BROWSER_AND_COPY_YOUR_CLIENT_SECRET_VALUE)
|
|
|
|
|
client_secret = readStdin(Msg.ENTER_YOUR_CLIENT_SECRET).strip()
|
|
|
|
|
if not client_secret:
|
|
|
|
|
client_secret = readStdin('').strip()
|
|
|
|
|
@@ -11451,7 +11456,6 @@ def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo,
|
|
|
|
|
if client_valid:
|
|
|
|
|
break
|
|
|
|
|
sys.stdout.write('\n')
|
|
|
|
|
# Deleted: "redirect_uris": ["http://localhost", "urn:ietf:wg:oauth:2.0:oob"],
|
|
|
|
|
cs_data = f'''{{
|
|
|
|
|
"installed": {{
|
|
|
|
|
"auth_provider_x509_cert_url": "{API.GOOGLE_AUTH_PROVIDER_X509_CERT_URL}",
|
|
|
|
|
@@ -11464,7 +11468,6 @@ def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo,
|
|
|
|
|
}}
|
|
|
|
|
}}'''
|
|
|
|
|
writeFile(GC.Values[GC.CLIENT_SECRETS_JSON], cs_data, continueOnError=False)
|
|
|
|
|
sys.stdout.write(Msg.GO_BACK_TO_YOUR_BROWSER_AND_CLICK_OK_TO_CLOSE_THE_OAUTH_CLIENT_POPUP)
|
|
|
|
|
sys.stdout.write(Msg.TRUST_GAM_CLIENT_ID.format(GAM, client_id))
|
|
|
|
|
readStdin('')
|
|
|
|
|
if not _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key):
|
|
|
|
|
@@ -11590,7 +11593,7 @@ def _getLoginHintProjectInfo(createCmd):
|
|
|
|
|
_checkProjectName(projectInfo['name'])
|
|
|
|
|
elif _getSvcAcctInfo(myarg, svcAcctInfo):
|
|
|
|
|
pass
|
|
|
|
|
elif createCmd and _getAppInfo(myarg, appInfo):
|
|
|
|
|
elif _getAppInfo(myarg, appInfo):
|
|
|
|
|
pass
|
|
|
|
|
elif myarg in {'algorithm', 'localkeysize', 'validityhours', 'yubikey'}:
|
|
|
|
|
Cmd.Backup()
|
|
|
|
|
@@ -11874,14 +11877,15 @@ def doCreateProject():
|
|
|
|
|
|
|
|
|
|
# gam use project [<EmailAddress>] [<ProjectID>]
|
|
|
|
|
# gam use project [admin <EmailAddress>] [project <ProjectID>]
|
|
|
|
|
# [appname <String>] [supportemail <EmailAddress>]
|
|
|
|
|
# [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>] [sadescription <ServiceAccountDescription>]
|
|
|
|
|
# [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
|
|
|
|
|
# (localkeysize 1024|2048|4096 [validityhours <Number>])|
|
|
|
|
|
# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)]
|
|
|
|
|
def doUseProject():
|
|
|
|
|
_checkForExistingProjectFiles([GC.Values[GC.OAUTH2SERVICE_JSON], GC.Values[GC.CLIENT_SECRETS_JSON]])
|
|
|
|
|
_, httpObj, login_hint, _, projectInfo, svcAcctInfo, create_key = _getLoginHintProjectInfo(False)
|
|
|
|
|
_createClientSecretsOauth2service(httpObj, login_hint, {}, projectInfo, svcAcctInfo, create_key)
|
|
|
|
|
_, httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key = _getLoginHintProjectInfo(False)
|
|
|
|
|
_createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key)
|
|
|
|
|
|
|
|
|
|
# gam update project [[admin] <EmailAddress>] [<ProjectIDEntity>]
|
|
|
|
|
def doUpdateProject():
|
|
|
|
|
@@ -12577,12 +12581,6 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|
|
|
|
else:
|
|
|
|
|
unknownArgumentExit()
|
|
|
|
|
|
|
|
|
|
def waitForCompletion(i):
|
|
|
|
|
sleep_time = i*5
|
|
|
|
|
if i > 3:
|
|
|
|
|
sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
|
|
|
|
|
time.sleep(sleep_time)
|
|
|
|
|
|
|
|
|
|
local_key_size = 2048
|
|
|
|
|
validityHours = 0
|
|
|
|
|
body = {}
|
|
|
|
|
@@ -12652,12 +12650,12 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|
|
|
|
if retry == maxRetries:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
|
|
|
|
return False
|
|
|
|
|
waitForCompletion(retry)
|
|
|
|
|
_waitForSvcAcctCompletion(retry)
|
|
|
|
|
except GAPI.permissionDenied:
|
|
|
|
|
if retry == maxRetries:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
|
|
|
|
return False
|
|
|
|
|
waitForCompletion(retry)
|
|
|
|
|
_waitForSvcAcctCompletion(retry)
|
|
|
|
|
except GAPI.badRequest as e:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
|
|
|
|
return False
|
|
|
|
|
@@ -12670,7 +12668,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|
|
|
|
new_data['private_key'] = ''
|
|
|
|
|
newPrivateKeyId = ''
|
|
|
|
|
break
|
|
|
|
|
waitForCompletion(retry)
|
|
|
|
|
_waitForSvcAcctCompletion(retry)
|
|
|
|
|
new_data['private_key_id'] = newPrivateKeyId
|
|
|
|
|
oauth2service_data = _formatOAuth2ServiceData(new_data)
|
|
|
|
|
else:
|
|
|
|
|
@@ -12687,7 +12685,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|
|
|
|
if retry == maxRetries:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
|
|
|
|
return False
|
|
|
|
|
waitForCompletion(retry)
|
|
|
|
|
_waitForSvcAcctCompletion(retry)
|
|
|
|
|
except GAPI.badRequest as e:
|
|
|
|
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
|
|
|
|
return False
|
|
|
|
|
@@ -12728,7 +12726,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|
|
|
|
if retry == maxRetries:
|
|
|
|
|
entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
|
|
|
|
break
|
|
|
|
|
waitForCompletion(retry)
|
|
|
|
|
_waitForSvcAcctCompletion(retry)
|
|
|
|
|
except GAPI.badRequest as e:
|
|
|
|
|
entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], str(e), i, count)
|
|
|
|
|
break
|
|
|
|
|
