I have a Google Spreadsheet containing a script that I wrote. The script updates a per-person sheet named after the logged in user, or creates a new one if it's not there yet.
I shared it in "can edit" mode with other people, expecting the code accessing the user name to work as it did in my case, but apparently it doesn't.
Google Apps Script seems to contain three ways to get the name of the current user:
Session.getActiveUser()
Session.getEffectiveUser()
Session.getUser()
and all of them return the empty string when I'm not the user running the script.
(Btw I'm having a hard time to tell the difference between them...)
Considering that I'm sharing this spreadsheet in read/write mode, I would be a bit surprised if this was an intended security method... it's not like I don't know the emails of the people accessing the spreadsheet I've explicitly shared with them... Plus, Google is asking for permission anyway, couldn't it ask for permission to access the user name as well??
Is there a way around this?
Is there a way around this?
These methods only work if you're using a Google Apps account and you're on the same domain as the user. If not, then there's no way to get the user id. AFAIK Google removed this feature completely for regular accounts. You may try to argue with them opening an issue here.
Related
I am learning to access Google Sheets using Python (c/q gspread)
my current script is as simple as one from here.
gc = gspread.oauth(
credentials_filename='path/to/the/credentials.json',
authorized_user_filename='path/to/the/authorized_user.json'
)
It displays a login screen like:
That screen tells my enduser that my script will able to:
See, edit, create, and delete all of their Google Drive, and/or
See, edit, create, and delete all of their Google Sheet spreadsheets.
I'm pretty sure that two things will scared my end user.
Is there any 'scope' that will only give my script to a sheet that shared to my endusers account and the access right is following what sheet owner set for each endusers.
The best scope to use in your case is https://www.googleapis.com/auth/drive.file. This is a flexible scope that will be granted individually in a per-user basis.
Of course, if you want to be as restrictive as possible the best scope is https://www.googleapis.com/auth/drive.apps.readonly, but its functionality is pretty limited (as the same says, only reading and no editing).
You can read more about the different scopes here.
Unfortunately, you cannot get rid of the authorization screen, you can read how Google authorizes access to the APIs with OAuth here.
I'm posting here because I'm hoping someone can help me edit the link to a google sheet. I haven't been able to find the answer online, but I'm hoping maybe someone understands how the link works better than I and can give me an answer.
I've been tasked with updating the application for funding (from a non-profit) to include a budget category. The application is in Google Forms, but there's no way to insert a table into the form for an applicant to fill out. I created the budget outline in a Google Sheet, but now I'm trying to find the best solution to create an individual link within the form that will lead them to the budget document. Essentially, I'm hoping the applicant can fill out the form, and when they reach the section about their budget, I want them to click the link to the google sheet, have it make a copy, but have the copy be shared with the organization's google account so we can see it when they submit their application.
I've experiment with the forced copy feature (editing the shared link by google), but when I test it from a different google account than the owner, it tells me I have to request permission. The share settings are set to allow anyone with the link to access, so I don't understand why it's asking me to request permission when I open the force copy link. This isn't going to work because the applicants need to access it when applying, and we can't have them waiting for us to accept the request every time.
I'm sure there could be a few solutions, so I'm open to any advice. The only other solution I can possibly think of is creating individual links for each applicant, if there's a way to automate that?
I recognize there could be a solution where I ask the applicant to download the file and re-upload, or share it themselves, but our applicants are not native english speakers and they are often non very comfortable with technology, so I want to automate the process as much as possible.
To summarize: The applicant should be able to
Fill out the google form
Receive an individual copy of the budget document (from google sheets) to fill out.
The budget document must be shared with the original owner so we can see it and see how it relates to the rest of their application.
Thank you for your consideration!
A solution for your use-case would be to make use of Apps Script.
Apps Script is a powerful development platform which can be used to build web apps and automate tasks. What makes it special is the fact that it is easy to use and to create applications that integrate with G Suite.
