Marketplace app + Provisioning API: check if user is admin

StackOverflow https://stackoverflow.com/questions/6049427

Pergunta

I'm trying to check if a user is admin of their Google Apps domain, in an app installed from the Google Apps marketplace.

I added this to manifest.xml:

<Scope id="Provisioning API">
  <Url>https://apps-apis.google.com/a/feeds/user/#readonly</Url>
  <Reason>This application can list domain users to give them permissions.</Reason>
</Scope>

Then I set a test handler to get it working:

from google.appengine.ext import webapp
from google.appengine.ext.webapp import util

import gdata.alt.appengine
import gdata.apps.service
import gdata.auth

# App id, key and secret from the Google Apps Marketplace.
APPLICATION_ID = 'XXX'
CONSUMER_KEY = 'XXX'
CONSUMER_SECRET = 'XXX'

class SetupHandler(webapp.RequestHandler):
    def get(self, *args):
        # The domain where this app is installed.
        domain = 'my_customer_domain.com'
        # A username to check.
        username = 'webmaster'

        sig_method = gdata.auth.OAuthSignatureMethod.HMAC_SHA1
        service = gdata.apps.service.AppsService(source='tipfy-com',
                                                 domain=domain)
        service.SetOAuthInputParameters(sig_method, CONSUMER_KEY,
                                        consumer_secret=CONSUMER_SECRET,
                                        two_legged_oauth=True,
                                        requestor_id=APPLICATION_ID)
        service.ssl = True
        service.debug = True
        gdata.alt.appengine.run_on_appengine(service)

        lookup_user = service.RetrieveUser(username)
        if lookup_user.login.admin == 'true':
            res = username + ' is an admin.'
        else:
            res = username + ' is not an admin.'

        self.response.out.write(res)

app = webapp.WSGIApplication([
    ('/.*', SetupHandler),
], debug=True)

def main():
    util.run_wsgi_app(app)

if __name__ == '__main__':
    main()

But I get a 401 response ("Unknown authorization header"). I don't know what I'm doing incorrectly or how to debug it further.

  • Is the manifest entry correct?
  • Splitting user.email() is ok to get the user's username and domain? (I debugged it and in my case it was: I got 'webmaster' and 'example.com', which was the user and Google Apps domain where the app was installed).

What am I missing?

Edit: For some reason, the admin panel didn't ask permission to grant access to the provided scopes. After I granted it, the code above worked. So take it as a working example!

Foi útil?

Solução

You don't have to re-add your app for the scopes work, just make sure in your GoogleApps admin dashboard, on the application settings, you "Grant access" and the Data Access is "Granted". Otherwise just grant that access.

Splitting user.email() works like a charm for me, because user.nickname() in localhost testing contains a full email, not like production (where it contains the username).

Make sure the user requesting is an admin.

Outras dicas

I met exactly the same problem, which keep giving me:

Unknown authorization header

Error 401

I'm using the free version of Google Apps, is this might be the root cause of this problem? As i know Provisioning API only supports premium account.

Admin apis [provisioning api etc.] are now available to editions of Google Apps.

http://googleappsdeveloper.blogspot.com/2011/12/more-administrative-apis-now-available.html

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top