@@ -13090,13 +13088,13 @@ def _checkDataRequiredServices(result, tryDate, dataRequiredServices, parameterS
|
|
|
|
|
# 0: Backup to earlier date
|
|
|
|
|
# 1: Data available
|
|
|
|
|
oneDay = datetime.timedelta(days=1)
|
|
|
|
|
warnings = result.get('warnings', [])
|
|
|
|
|
dataWarnings = result.get('warnings', [])
|
|
|
|
|
usageReports = result.get('usageReports', [])
|
|
|
|
|
# move to day before if we don't have at least one usageReport with parameters
|
|
|
|
|
if not usageReports or not usageReports[0].get('parameters', []):
|
|
|
|
|
tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
|
|
|
|
|
return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
|
|
|
|
|
for warning in warnings:
|
|
|
|
|
for warning in dataWarnings:
|
|
|
|
|
if warning['code'] == 'PARTIAL_DATA_AVAILABLE':
|
|
|
|
|
for app in warning['data']:
|
|
|
|
|
if app['key'] == 'application' and app['value'] != 'docs' and app['value'] in dataRequiredServices:
|
|
|
|
|
@@ -13521,7 +13519,7 @@ REPORT_ACTIVITIES_TIME_OBJECTS = {'time'}
|
|
|
|
|
# [event|events <EventNameList>] [ip <String>]
|
|
|
|
|
# [groupidfilter <String>]
|
|
|
|
|
# [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
|
|
|
|
|
# [countsonly [summary] [eventrowfilter]]
|
|
|
|
|
# [countsonly [bydate|summary] [eventrowfilter]]
|
|
|
|
|
# (addcsvdata <FieldName> <String>)* [shownoactivities]
|
|
|
|
|
# gam report users|user [todrive <ToDriveAttribute>*]
|
|
|
|
|
# [(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
|
|
|
|
|
@@ -13794,8 +13792,8 @@ def doReport():
|
|
|
|
|
filterTimes = {}
|
|
|
|
|
maxActivities = maxEvents = 0
|
|
|
|
|
maxResults = 1000
|
|
|
|
|
aggregateByDate = aggregateByUser = convertMbToGb = countsOnly = eventRowFilter = exitUserLoop = \
|
|
|
|
|
noAuthorizedApps = normalizeUsers = select = summary = userCustomerRange = False
|
|
|
|
|
aggregateByDate = aggregateByUser = convertMbToGb = countsOnly = countsByDate = countsSummary = \
|
|
|
|
|
eventRowFilter = exitUserLoop = noAuthorizedApps = normalizeUsers = select = userCustomerRange = False
|
|
|
|
|
limitDateChanges = -1
|
|
|
|
|
allVerifyUser = userKey = 'all'
|
|
|
|
|
cd = orgUnit = orgUnitId = None
|
|
|
|
|
@@ -13893,8 +13891,10 @@ def doReport():
|
|
|
|
|
actorIpAddress = getString(Cmd.OB_STRING)
|
|
|
|
|
elif activityReports and myarg == 'countsonly':
|
|
|
|
|
countsOnly = True
|
|
|
|
|
elif activityReports and myarg == 'bydate':
|
|
|
|
|
countsByDate = True
|
|
|
|
|
elif activityReports and myarg == 'summary':
|
|
|
|
|
summary = True
|
|
|
|
|
countsSummary = True
|
|
|
|
|
elif activityReports and myarg == 'eventrowfilter':
|
|
|
|
|
eventRowFilter = True
|
|
|
|
|
elif activityReports and myarg == 'groupidfilter':
|
|
|
|
|
@@ -13928,6 +13928,8 @@ def doReport():
|
|
|
|
|
unknownArgumentExit()
|
|
|
|
|
if aggregateByDate and aggregateByUser:
|
|
|
|
|
usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('aggregateByDate', 'aggregateByUser'))
|
|
|
|
|
if countsOnly and countsByDate and countsSummary:
|
|
|
|
|
usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('bydate', 'summary'))
|
|
|
|
|
parameters = ','.join(parameters) if parameters else None
|
|
|
|
|
if usageReports and not includeServices:
|
|
|
|
|
includeServices = set(fullDataServices)
|
|
|
|
|
@@ -14144,8 +14146,12 @@ def doReport():
|
|
|
|
|
pageMessage = getPageMessage()
|
|
|
|
|
users = [normalizeEmailAddressOrUID(userKey)]
|
|
|
|
|
orgUnitId = None
|
|
|
|
|
zeroEventCounts = {}
|
|
|
|
|
if not eventNames:
|
|
|
|
|
eventNames.append(None)
|
|
|
|
|
else:
|
|
|
|
|
for eventName in eventNames:
|
|
|
|
|
zeroEventCounts[eventName] = 0
|
|
|
|
|
i = 0
|
|
|
|
|
count = len(users)
|
|
|
|
|
for user in users:
|
|
|
|
|
@@ -14177,9 +14183,22 @@ def doReport():
|
|
|
|
|
accessErrorExit(None)
|
|
|
|
|
for activity in feed:
|
|
|
|
|
events = activity.pop('events')
|
|
|
|
|
actor = activity['actor'].get('email', activity['actor'].get('key', UNKNOWN))
|
|
|
|
|
actor = activity['actor'].get('email')
|
|
|
|
|
if not actor:
|
|
|
|
|
actor = 'id:'+activity['actor'].get('profileId', UNKNOWN)
|
|
|
|
|
if showOrgUnit:
|
|
|
|
|
activity['actor']['orgUnitPath'] = userOrgUnits.get(actor, UNKNOWN)
|
|
|
|
|
if countsOnly and countsByDate:
|
|
|
|
|
eventTime = activity.get('id', {}).get('time', UNKNOWN)
|
|
|
|
|
if eventTime != UNKNOWN:
|
|
|
|
|
try:
|
|
|
|
|
eventTime, _ = iso8601.parse_date(eventTime)
|
|
|
|
|
except (iso8601.ParseError, OverflowError):
|
|
|
|
|
eventTime = UNKNOWN
|
|
|
|
|
if eventTime != UNKNOWN:
|
|
|
|
|
eventDate = eventTime.strftime(YYYYMMDD_FORMAT)
|
|
|
|
|
else:
|
|
|
|
|
eventDate = UNKNOWN
|
|
|
|
|
if not countsOnly or eventRowFilter:
|
|
|
|
|
activity_row = flattenJSON(activity, timeObjects=REPORT_ACTIVITIES_TIME_OBJECTS)
|
|
|
|
|
purge_parameters = True
|
|
|
|
|
@@ -14230,18 +14249,32 @@ def doReport():
|
|
|
|
|
if numEvents >= maxEvents > 0:
|
|
|
|
|
break
|
|
|
|
|
elif csvPF.CheckRowTitles(row):
