(core) Extending Google Drive integration scope

Summary: New environmental variable GOOGLE_DRIVE_SCOPE that modifies the scope requested for Google Drive integration. For prod it has value https://www.googleapis.com/auth/drive.file which leaves current behavior (Grist is allowed only to access public files and for private files - it fallbacks to Picker). For staging it has value https://www.googleapis.com/auth/drive.readonly which allows Grist to access all private files, and fallbacks to Picker only when the file is neither public nor private). Default value is https://www.googleapis.com/auth/drive.file Test Plan: manual and existing tests Reviewers: dsagal Reviewed By: dsagal Subscribers: dsagal Differential Revision: https://phab.getgrist.com/D3038
2026-03-02 04:09:24 +00:00 · 2021-09-30 10:19:22 +02:00
parent a0c53f2b61
commit 42910cb8f7
13 changed files with 302 additions and 131 deletions
--- a/app/common/ActiveDocAPI.ts
+++ b/app/common/ActiveDocAPI.ts
@@ -1,7 +1,7 @@
 import {ActionGroup} from 'app/common/ActionGroup';
 import {CellValue, TableDataAction, UserAction} from 'app/common/DocActions';
 import {FormulaProperties} from 'app/common/GranularAccessClause';
-import {UploadResult} from 'app/common/uploads';
+import {FetchUrlOptions, UploadResult} from 'app/common/uploads';
 import {ParseOptions} from 'app/plugin/FileParserAPI';
 import {IMessage} from 'grain-rpc';

@@ -207,7 +207,7 @@ export interface ActiveDocAPI {
  /**
   * Fetch content at a url.
   */
-  fetchURL(url: string): Promise<UploadResult>;
+  fetchURL(url: string, options?: FetchUrlOptions): Promise<UploadResult>;

  /**
   * Find and return a list of auto-complete suggestions that start with `txt`, when editing a
--- a/app/common/gristUrls.ts
+++ b/app/common/gristUrls.ts
@@ -456,6 +456,12 @@ export interface GristLoadConfig {
  // Google Client Id, used in Google integration (ex: Google Drive Plugin)
  googleClientId?: string;

+  // Max scope we can request for accessing files from Google Drive.
+  // Default used by Grist is https://www.googleapis.com/auth/drive.file:
+  // View and manage Google Drive files and folders that you have opened or created with this app.
+  // More on scopes: https://developers.google.com/identity/protocols/oauth2/scopes#drive
+  googleDriveScope?: string;
+
  // List of registered plugins (used by HomePluginManager and DocPluginManager)
  plugins?: LocalPlugin[];
 }
--- a/app/common/uploads.ts
+++ b/app/common/uploads.ts
@@ -42,3 +42,12 @@ export interface FileUploadResult {
 * the page's <base> will be respected.
 */
 export const UPLOAD_URL_PATH = 'uploads';
+
+/**
+ * Additional options for fetching external resources.
+ */
+export interface FetchUrlOptions {
+  googleAuthorizationCode?: string;   // The authorization code received from Google Auth Service.
+  fileName?: string;                  // The filename for external resource.
+  headers?: {[key: string]: string};  // Additional headers to use when accessing external resource.
+}