Non-editing author permissions Google Calendar - oauth

I have a web application that allows users to sign in with their Google Account and create events on a Google Calendar. However, I only want one specific user to edit/delete already existing events in the calendar and all other users should only be able to add events to the Calendar.
A permission similar to this exists on Outlook, which has a permission called Non-editing author. Is the same available for Google Calendar?

both the events.insert and the events.update / events.patch require the scope of
https://www.googleapis.com/auth/calendar read/write access to Calendars
Which technically gives a user access to read and write to any part of the calendar not just the events. Your application is going to have to limit access the calendar api does not give you this ability.

Related

Microsoft Graph API for external users

In my application, I need to get user data like user name and email, also using API, I use find meeting time and create calendar event. Users those will use application will not be in my AD group.
Is there some scenario for making API workable for external users?
There are certain limitations and for guest users in the organizations:https://learn.microsoft.com/en-us/graph/api/resources/users?view=graph-rest-1.0#user-and-group-search-limitations-for-guest-users-in-organizations
For inviting or adding the Add a guest user and send an invitation please refer :https://learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal

Shared calendars through Microsoft Graph

I'm viewing shared calendars in my app. It uses delegated workflow with permission Calendar.Read.Shared and Users.ReadBasic.All
I don't really understand how to sharing works when it comes to the API
Some users shared calendars are not shown when accessing /users/{userId}/calendars (they are visible in outlook)
Some users calendars are returned when using /users/{userId}/calendars but when trying to access the calendar events I get 403. Why are the calendar available to access but not the events? (they are visible in outlook).
I'm able to get both calendars and event in some cases
I'm guessing there are some settings on the calendars themselves that make this difference but I'm not able to see the difference in the calendar object I get from the /users/{userId}/calendars response or from the calendars when I view them in outlook.
I have verified the behaviour in Graph Explorer so it is not code related.
Is there another way to access all shared calendars?

Sharing a calendar with another user via the Microsoft Graph API

I'm working on an application that does OAuth authorization on behalf of multiple users. My application wants to be able to create a calendar for user A and then share that calendar as read only to user B. It will then create events on that calendar so that they appear for user A as read/write and for user B as read only.
Obviously the Microsoft Graph API supports creating a calendar and putting events on it. My question pertains to the sharing part.
Does the Microsoft Graph API (or the Outlook 365 REST API) support sharing a calendar from one user to another user? I wouldn't want user B to receive the typical email that announces that user A shared a calendar with them. After creating the calendar under user A's account, I'd want to use user A's credentials to set up the sharing permission to user B. Then I would use user B's credentials to add the shared calendar to their list of calendars so that they see it in the Outlook 365 calendar interface.
I've read through a lot of the documentation and have been playing around with a prototype, but I can't find where this use case is supported.
I'm afraid this isn't possible to do via Microsoft Graph. The scenario seems reasonably straight forward, I recommend visiting the UserVoice and adding this suggestion.

Rails: Allow user to retrieve my Google Calendar events

I am ultimately trying to allow a User to schedule an appointment inside of my Google Calendar from a Rails application I built. First, I will need to retrieve a list of already taken Google Calendar events. I only know how to allow the User to access their Google Calendar events through Oauth2.0, but is there a way to allow every user to have access to mine?
I am not asking for any code, as much as I am asking for direction and clarification regarding this issue, thank you.

Embedding an interactive google calendar in website for multiple groups of users

I am thinking to embed google calendar in my website to achieve the following and was wondering if this is doable in google calendar. Otherwise I have to go find another solution.
I have groups of users with one super user, and rest are regular users as follows:
GroupA
Super User 1
Regular User 1
Regular user 2
etc
Group B
Super User 2
Regular User 3
Regular User 4
etc
Each group have their own calendar. Users in each group can not see the other group's calendar. Only able to see their own group's calendar.
Super users of each group have all access to the calendar (add, modify, delete) and have the ability to control how much access regular users have in their group. (read only? read/write etc)
All users are registered to my website, therefore I am thinking to use only one google calendar account (my own account) to create a calendar for each group. Which leads to a question of authenticating my website to google's API. I need the authentication process to be automatic, hidden away from the user and be done on the server side.
My site is built using PHP/Mysql
Q1:
I have tried the Javascript client library provided by google, however it require the user to type in username/password to log into google so that the authentication (OAuth2) process can work. As mentioned in previous paragraph, I only want the user's to log into my website, they do not need to login again into google account. This should be done on serverside.
I even went as far to create a login form with information prepopulated (hidden from the user, the username/password will be visible in "view page source") and send the request to https://accounts.google.com/ServiceLoginAuth, and make the form automatic submit once the user successfully login into my website. However this causes cross domain issues.
Q2:
I may potentially have 10's of thousands of groups registered on my website. each group may have couple hundred users. Can one single google account create that many calendars?
Q3:
Once the calendar is embedded into my website, it seems to be read-only. Is it possible to make it interactive so super users in each group can add/delete/modify events?
Any ideas/suggestions is much appreciated.
Thank you
No answers? It seems like your question is straightforward. If I understand correctly, you want to access calendars from several Google accounts/users. Each user needs to authorize this access, but they only need to do so once. You could generate these requests and send them out via email, for example. When the user grants permission, Google forwards a grant code to your specified callback_uri. The grant code is extremely volatile. It's used to request a token from Google that apparently lasts indefinitely. So there's no requirement that users continually log into Google.
In Google's calendar/simple.php example. The token is stored as a SESSION variable. Even though the token is persistent, the SESSION variable is not. Users have to grant authorization every time the SESSION variable expires. Storing persistent data in a volatile variable is absurd and probably gives the wrong impression about the OAuth2 token mechanism.
I spent a lot of time writing documentation that I couldn't find anywhere else. Please take a look if you think it might help: http://www.tqis.com/eloquency/googlecalendar.htm
What you're asking isn't possible in Google Calendar.
If you're looking to support thousands of groups and each group needs it's own calendar, then you're saying that you'd need thousands of calendars with access control and you'd need authentication to the calendar to be transparent.

Resources