|
|
|
|
|
if not summary:
|
|
|
|
|
eventName = event['name']
|
|
|
|
|
if not countsSummary:
|
|
|
|
|
eventCounts.setdefault(actor, {})
|
|
|
|
|
eventCounts[actor].setdefault(event['name'], 0)
|
|
|
|
|
eventCounts[actor][event['name']] += 1
|
|
|
|
|
if not countsByDate:
|
|
|
|
|
eventCounts[actor].setdefault(eventName, 0)
|
|
|
|
|
eventCounts[actor][eventName] += 1
|
|
|
|
|
else:
|
|
|
|
|
eventCounts[actor].setdefault(eventDate, {})
|
|
|
|
|
eventCounts[actor][eventDate].setdefault(eventName, 0)
|
|
|
|
|
eventCounts[actor][eventDate][eventName] += 1
|
|
|
|
|
else:
|
|
|
|
|
eventCounts.setdefault(event['name'], 0)
|
|
|
|
|
eventCounts[event['name']] += 1
|
|
|
|
|
elif not summary:
|
|
|
|
|
eventCounts.setdefault(eventName, 0)
|
|
|
|
|
eventCounts[eventName] += 1
|
|
|
|
|
elif not countsSummary:
|
|
|
|
|
eventCounts.setdefault(actor, {})
|
|
|
|
|
for event in events:
|
|
|
|
|
eventCounts[actor].setdefault(event['name'], 0)
|
|
|
|
|
eventCounts[actor][event['name']] += 1
|
|
|
|
|
if not countsByDate:
|
|
|
|
|
for event in events:
|
|
|
|
|
eventName = event['name']
|
|
|
|
|
eventCounts[actor].setdefault(eventName, 0)
|
|
|
|
|
eventCounts[actor][eventName] += 1
|
|
|
|
|
else:
|
|
|
|
|
for event in events:
|
|
|
|
|
eventName = event['name']
|
|
|
|
|
eventCounts[actor].setdefault(eventDate, {})
|
|
|
|
|
eventCounts[actor][eventDate].setdefault(eventName, 0)
|
|
|
|
|
eventCounts[actor][eventDate][eventName] += 1
|
|
|
|
|
else:
|
|
|
|
|
for event in events:
|
|
|
|
|
eventCounts.setdefault(event['name'], 0)
|
|
|
|
|
@@ -14256,31 +14289,46 @@ def doReport():
|
|
|
|
|
else:
|
|
|
|
|
if eventRowFilter:
|
|
|
|
|
csvPF.SetRowFilter([], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
|
|
|
|
|
if not summary:
|
|
|
|
|
csvPF.SetTitles('emailAddress')
|
|
|
|
|
if not countsSummary:
|
|
|
|
|
titles = ['emailAddress']
|
|
|
|
|
if countsOnly and countsByDate:
|
|
|
|
|
titles.append('date')
|
|
|
|
|
csvPF.SetTitles(titles)
|
|
|
|
|
csvPF.SetSortTitles(titles)
|
|
|
|
|
if addCSVData:
|
|
|
|
|
csvPF.AddTitles(sorted(addCSVData.keys()))
|
|
|
|
|
if eventCounts:
|
|
|
|
|
for actor, events in iter(eventCounts.items()):
|
|
|
|
|
row = {'emailAddress': actor}
|
|
|
|
|
for event, count in iter(events.items()):
|
|
|
|
|
row[event] = count
|
|
|
|
|
if addCSVData:
|
|
|
|
|
row.update(addCSVData)
|
|
|
|
|
csvPF.WriteRowTitles(row)
|
|
|
|
|
if not countsByDate:
|
|
|
|
|
for actor, events in iter(eventCounts.items()):
|
|
|
|
|
row = {'emailAddress': actor}
|
|
|
|
|
row.update(zeroEventCounts)
|
|
|
|
|
for event, count in iter(events.items()):
|
|
|
|
|
row[event] = count
|
|
|
|
|
if addCSVData:
|
|
|
|
|
row.update(addCSVData)
|
|
|
|
|
csvPF.WriteRowTitles(row)
|
|
|
|
|
else:
|
|
|
|
|
for actor, eventDates in iter(eventCounts.items()):
|
|
|
|
|
for eventDate, events in iter(eventDates.items()):
|
|
|
|
|
row = {'emailAddress': actor, 'date': eventDate}
|
|
|
|
|
row.update(zeroEventCounts)
|
|
|
|
|
for event, count in iter(events.items()):
|
|
|
|
|
row[event] = count
|
|
|
|
|
if addCSVData:
|
|
|
|
|
row.update(addCSVData)
|
|
|
|
|
csvPF.WriteRowTitles(row)
|
|
|
|
|
elif showNoActivities:
|
|
|
|
|
row = {'emailAddress': 'NoActivities'}
|
|
|
|
|
if addCSVData:
|
|
|
|
|
row.update(addCSVData)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
csvPF.SetSortTitles(['emailAddress'])
|
|
|
|
|
else:
|
|
|
|
|
csvPF.SetTitles(['event', 'count'])
|
|
|
|
|
if addCSVData:
|
|
|
|
|
csvPF.AddTitles(sorted(addCSVData.keys()))
|
|
|
|
|
if eventCounts:
|
|
|
|
|
for event in sorted(eventCounts):
|
|
|
|
|
row = {'event': event, 'count': eventCounts[event]}
|
|
|
|
|
for event, count in sorted(iter(eventCounts.items())):
|
|
|
|
|
row = {'event': event, 'count': count}
|
|
|
|
|
if addCSVData:
|
|
|
|
|
row.update(addCSVData)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
@@ -15058,15 +15106,15 @@ def doCreateResoldCustomer():
|
|
|
|
|
except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden, GAPI.invalid) as e:
|
|
|
|
|
entityActionFailedWarning([Ent.CUSTOMER_DOMAIN, body['customerDomain']], str(e))
|
|
|
|
|
|
|
|
|
|
# gam update resoldcustomer <CustomerID> [customer_auth_token <String>] <ResoldCustomerAttribute>+
|
|
|
|
|
# gam update resoldcustomer <CustomerID> <ResoldCustomerAttribute>+
|
|
|
|
|
def doUpdateResoldCustomer():
|
|
|
|
|
res = buildGAPIObject(API.RESELLER)
|
|
|
|
|
customerId = getString(Cmd.OB_CUSTOMER_ID)
|
|
|
|
|
customerAuthToken, body = _getResoldCustomerAttr()
|
|
|
|
|
_, body = _getResoldCustomerAttr()
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(res.customers(), 'patch',
|
|
|
|
|
throwReasons=GAPI.RESELLER_THROW_REASONS,
|
|
|
|
|
customerId=customerId, body=body, customerAuthToken=customerAuthToken, fields='')
|
|
|
|
|
customerId=customerId, body=body, fields='')
|
|
|
|
|
entityActionPerformed([Ent.CUSTOMER_ID, customerId])
|
|
|
|
|
