问题描述
我正在尝试使用以下代码将所有权从服务帐户创建的文档转移给位于同一 Google Apps 帐户中的另一个用户,但出现以下错误
I am attempting to transfer ownership from a Service Account created document to another user who resides within the same Google Apps account using the code below but am getting the following error
资源主体包含不可直接写入的字段.[403]错误 [消息[资源正文包含不可直接写入的字段.] Location[ - ] Reason[fieldNotWritable] Domain[global]]
var service = GetService();
try
{
var permission = GetPermission(fileId, email);
permission.Role = "owner";
var updatePermission = service.Permissions.Update(permission, fileId, permission.Id);
updatePermission.TransferOwnership = true;
return updatePermission.Execute();
}
catch (Exception e)
{
Console.WriteLine("An error occurred: " + e.Message);
}
return null;
注释掉//permission.Role = "owner";返回下面的错误
Commenting out // permission.Role = "owner"; returns the error below
当权限角色为所有者"时,必须启用 transferOwnership 参数.[403] 错误 [消息[当权限角色为所有者"时,必须启用 transferOwnership 参数.] Location[transferOwnership - parameter] Reason[forbidden] Domain[global]]
分配任何其他权限都可以正常工作.因此,这是服务帐户无法将所有权转移到不使用@gserviceaccount.com 电子邮件地址的任何其他帐户的限制(即our-project@appspot.gserviceaccount.com > email@domain.com)?
Assigning any other permissions works fine. Therefore, is this a limitation of the Service Account not being able to transfer ownership to any other account that doesn't use the @gserviceaccount.com email address (i.e. our-project@appspot.gserviceaccount.com > email@domain.com)?
email@domain.com 电子邮件地址已创建并在 Google Apps 中进行管理.
The email@domain.com email address has been created and is managed within Google Apps.
在这种情况下,这是无法实现的,关于下一步该去哪里的任何指示?我们需要多个用户能够通过 API 即时创建文档并分配权限和转移所有权.
In the case, it is not achievable, any pointers on where to look next? We need multiple users to have the ability to create documents ad hoc and assign permissions and transfer ownership on the fly via the API.
谢谢
推荐答案
我找到了答案,并为遇到此问题的其他人发帖.
I have found the answer and am posting for anyone else who comes across this question.
- 您不能使用 Google 推荐的服务帐户密钥 JSON 文件".
- 您需要使用 p.12 证书文件进行身份验证.
创建模拟账户驱动服务的代码如下.
- You can not use the 'Service Account Key JSON file' as recommended by Google.
- You need to use the p.12 certificate file for authentication.
The code to create a drive service for mimicking accounts is as follows.
public DriveService GetService(string certificatePath, string certificatePassword, string googleAppsEmailAccount, string emailAccountToMimic, bool allowWrite = true)
{
var certificate = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(googleAppsEmailAccount)
{
Scopes = new[] { allowWrite ? DriveService.Scope.Drive : DriveService.Scope.DriveReadonly },
User = emailAccountToMimic
}.FromCertificate(certificate));
// Create the service.
return new DriveService(new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName
});
}
您需要按照此处列出的步骤在域范围内委派服务帐户的权限.
You need to follow the steps listed here to delegate domain-wide authority to the service account.
这篇关于Google Drive API - 从服务帐户转移所有权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!