Google Drive API V3：爲域創建文件權限

Question

試圖通過Google Drive的API V3向文件添加權限，我遇到了下面的錯誤。我想允許來自我的網站mta.io的請求讀取文件。例如，錯誤似乎來自我在請求主體中傳遞的域，example.com工作正常，授予權限。我是否需要將我的網域列入白名單才能授予其文件權限？

作品：

{ 
    "role": "reader", 
    "type": "domain", 
    "domain": "example.com" 
} 

不起作用：

{ 
    "role": "reader", 
    "type": "domain", 
    "domain": "mta.io" 
} 

錯誤：

{ 
"error": { 
    "errors": [ 
    { 
    "domain": "global", 
    "reason": "invalid", 
    "message": "The specified domain is invalid or not applicable for the given permission type.", 
    "locationType": "other", 
    "location": "permission.domain" 
    } 
    ], 
    "code": 400, 
    "message": "The specified domain is invalid or not applicable for the given permission type." 
} 
} 

我使用API​​的網站上發現了try it功能。

Answer 1

想通了，你只能使用摹套房域。 這是一個無賴，但爲了與一個域名共享文件許可，您需要擁有一個G Suite帳戶並驗證您擁有該域名 - 該域名需要與您的G Suite帳戶相關聯。

https://developers.google.com/drive/v3/web/about-permissions#types_and_values

For example, a permission with a type of domain may have a domain of thecompany.com, indicating that the permission grants the given role to all users in the G Suite domain thecompany.com

Answer 2

根據此related thread，這隻能在同一域中的用戶之間完成，並且服務帳戶不屬於任何域。

You're best option may be to create a Team Drive that the service account has access to, and perform a two stage process:

1. Use the service account to move the file into the team drive. Files.update with the addParents parameter set to the Team Drive ID.
2. Use the domain user to move the file out of the team drive. Files.update with the addParents parameter set to root (or some target folder's ID) and the removeParents parameter set to the Team Drive ID.

這裏還有一個SO後這也可能有助於：Google Drive SDK - change item sharing permissions