except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden, GAPI.invalid) as e:
|
|
|
|
|
entityActionFailedWarning([Ent.CUSTOMER_ID, customerId], str(e))
|
|
|
|
|
@@ -15085,6 +15133,7 @@ def doInfoResoldCustomer():
|
|
|
|
|
customerId=customerId)
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
printKeyValueList(['Customer ID', customerInfo['customerId']])
|
|
|
|
|
printKeyValueList(['Customer Type', customerInfo['customerType']])
|
|
|
|
|
printKeyValueList(['Customer Domain', customerInfo['customerDomain']])
|
|
|
|
|
if 'customerDomainVerified' in customerInfo:
|
|
|
|
|
printKeyValueList(['Customer Domain Verified', customerInfo['customerDomainVerified']])
|
|
|
|
|
@@ -27894,14 +27943,28 @@ def _getPolicyGroupTarget(cd, cp, myarg, orgUnit):
|
|
|
|
|
targetResource = f"groups/{convertEmailAddressToUID(targetName, cd, emailType='group')}"
|
|
|
|
|
return (targetName, targetName, targetResource, Ent.GROUP, cp.customers().policies().groups())
|
|
|
|
|
|
|
|
|
|
def checkPolicyArgs(targetResource, printer_id, app_id):
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
if printer_id and app_id:
|
|
|
|
|
usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('printerid', 'appid'))
|
|
|
|
|
|
|
|
|
|
def setPolicyKVList(baseList, printer_id, app_id):
|
|
|
|
|
kvList = baseList[:]
|
|
|
|
|
if app_id:
|
|
|
|
|
kvList.extend([Ent.APP_ID, app_id])
|
|
|
|
|
elif printer_id:
|
|
|
|
|
kvList.extend([Ent.PRINTER_ID, printer_id])
|
|
|
|
|
return kvList
|
|
|
|
|
|
|
|
|
|
def updatePolicyRequests(body, targetResource, printer_id, app_id):
|
|
|
|
|
for request in body['requests']:
|
|
|
|
|
request.setdefault('policyTargetKey', {})
|
|
|
|
|
request['policyTargetKey']['targetResource'] = targetResource
|
|
|
|
|
if printer_id:
|
|
|
|
|
request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
|
|
|
|
elif app_id:
|
|
|
|
|
if app_id:
|
|
|
|
|
request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
|
|
|
|
elif printer_id:
|
|
|
|
|
request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
|
|
|
|
|
|
|
|
|
# gam delete chromepolicy
|
|
|
|
|
# (<SchemaName> [<JSONData>])+
|
|
|
|
|
@@ -27937,15 +28000,14 @@ def doDeleteChromePolicy():
|
|
|
|
|
body['requests'][-1].setdefault('policyTargetKey', {})
|
|
|
|
|
for atk in jsonData['additionalTargetKeys']:
|
|
|
|
|
body['requests'][-1]['policyTargetKey']['additionalTargetKeys'] = {atk['name']: atk['value']}
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
|
|
|
|
count = len(body['requests'])
|
|
|
|
|
if count != 1:
|
|
|
|
|
entityPerformActionNumItems([entityType, targetName], count, Ent.CHROME_POLICY)
|
|
|
|
|
if count == 0:
|
|
|
|
|
return
|
|
|
|
|
kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
|
|
|
|
|
updatePolicyRequests(body, targetResource, printer_id, app_id)
|
|
|
|
|
kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(service, function,
|
|
|
|
|
throwReasons=[GAPI.NOT_FOUND, GAPI.PERMISSION_DENIED,
|
|
|
|
|
@@ -28191,12 +28253,11 @@ def doUpdateChromePolicy():
|
|
|
|
|
invalidArgumentExit(Msg.CHROME_TARGET_VERSION_FORMAT)
|
|
|
|
|
body['requests'][-1]['policyValue']['value'][casedField] = value
|
|
|
|
|
body['requests'][-1]['updateMask'] += f'{casedField},'
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
|
|
|
|
count = len(body['requests'])
|
|
|
|
|
if count > 0 and not body['requests'][-1]['updateMask']:
|
|
|
|
|
body['requests'].pop()
|
|
|
|
|
kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
|
|
|
|
|
kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
|
|
|
|
|
if count != 1:
|
|
|
|
|
entityPerformActionNumItems(kvList, count, Ent.CHROME_POLICY)
|
|
|
|
|
if count == 0:
|
|
|
|
|
@@ -28238,10 +28299,10 @@ CHROME_POLICY_SHOW_CHOICE_MAP = {
|
|
|
|
|
def doPrintShowChromePolicies():
|
|
|
|
|
def normalizedPolicy(policy):
|
|
|
|
|
norm = {'name': policy['value']['policySchema']}
|
|
|
|
|
if printerId:
|
|
|
|
|
norm['printerId'] = printerId
|
|
|
|
|
elif appId:
|
|
|
|
|
norm['appId'] = appId
|
|
|
|
|
if app_id:
|
|
|
|
|
norm['appId'] = app_id
|
|
|
|
|
elif printer_id:
|
|
|
|
|
norm['printerId'] = printer_id
|
|
|
|
|
if entityType == Ent.ORGANIZATIONAL_UNIT:
|
|
|
|
|
orgUnitId = policy.get('targetKey', {}).get('targetResource')
|
|
|
|
|
norm['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgUnitId) if orgUnitId else UNKNOWN
|
|
|
|
|
@@ -28337,7 +28398,7 @@ def doPrintShowChromePolicies():
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.SetNoEscapeChar(True)
|
|
|
|
|
FJQC = FormatJSONQuoteChar(csvPF)
|
|
|
|
|
appId = groupEmail = orgUnit = printerId = None
|
|
|
|
|
app_id = groupEmail = orgUnit = printer_id = targetResource = None
|
|
|
|
|
showPolicies = CHROME_POLICY_SHOW_ALL
|
|
|
|
|
psFilters = []
|
|
|
|
|
while Cmd.ArgumentsRemaining():
|
|
|
|
|
@@ -28348,10 +28409,10 @@ def doPrintShowChromePolicies():
|
|
|
|
|
orgUnit, targetName, targetResource, entityType, _ = _getPolicyOrgUnitTarget(cd, cp, myarg, groupEmail)
