0

I am developing an add-on for Google Docs. The add-on is being constantly updated and therefore I have created an auto-update mechanism which works by saving the last script version used to a Document Property for each document, and then I check if there is a new version available by listing all script versions with the Apps Script API, like so:

var oauthtoken =  ScriptApp.getOAuthToken();
var resp = UrlFetchApp.fetch(`https://script.googleapis.com/v1/projects/${ScriptApp.getScriptId()}/versions`, {
  headers: {
    'Authorization': 'Bearer ' + oauthtoken,
    'method': 'GET',
    'muteHttpExceptions': true,
  }
});
resp = JSON.parse(res.getContentText());
var last_version = resp.versions[0].versionNumber;
var current_version = PropertiesService.getDocumentProperties().getProperty('ADD_ON_VERSION');
if (version != last_version) {
  PropertiesService.getDocumentProperties().setProperty('ADD_ON_VERSION', last_version);
  // new version available
}

The problem with this is that if a user does not have access to the Script (script wasn't shared with him - like a Google Drive file share), the request to https://script.googleapis.com/v1/projects/{sciprt_id}/versions yeilds a 403 Unauthorized error.
Is there a way to give the entire organization access to specifically this request URL?

Yuval.R
  • 1,182
  • 4
  • 15
  • As a mad idea, could you just stringify and put the version of the script into the document properties and take it from there? – Yuri Khristich Jun 23 '22 at 10:54
  • 1
    That is what I am doing, but I need to know when a NEW version is available, for which I use the Apps Script API. – Yuval.R Jun 23 '22 at 10:56
  • Ok, nice trick. I just thought you save in properties the number only, not the script a whole. As for the rest, probably it wont ask the permissions if you will update the same version of the script (keep the same ID). I can be wrong though. – Yuri Khristich Jun 23 '22 at 11:09
  • I do save the version number only, but the problem is that I don't want to share the script with all of my users, because they would be able to access the code, and if I don't share it they can't call `https://script.googleapis.com/v1/projects/{sciprt_id}/versions` and check if a new version is available. – Yuval.R Jun 23 '22 at 11:14
  • 2
    What is wrong with sharing the script with the whole organization? After all the user do not know your script-id/url and thus will not be able to view / modify your script - even if it is shared with "Anyone with the link". Btw., out of curiosity: Why do you need to know programamtically the latest script version? – ziganotschka Jun 23 '22 at 11:31
  • They will be able to view the script, because they can simply find it in `https://script.google.com/home/shared`. And I only wanted to know if there is a way to solve this so it can save me some manual work for when I upload a new version, not a must have. I guess there isn't a proper way of doing it tho, so I'll just update a field in my DB or somthing. – Yuval.R Jun 23 '22 at 11:37

1 Answers1

2

enter image description here

enter image description here

  • Files that are only shared as "Anyone with the link" will not show up in anyone's https://script.google.com/home/shared or elsewhere - unless a user knows the script id/ url and has manually opened the script at least once.

Reference:

What you can see in "Shared with me"

Files shared with you.

Folders shared with you.

Files shared with a link that you have opened.

Just imagine what would happen otherwise - all publicly shared Apps Script files of which there are thousands - if not millions - would show up in your https://script.google.com/home/shared and Shared with me, as well as with the API method Files:list!

ziganotschka
  • 25,866
  • 2
  • 16
  • 33