Taking this into account, you can create a script which will create a copy of the document whenever a new form submission is made and add the permissions needed for the user. Essentially, you will be the one owning the copy of the sheet as well and the candidates will have edit permissions.
Therefore, the script will end up looking something similar to this:
Code
function onFormSubmit() {
let sheetId = 'ORIGINAL_SPREADSHEET_ID';
let form = FormApp.getActiveForm();
let responses = form.getResponses();
let n = responses.length;
let currentUser = form.getResponse(responses[n-1].getId()).getRespondentEmail();
let newSpreadsheet = SpreadsheetApp.openById(sheetId).copy("Sheet copy for " + currentUser);
let newSpreadsheetId = newSpreadsheet.getId();
DriveApp.getFileById(newSpreadsheetId).addEditor(currentUser);
}
Explanation
The above snippet makes use of the Apps Script's onFormSubmit installable trigger. Basically, whenever a new form submission is sent, the code above will run. The code will retrieve the last response which was submitted and get the user's email address by making use of the getRespondentEmail method. Afterwards, a copy of the original spreadsheet will get created and shared with the editor permission with the user who just submitted the form. Adding the permission is done by making use of the addEditor method from the DriveApp parent class. As for the user accessing the copy of the spreadsheet, this is easily done as the user will end up receiving an email telling them that a spreadsheet has been shared with them.
Setup
You will have to have the Collect emails option checked for the form;
Open the three dots icon and click on Script Editor;
Once you open the script editor, input the code from above and do not forget to modify the sheetId such that it matches the id of your original spreadsheet that you want to share.
Install the onFormSubmit trigger by going to the Triggers page and create a new trigger with the following options:
Send the URL form to the candidates and wait for submission to be sent.
Reference
Google Apps Script;
Apps Script Installable Triggers;
Apps Script SpreadsheetApp Class;
Apps Script FormApp Class;
Apps Script DriveApp Class.
What is the best-supported approach for tracking logged-in Usernames/Ids in App Insights telemetry?
A User with Username "JonTester1" said some Pages he visited 4 hours ago were really slow. How can I see everything JonTester1 did in App Insights to trouble shoot/know which pages he's referring to?
Seems like User Id in App Insights is some Azure-generated anonymized thing like u7gbh that Azure ties to its own idea of the same user (thru cookie?). It doesn't know about our app's usernames at all.
I've also seen a separate field in App Insights called Auth Id (or user_AuthenticatedId in some spots), which looks to sometimes have the actual username e.g. "JonTester1" filled in - but not always... And while I don't see any mention of this field in the docs, it seems promising. How is our app's code/config supposed to be setting that Auth Id to make sure every App Insights log/telemetry has it set?
Relevant MS docs:
https://learn.microsoft.com/en-us/azure/azure-monitor/app/usage-send-user-context
This looks to just copy one library Telemetry object's User Id into another... no mention of our custom, helpful Username/Id anyway... and most in-the-wild examples I see don't actually look like this, including MS docs own examples in the 3rd link below; they instead hardcode get a new TelemetryClient()
https://learn.microsoft.com/en-us/azure/azure-monitor/app/website-monitoring No mention of consistently tracking a custom Username/Id
https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics#authenticated-users Shows some different helpful pieces, but still no full example. E.g. it says with only the setAuth... JS function call (still no full example of working client-side JS that tracks User) on the page, you don't need any server-side code for it to track custom User Id across both client-side and server-side telemetry sent to Azure... yet then it also shows explicit code to new up a TelemetryClient() server-side to track User Id (in the Global.asax.cs or where?)... so you do need both?
Similar SO questions, but don't connect the dots/show a full solution:
Azure Insights telemetry not showing Auth ID on all transactions
Application Insights - Tracking user and session across schemas
How is Application insight tracking the User_Id?
Display user ID in the metrics of application Insight
I'm hoping this question and answers can get this more ironed out; hopefully do a better job of documentation than the relevant MS docs...
The first link in your question lists the answer. What it does show you is how to write a custom telemetry initializer. Such an initializer lets you add or overwrite properties that will be send along any telemetry that is being send to App Insights.