|
|
|
|
|
elif myarg == 'group':
|
|
|
|
|
groupEmail, targetName, targetResource, entityType, _ = _getPolicyGroupTarget(cd, cp, myarg, orgUnit)
|
|
|
|
|
elif (not printerId and not appId) and myarg == 'printerid':
|
|
|
|
|
printerId = getString(Cmd.OB_PRINTER_ID)
|
|
|
|
|
elif (not printerId and not appId) and myarg == 'appid':
|
|
|
|
|
appId = getString(Cmd.OB_APP_ID)
|
|
|
|
|
elif myarg == 'printerid':
|
|
|
|
|
printer_id = getString(Cmd.OB_PRINTER_ID)
|
|
|
|
|
elif myarg == 'appid':
|
|
|
|
|
app_id = getString(Cmd.OB_APP_ID)
|
|
|
|
|
elif myarg == 'filter':
|
|
|
|
|
for psFilter in getString(Cmd.OB_STRING).replace(',', ' ').split():
|
|
|
|
|
psFilters.append(psFilter)
|
|
|
|
|
@@ -28365,20 +28426,19 @@ def doPrintShowChromePolicies():
|
|
|
|
|
showPolicies = getChoice(CHROME_POLICY_SHOW_CHOICE_MAP, mapChoice=True)
|
|
|
|
|
else:
|
|
|
|
|
FJQC.GetFormatJSONQuoteChar(myarg, False)
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
|
|
|
|
body = {'policyTargetKey': {'targetResource': targetResource}}
|
|
|
|
|
if printerId:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printerId}
|
|
|
|
|
if not psFilters:
|
|
|
|
|
psFilters = ['chrome.printers.*']
|
|
|
|
|
elif appId:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'app_id': appId}
|
|
|
|
|
if app_id:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
|
|
|
|
if not psFilters:
|
|
|
|
|
psFilters = ['chrome.users.apps.*',
|
|
|
|
|
'chrome.devices.kiosk.apps.*',
|
|
|
|
|
'chrome.devices.managedguest.apps.*',
|
|
|
|
|
]
|
|
|
|
|
elif printer_id:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
|
|
|
|
if not psFilters:
|
|
|
|
|
psFilters = ['chrome.printers.*']
|
|
|
|
|
elif not psFilters:
|
|
|
|
|
if entityType == Ent.ORGANIZATIONAL_UNIT:
|
|
|
|
|
psFilters = ['chrome.users.*',
|
|
|
|
|
@@ -28412,10 +28472,10 @@ def doPrintShowChromePolicies():
|
|
|
|
|
csvPF.AddTitles(['group'])
|
|
|
|
|
csvPF.SetSortAllTitles()
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
if printerId:
|
|
|
|
|
csvPF.AddSortTitles(['printerId'])
|
|
|
|
|
elif appId:
|
|
|
|
|
if app_id:
|
|
|
|
|
csvPF.AddSortTitles(['appId'])
|
|
|
|
|
elif printer_id:
|
|
|
|
|
csvPF.AddSortTitles(['printerId'])
|
|
|
|
|
else:
|
|
|
|
|
csvPF.SetJSONTitles(csvPF.titlesList+['JSON'])
|
|
|
|
|
policies = []
|
|
|
|
|
@@ -28442,11 +28502,7 @@ def doPrintShowChromePolicies():
|
|
|
|
|
if not csvPF:
|
|
|
|
|
jcount = len(policies)
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
kvList = [entityType, targetName]
|
|
|
|
|
if printerId:
|
|
|
|
|
kvList.extend([Ent.PRINTER_ID, printerId])
|
|
|
|
|
elif appId:
|
|
|
|
|
kvList.extend([Ent.APP_ID, appId])
|
|
|
|
|
kvList = setPolicyKVList([entityType, targetName], printer_id, app_id)
|
|
|
|
|
entityPerformActionModifierNumItems(kvList, Msg.MAXIMUM_OF, jcount, Ent.CHROME_POLICY)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
@@ -31676,6 +31732,8 @@ def doCreateGroup(ciGroupsAPI=False):
|
|
|
|
|
'query': getString(Cmd.OB_QUERY)})
|
|
|
|
|
elif ciGroupsAPI and myarg == 'makeowner':
|
|
|
|
|
initialGroupConfig = 'WITH_INITIAL_OWNER'
|
|
|
|
|
elif ciGroupsAPI and myarg in {'security', 'makesecuritygroup'}:
|
|
|
|
|
body['labels'][CIGROUP_SECURITY_LABEL] = ''
|
|
|
|
|
elif myarg == 'verifynotinvitable':
|
|
|
|
|
verifyNotInvitable = True
|
|
|
|
|
else:
|
|
|
|
|
@@ -34552,8 +34610,11 @@ def doPrintShowGroupTree():
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.writeCSVfile('Group Tree')
|
|
|
|
|
|
|
|
|
|
# gam create cigroup <EmailAddress> [copyfrom <GroupItem>] <GroupAttribute>
|
|
|
|
|
# [makeowner] [alias|aliases <CIGroupAliasList>] [dynamic <QueryDynamicGroup>]
|
|
|
|
|
# gam create cigroup <EmailAddress>
|
|
|
|
|
# [copyfrom <GroupItem>] <GroupAttribute>
|
|
|
|
|
# [makeowner] [alias|aliases <CIGroupAliasList>]
|
|
|
|
|
# [security|makesecuritygroup]
|
|
|
|
|
# [dynamic <QueryDynamicGroup>]
|
|
|
|
|
def doCreateCIGroup():
|
|
|
|
|
doCreateGroup(ciGroupsAPI=True)
|
|
|
|
|
|
|
|
|
|
@@ -37388,7 +37449,7 @@ def _doDeleteResourceCalendars(entityList):
|
|
|
|
|
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
|
|
|
|
|
customer=GC.Values[GC.CUSTOMER_ID], calendarResourceId=resourceId)
|
|
|
|
|
entityActionPerformed([Ent.RESOURCE_CALENDAR, resourceId], i, count)
|
|
|
|
|
except GAPI.serviceNotAvailable as e:
|
|
|
|
|
except GAPI.serviceNotAvailable as e:
|
|
|
|
|
entityActionFailedWarning([Ent.RESOURCE_CALENDAR, resourceId], str(e), i, count)
|
|
|
|
|
except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
|
|
|
|
|
checkEntityAFDNEorAccessErrorExit(cd, Ent.RESOURCE_CALENDAR, resourceId, i, count)
|
|
|
|
|
@@ -38320,6 +38381,7 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
|
|
|
|
|
for subfield in subfields:
|
|
|
|
|
body.pop(subfield, None)
|
|
|
|
|
|
|
|
|
|
cd = None
|
|
|
|
|
if function == 'insert' and myarg in {'id', 'eventid'}:
|
|
|
|
|
body['id'] = getEventID()
|
|
|
|
|
