市场应用程序配置API:检查用户是否是管理员
我正在尝试在从 Google Apps 市场安装的应用程序中检查用户是否是其 Google Apps 域的管理员。
我将其添加到manifest.xml:
<Scope id="Provisioning API">
<Url>https://apps-apis.google.com/a/feeds/user/#readonly</Url>
<Reason>This application can list domain users to give them permissions.</Reason>
</Scope>
然后我设置了一个测试处理程序以使其正常工作:
from google.appengine.ext import webapp
from google.appengine.ext.webapp import util
import gdata.alt.appengine
import gdata.apps.service
import gdata.auth
# App id, key and secret from the Google Apps Marketplace.
APPLICATION_ID = 'XXX'
CONSUMER_KEY = 'XXX'
CONSUMER_SECRET = 'XXX'
class SetupHandler(webapp.RequestHandler):
def get(self, *args):
# The domain where this app is installed.
domain = 'my_customer_domain.com'
# A username to check.
username = 'webmaster'
sig_method = gdata.auth.OAuthSignatureMethod.HMAC_SHA1
service = gdata.apps.service.AppsService(source='tipfy-com',
domain=domain)
service.SetOAuthInputParameters(sig_method, CONSUMER_KEY,
consumer_secret=CONSUMER_SECRET,
two_legged_oauth=True,
requestor_id=APPLICATION_ID)
service.ssl = True
service.debug = True
gdata.alt.appengine.run_on_appengine(service)
lookup_user = service.RetrieveUser(username)
if lookup_user.login.admin == 'true':
res = username + ' is an admin.'
else:
res = username + ' is not an admin.'
self.response.out.write(res)
app = webapp.WSGIApplication([
('/.*', SetupHandler),
], debug=True)
def main():
util.run_wsgi_app(app)
if __name__ == '__main__':
main()
但我收到401响应(“未知的授权标头”)。我不知道我做错了什么或如何进一步调试它。
- 清单条目是否正确?
- 拆分
user.email()可以获取用户的用户名和域吗? (我对其进行了调试,在我的例子中是:我得到了“webmaster”和“example.com”,这是安装该应用程序的用户和 Google Apps 域)。
我缺少什么?
编辑:由于某种原因,管理面板没有请求授予对所提供范围的访问权限。在我授予它之后,上面的代码就起作用了。因此,将其作为一个工作示例!
I'm trying to check if a user is admin of their Google Apps domain, in an app installed from the Google Apps marketplace.
I added this to manifest.xml:
<Scope id="Provisioning API">
<Url>https://apps-apis.google.com/a/feeds/user/#readonly</Url>
<Reason>This application can list domain users to give them permissions.</Reason>
</Scope>
Then I set a test handler to get it working:
from google.appengine.ext import webapp
from google.appengine.ext.webapp import util
import gdata.alt.appengine
import gdata.apps.service
import gdata.auth
# App id, key and secret from the Google Apps Marketplace.
APPLICATION_ID = 'XXX'
CONSUMER_KEY = 'XXX'
CONSUMER_SECRET = 'XXX'
class SetupHandler(webapp.RequestHandler):
def get(self, *args):
# The domain where this app is installed.
domain = 'my_customer_domain.com'
# A username to check.
username = 'webmaster'
sig_method = gdata.auth.OAuthSignatureMethod.HMAC_SHA1
service = gdata.apps.service.AppsService(source='tipfy-com',
domain=domain)
service.SetOAuthInputParameters(sig_method, CONSUMER_KEY,
consumer_secret=CONSUMER_SECRET,
two_legged_oauth=True,
requestor_id=APPLICATION_ID)
service.ssl = True
service.debug = True
gdata.alt.appengine.run_on_appengine(service)
lookup_user = service.RetrieveUser(username)
if lookup_user.login.admin == 'true':
res = username + ' is an admin.'
else:
res = username + ' is not an admin.'
self.response.out.write(res)
app = webapp.WSGIApplication([
('/.*', SetupHandler),
], debug=True)
def main():
util.run_wsgi_app(app)
if __name__ == '__main__':
main()
But I get a 401 response ("Unknown authorization header"). I don't know what I'm doing incorrectly or how to debug it further.
- Is the manifest entry correct?
- Splitting
user.email()is ok to get the user's username and domain? (I debugged it and in my case it was: I got 'webmaster' and 'example.com', which was the user and Google Apps domain where the app was installed).
What am I missing?
Edit: For some reason, the admin panel didn't ask permission to grant access to the provided scopes. After I granted it, the code above worked. So take it as a working example!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您无需重新添加应用程序即可使范围起作用,只需确保在 GoogleApps 管理信息中心的应用程序设置中“授予访问权限”并且数据访问权限为“授予”。否则只需授予该访问权限。
拆分
user.email()对我来说就像一个魅力,因为本地主机测试中的user.nickname()包含完整的电子邮件,而不像生产(其中包含用户名) )。确保请求的用户是管理员。
You don't have to re-add your app for the scopes work, just make sure in your GoogleApps admin dashboard, on the application settings, you "Grant access" and the Data Access is "Granted". Otherwise just grant that access.
Splitting
user.email()works like a charm for me, becauseuser.nickname()in localhost testing contains a full email, not like production (where it contains the username).Make sure the user requesting is an admin.
我遇到了完全相同的问题,这不断给我带来:
未知的授权标头
错误 401
我正在使用免费版本的 Google Apps,这可能是此问题的根本原因吗?据我所知,Provisioning API 仅支持高级帐户。
I met exactly the same problem, which keep giving me:
Unknown authorization header
Error 401
I'm using the free version of Google Apps, is this might be the root cause of this problem? As i know Provisioning API only supports premium account.
管理 api [配置 api 等] 现在可用于 Google Apps 版本。
http://googleappsdeveloper.blogspot.com/2011/12 /more-administrative-apis-now-available.html
Admin apis [provisioning api etc.] are now available to editions of Google Apps.
http://googleappsdeveloper.blogspot.com/2011/12/more-administrative-apis-now-available.html