Once you add it to the configuration, either in code or the config file (see the docs mentioned earlier in the answer) it will do its work without you needing to create special instances of TelemetryClient. That is why this text of you does not make sense to me:
[…] and most in-the-wild examples I see don't actually look like this, including MS docs own examples in the 3rd link below; they instead hardcode get a new TelemetryClient()
You can either overwrite the value of UserId or overwrite AuthenticatedUserId in your initializer. You can modify the code given in the docs like this:
if (requestTelemetry != null && !string.IsNullOrEmpty(requestTelemetry.Context.User.Id) &&
(string.IsNullOrEmpty(telemetry.Context.User.Id) || string.IsNullOrEmpty(telemetry.Context.Session.Id)))
{
// Set the user id on the Application Insights telemetry item.
telemetry.Context.User.AuthenticatedUserId = HttpContext.Current.User.Identity.Name;
}
You can then see the Auth Id and User Id by going to your AI resource -> Search and click an item. Make sure to press "Show All" first, otherwise the field is not displayed.
Auth Id in the screenshot below is set to the user id from the database in our example:
We access the server from azure functions as well so we set the user id server side as well since there is no client involved in such scenarios.
There is no harm in settting it in both places, javascript and server side via an initializer. That way you cover all scenario's.
You can also manually add user id to app insights by
appInsights.setAuthenticatedUserContext(userId);
See App Insights Authenticated users
I am looking to set up 2 rails apps (with the same tld) which have single sign on and share some user data. If I have railsapp.com I will have the second app set up as otherapp.railsapp.com or railsapp.com/otherapp. I will most likely have railsapp.com handle registration/login etc (open to suggestion if this is not the best solution).
So lets say I sign up and upload an avatar and start accumulating user points on the main-app, I can then browse to the other-app and my profile there has the correct avatar and points total. is there an easy way to achieve this? Do the available SSO solutions create the user in the second app with the same user ID? if not, how are they tied together? (ie how can I query the other app for information I would like to be shared across the 2 - user points and avatar) I was initially looking at sharing a database or at least the user table between the 2 apps, but I can't help thinking there must be an easier solution?
I think the simplest solution is if you set the cookie on the .railsapp.com domain, then it should be sent when you do requests to otherapp.railsapp.com or any other subdomain (just stressing that as it might be a security concern). Remember to mark the cookie as secure!
And a extra bit you might need to make this work, is to store authentication tokens on a database so they can be shared between the two apps.
Disclaimer: I don't have much experience with Rails anymore, so I'm not sure if some of the frameworks like Devise can do something like this out of the box.
Edit
Got curious and ... google had the answer: http://codetheory.in/rails-devise-omniauth-sso/
In the Simperium documentation/help section there is the following text:
All the data that is created seems like it must be tied to a user - is
that correct? Is it possible to have data that isn't tied to a user -
say a database of locations or beers?
Yes, though this isn't very clear yet. You can create a public user
(i.e., a public namespace) with an access token you share with other
users of your app so anyone can read/write to that namespace.
It's possible to limit this to read-only access as well if you need to
authoritatively publish data from a backend service.
Is there an actual example with this?
The scenario I have is as follows
My app will have a calendar
The primary user can add and remove data from the calendar
They will want to invite other users to add and remove data, my thought is that they can give them a token, the user can use their email address and this token to sign in
Am I on the right track?
You're definitely on the right track, but a little too far ahead on that track. The scenario you described is a great fit for Simperium, but sharing and collaboration features aren't yet released.
The help text you quoted is for authoritatively pushing content, for example from a custom backend to all users of your app. An example of this would be a news stream that updates on all clients as new content is added.
This is quite different than sharing calendar data among a group of users who have different access permissions, which is actually a better use of Simperium's strengths. We have a solution for this that we've tested internally, but we're using what we've learned to build a better version of it that will be more scalable for production use.
There's no timeline for this yet, but you'll see it announced on your dashboard at simperium.com.