elif function == 'import' and myarg == 'icaluid':
|
|
|
|
|
@@ -38400,6 +38462,17 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
|
|
|
|
|
if responseStatus is not None:
|
|
|
|
|
addAttendee['responseStatus'] = responseStatus
|
|
|
|
|
parameters['attendees'].append(addAttendee)
|
|
|
|
|
elif function == 'update' and myarg == 'clearresources':
|
|
|
|
|
parameters['clearResources'] = True
|
|
|
|
|
elif myarg == 'resource':
|
|
|
|
|
if cd is None:
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
parameters['attendees'].append({'email': _validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True),
|
|
|
|
|
'responseStatus': 'accepted', 'resource': True})
|
|
|
|
|
elif myarg == 'removeresource':
|
|
|
|
|
if cd is None:
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
parameters['removeAttendees'].add(_validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True))
|
|
|
|
|
elif myarg == 'json':
|
|
|
|
|
jsonData = getJSON(EVENT_JSON_CLEAR_FIELDS)
|
|
|
|
|
if function == 'insert':
|
|
|
|
|
@@ -38709,7 +38782,7 @@ def _validateCalendarGetEvents(origUser, user, origCal, calId, j, jcount, calend
|
|
|
|
|
|
|
|
|
|
def _getCalendarCreateImportUpdateEventOptions(function, entityType):
|
|
|
|
|
body = {}
|
|
|
|
|
parameters = {'clearAttendees': False, 'replaceMode': False,
|
|
|
|
|
parameters = {'clearAttendees': False, 'replaceMode': False, 'clearResources': False,
|
|
|
|
|
'attendees': [], 'removeAttendees': set(),
|
|
|
|
|
'replaceDescription': [], 'sendUpdates': 'none',
|
|
|
|
|
'csvPF': None, 'FJQC': FormatJSONQuoteChar(None), 'showDayOfWeek': False}
|
|
|
|
|
@@ -38820,7 +38893,7 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
|
|
|
|
|
updateFieldList = []
|
|
|
|
|
if parameters['replaceDescription']:
|
|
|
|
|
updateFieldList.append('description')
|
|
|
|
|
if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees']):
|
|
|
|
|
if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees'] or parameters['clearResources']):
|
|
|
|
|
updateFieldList.append('attendees')
|
|
|
|
|
updateFields = ','.join(updateFieldList)
|
|
|
|
|
if 'attendees' not in updateFieldList:
|
|
|
|
|
@@ -38871,6 +38944,8 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
|
|
|
|
|
body['attendees'] = []
|
|
|
|
|
if parameters['removeAttendees']:
|
|
|
|
|
body['attendees'] = [attendee for attendee in body['attendees'] if attendee['email'].lower() not in parameters['removeAttendees']]
|
|
|
|
|
if parameters['clearResources']:
|
|
|
|
|
body['attendees'] = [attendee for attendee in body['attendees'] if not attendee['email'].lower().endswith('@resource.calendar.google.com')]
|
|
|
|
|
event = callGAPI(cal.events(), 'patch',
|
|
|
|
|
throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN,
|
|
|
|
|
GAPI.INVALID, GAPI.REQUIRED, GAPI.TIME_RANGE_EMPTY, GAPI.EVENT_DURATION_EXCEEDS_LIMIT,
|
|
|
|
|
@@ -39093,10 +39168,12 @@ def _wipeCalendarEvents(user, origCal, calIds, count):
|
|
|
|
|
continue
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(cal.calendars(), 'clear',
|
|
|
|
|
throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID, GAPI.REQUIRED_ACCESS_LEVEL],
|
|
|
|
|
throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID,
|
|
|
|
|
GAPI.REQUIRED_ACCESS_LEVEL, GAPI.SERVICE_NOT_AVAILABLE],
|
|
|
|
|
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
|
|
|
|
|
calendarId=calId)
|
|
|
|
|
entityActionPerformed([Ent.CALENDAR, calId], i, count)
|
|
|
|
|
except (GAPI.notFound, GAPI.forbidden, GAPI.invalid, GAPI.requiredAccessLevel) as e:
|
|
|
|
|
except (GAPI.notFound, GAPI.forbidden, GAPI.invalid, GAPI.requiredAccessLevel, GAPI.serviceNotAvailable) as e:
|
|
|
|
|
entityActionFailedWarning([Ent.CALENDAR, calId], str(e), i, count)
|
|
|
|
|
except GAPI.notACalendarUser:
|
|
|
|
|
userCalServiceNotEnabledWarning(calId, i, count)
|
|
|
|
|
@@ -39620,18 +39697,19 @@ def doCalendarsPrintShowSettings(calIds):
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.writeCSVfile('Calendar Settings')
|
|
|
|
|
|
|
|
|
|
def _validateResourceId(resourceId, i, count):
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
def _validateResourceId(cd, resourceId, i, count, exitOnNotFound):
|
|
|
|
|
try:
|
|
|
|
|
return callGAPI(cd.resources().calendars(), 'get',
|
|
|
|
|
throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
|
|
|
|
|
customer=GC.Values[GC.CUSTOMER_ID], calendarResourceId=resourceId, fields='resourceEmail')['resourceEmail']
|
|
|
|
|
except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
|
|
|
|
|
if exitOnNotFound:
|
|
|
|
|
entityDoesNotExistExit(Ent.RESOURCE_CALENDAR, resourceId, i, count)
|
|
|
|
|
checkEntityAFDNEorAccessErrorExit(cd, Ent.RESOURCE_CALENDAR, resourceId, i, count)
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=True):
|
|
|
|
|
calId = _validateResourceId(resourceId, i, count)
|
|
|
|
|
def _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=True):
|
|
|
|
|
calId = _validateResourceId(cd, resourceId, i, count, False)
|
|
|
|
|
if not calId:
|
|
|
|
|
return (None, None, 0)
|
|
|
|
|
if ACLScopeEntity['dict']:
|
|
|
|
|
@@ -39649,23 +39727,25 @@ def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAct
|
|
|
|
|
# gam resources <ResourceEntity> create calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
|
|
|
|
|
def doResourceCreateCalendarACLs(entityList):
|
|
|
|
|
cal = buildGAPIObject(API.CALENDAR)
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
role, ACLScopeEntity, sendNotifications = getCalendarCreateUpdateACLsOptions(True)
|
|
|
|
|
i = 0
|
|
|
|
|
count = len(entityList)
|
|
|
|
|
for resourceId in entityList:
|
|
|
|
|
i += 1
|
|
|
|
|
calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
|
|
|
|
|
calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
continue
|
|
|
|
|
_createCalendarACLs(cal, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
|
|
|
|
|
|
|
|
|
|
def _resourceUpdateDeleteCalendarACLs(entityList, function, ACLScopeEntity, role, sendNotifications):
|
|
|
|
|
cal = buildGAPIObject(API.CALENDAR)
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
i = 0
|
|
|
|
|
count = len(entityList)
|
|
|
|
|
for resourceId in entityList:
|
|
|
|
|
i += 1
|
|
|
|
|
calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
|
|
|
|
|
calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
continue
|
|
|
|
|
_updateDeleteCalendarACLs(cal, function, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
|
|
|
|
|
@@ -39688,13 +39768,14 @@ def doResourceDeleteCalendarACLs(entityList):
|
|
|
|
|
# [formatjson]
|
|
|
|
|
def doResourceInfoCalendarACLs(entityList):
|
|
|
|
|
cal = buildGAPIObject(API.CALENDAR)
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
ACLScopeEntity = getCalendarSiteACLScopeEntity()
|
|
|
|
|
FJQC = _getCalendarInfoACLOptions()
|
|
|
|
|
i = 0
|
|
|
|
|
count = len(entityList)
|
|
|
|
|
for resourceId in entityList:
|
|
|
|
|
i += 1
|
|
|
|
|
calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
|
|
|
|
|
calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
continue
|
|
|
|
|
_infoCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, ruleIds, jcount, FJQC)
|
|
|
|
|
@@ -39713,12 +39794,13 @@ def doResourceInfoCalendarACLs(entityList):
|
|
|
|
|
# [formatjson]
|
|
|
|
|
def doResourcePrintShowCalendarACLs(entityList):
|
|
|
|
|
cal = buildGAPIObject(API.CALENDAR)
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
csvPF, FJQC, noSelfOwner, addCSVData = _getCalendarPrintShowACLOptions(['resourceId', 'resourceEmail'])
|
|
|
|
|
i = 0
|
|
|
|
|
count = len(entityList)
|
|
|
|
|
for resourceId in entityList:
|
|
|
|
|
i += 1
|
|
|
|
|
calId = _validateResourceId(resourceId, i, count)
|
|
|
|
|
calId = _validateResourceId(cd, resourceId, i, count, False)
|
|
|
|
|
if not calId:
|
|
|
|
|
continue
|
|
|
|
|
_printShowCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, csvPF, FJQC, noSelfOwner, addCSVData)
|
|
|
|
|
@@ -58806,6 +58888,8 @@ def initCopyMoveOptions(copyCmd):
|
|
|
|
|
'fileMimeTypes': set(),
|
|
|
|
|
'notMimeTypes': False,
|
|
|
|
|
'copySubFilesOwnedBy': None,
|
|
|
|
|
'copyPermissionRoles': set(DRIVEFILE_ACL_ROLES_MAP.values()),
|
|
|
|
|
'copyPermissionTypes': set(DRIVEFILE_ACL_PERMISSION_TYPES),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DUPLICATE_FILE_CHOICES = {
|
|
|
|
|
@@ -58894,6 +58978,20 @@ def getCopyMoveOptions(myarg, copyMoveOptions):
|
|
|
|
|
copyMoveOptions['copyFileInheritedPermissions'] = getBoolean()
|
|
|
|
|
elif myarg == 'copyfilenoninheritedpermissions':
|
|
|
|
|
copyMoveOptions['copyFileNonInheritedPermissions'] = COPY_NONINHERITED_PERMISSIONS_ALWAYS if getBoolean() else COPY_NONINHERITED_PERMISSIONS_NEVER
|
|
|
|
|
elif myarg == 'copypermissionroles':
|
|
|
|
|
copyMoveOptions['copyPermissionRoles'] = set()
|
|
|
|
|
for prole in getString(Cmd.OB_PERMISSION_ROLE_LIST).lower().replace(',', ' ').split():
|
|
|
|
|
if prole in DRIVEFILE_ACL_ROLES_MAP:
|
|
|
|
|
copyMoveOptions['copyPermissionRoles'].add(DRIVEFILE_ACL_ROLES_MAP[prole])
|
|
|
|
|
else:
|
|
|
|
|
invalidChoiceExit(prole, DRIVEFILE_ACL_ROLES_MAP, True)
|
|
|
|
|
elif myarg == 'copypermissiontypes':
|
|
|
|
|
copyMoveOptions['copyPermissionTypes'] = set()
|
|
|
|
|
for ptype in getString(Cmd.OB_PERMISSION_TYPE_LIST).lower().replace(',', ' ').split():
|
|
|
|
|
if ptype in DRIVEFILE_ACL_PERMISSION_TYPES:
|
|
|
|
|
copyMoveOptions['copyPermissionTypes'].add(ptype)
|
|
|
|
|
else:
|
|
|
|
|
invalidChoiceExit(ptype, DRIVEFILE_ACL_PERMISSION_TYPES, True)
|
|
|
|
|
elif myarg == 'copysheetprotectedranges':
|
|
|
|
|
if getBoolean():
|
|
|
|
|
copyMoveOptions['copySheetProtectedRangesInheritedPermissions'] = True
|
|
|
|
|
@@ -59007,15 +59105,20 @@ def _copyPermissions(drive, user, i, count, j, jcount,
|
|
|
|
|
def isPermissionCopyable(kvList, permission):
|
|
|
|
|
role = permission['role']
|
|
|
|
|
emailAddress = permission.get('emailAddress', '')
|
|
|
|
|
permissionType = permission['type']
|
|
|
|
|
domain = ''
|
|
|
|
|
if copyMoveOptions['excludePermissionsFromDomains'] or copyMoveOptions['includePermissionsFromDomains']:
|
|
|
|
|
if permission['type'] in {'group', 'user'}:
|
|
|
|
|
if permissionType in {'group', 'user'}:
|
|
|
|
|
atLoc = emailAddress.find('@')
|
|
|
|
|
if atLoc > 0:
|
|
|
|
|
domain = emailAddress[atLoc+1:]
|
|
|
|
|
elif permission['type'] == 'domain':
|
|
|
|
|
elif permissionType == 'domain':
|
|
|
|
|
domain = permission.get('domain', '')
|
|
|
|
|
if permission['inherited'] and not copyMoveOptions[copyInherited]:
|
|
|
|
|
if role not in copyMoveOptions['copyPermissionRoles']:
|
|
|
|
|
notCopiedMessage = f'role {role} not selected'
|
|
|
|
|
elif permissionType not in copyMoveOptions['copyPermissionTypes']:
|
|
|
|
|
notCopiedMessage = f'type {permissionType} not selected'
|
|
|
|
|
elif permission['inherited'] and not copyMoveOptions[copyInherited]:
|
|
|
|
|
notCopiedMessage = 'inherited not selected'
|
|
|
|
|
elif not permission['inherited'] and copyMoveOptions[copyNonInherited] == COPY_NONINHERITED_PERMISSIONS_NEVER:
|
|
|
|
|
notCopiedMessage = 'noninherited not selected'
|
|
|
|
|
@@ -59031,8 +59134,8 @@ def _copyPermissions(drive, user, i, count, j, jcount,
|
|
|
|
|
notCopiedMessage = f'domain {domain} excluded'
|
|
|
|
|
elif domain and copyMoveOptions['includePermissionsFromDomains'] and domain not in copyMoveOptions['includePermissionsFromDomains']:
|
|
|
|
|
notCopiedMessage = f'domain {domain} not included'
|
|
|
|
|
elif permission.pop('deleted', False):
|
|
|
|
|
notCopiedMessage = f"{permission['type']} {permission['emailAddress']} deleted"
|
|
|
|
|
elif permission.pop('deleted', False) or (permissionType in {'group', 'user'} and not emailAddress):
|
|
|
|
|
notCopiedMessage = f"{permissionType} deleted or has blank email address"
|
|
|
|
|
elif ((copyInherited == 'copySheetProtectedRangesInheritedPermissions' and copyMoveOptions[copyInherited]) or
|
|
|
|
|
(copyNonInherited == 'copySheetProtectedRangesNonInheritedPermissions' and
|
|
|
|
|
copyMoveOptions[copyNonInherited] != COPY_NONINHERITED_PERMISSIONS_NEVER)):
|
|
|
|
|
@@ -59470,6 +59573,8 @@ copyReturnItemMap = {
|
|
|
|
|
# [copysubfolderpermissions [<Boolean>]]
|
|
|
|
|
# [copysubfolderinheritedpermissions [<Boolean>]]
|
|
|
|
|
# [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
|
|
|
|
|
# [copypermissionroles <DriveFileACLRoleList>]
|
|
|
|
|
# [copypermissiontypes <DriveFileACLTypeList>]
|
|
|
|
|
# [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
|
|
|
|
# (mappermissionsdomain <DomainName> <DomainName>)*
|
|
|
|
|
# [copysheetprotectedranges [<Boolean>]]
|
|
|
|
|
@@ -60284,6 +60389,8 @@ def _updateMoveFilePermissions(drive, user, i, count,
|
|
|
|
|
# [copysubfolderpermissions [<Boolean>]]
|
|
|
|
|
# [copysubfolderinheritedpermissions [<Boolean>]]
|
|
|
|
|
# [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
|
|
|
|
|
# [copypermissionroles <DriveFileACLRoleList>]
|
|
|
|
|
# [copypermissiontypes <DriveFileACLTypeList>]
|
|
|
|
|
# [synctopfoldernoniheritedpermissions [<Boolean>]] [syncsubfoldernoninheritedpermissions [<Boolean>]]
|
|
|
|
|
# [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
|
|
|
|
# (mappermissionsdomain <DomainName> <DomainName>)*
|
|
|
|
|
@@ -67547,10 +67654,10 @@ def updatePhoto(users):
|
|
|
|
|
body = {'photoData': base64.urlsafe_b64encode(image_data).decode(UTF8)}
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(cd.users().photos(), 'update',
|
|
|
|
|
throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT],
|
|
|
|
|
throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT, GAPI.CONDITION_NOT_MET],
|
|
|
|
|
userKey=user, body=body, fields='')
|
|
|
|
|
entityActionPerformed([Ent.USER, user, Ent.PHOTO, filename], i, count)
|
|
|
|
|
except GAPI.invalidInput as e:
|
|
|
|
|
except (GAPI.invalidInput, GAPI.conditionNotMet) as e:
|
|
|
|
|
entityActionFailedWarning([Ent.USER, user, Ent.PHOTO, filename], str(e), i, count)
|
|
|
|
|
except (GAPI.userNotFound, GAPI.forbidden):
|
|
|
|
|
entityUnknownWarning(Ent.USER, user, i, count)
|
|
|
|
|
@@ -69300,13 +69407,18 @@ LABEL_COUNTS_FIELDS = ','.join(LABEL_COUNTS_FIELDS_LIST)
|
|
|
|
|
def printShowLabels(users):
|
|
|
|
|
def _buildLabelTree(labels):
|
|
|
|
|
def _checkChildLabel(label):
|
|
|
|
|
if label.find('/') != -1:
|
|
|
|
|
(parent, base) = label.rsplit('/', 1)
|
|
|
|
|
labelItemList = label.split('/')
|
|
|
|
|
i = len(labelItemList)-1
|
|
|
|
|
while i > 0:
|
|
|
|
|
parent = '/'.join(labelItemList[:i])
|
|
|
|
|
base = '/'.join(labelItemList[i:])
|
|
|
|
|
if parent in labelTree:
|
|
|
|
|
if label in labelTree:
|
|
|
|
|
labelTree[label]['info']['base'] = base
|
|
|
|
|
labelTree[parent]['children'].append(labelTree.pop(label))
|
|
|
|
|
_checkChildLabel(parent)
|
|
|
|
|
return
|
|
|
|
|
i -= 1
|
|
|
|
|
|
|
|
|
|
labelTree = {}
|
|
|
|
|
for label in labels['labels']:
|
|
|
|
|
|
