I have a apps script web app that writes to a fusion table, as well as a few spreadsheets which it periodically caches. I do not want to provide edit access to the fusion table to colleagues, who could just go and edit entries as they see fit.
Currently the web app executes as the user, for anyone within my organization, which is the intention. However, I'd rather the web app execute any queries as myself, so that I don't need to explicitly provide permissions to each individual user that might be accessing it.
Is there a way to do this?
Yes this is possible. Previously you would use the OAuth2 library, save your credentials to the script property store, then use the REST interface to the service you want to access with your own credentials. Now you can use the Execution API to use the built in services.
Add the OAuth2 Library to your project:
https://github.com/gsuitedevs/apps-script-oauth2
Set it up according the the README.md, matching the scopes of your project(look at the project properties). Make sure your point setPropertyStore() to the script properties.
Authenticate your OAuth2 service.
Publish your script as an Execution API
Add a call to your scripts REST interface. Look at the token method, make sure you change it to match your own.
function ExecuteAsMe(functionName,paramsArray){
var url = 'https://script.googleapis.com/v1/scripts/'+ScriptApp.getProjectKey()+':run';
var payload = JSON.stringify({"function": functionName ,"parameters":paramsArray, "devMode": true});
var params={method:"POST",
headers:{Authorization: "Bearer "+ getFusionService().getAccessToken()},
payload:payload,
contentType:"application/json",
muteHttpExceptions:true};
var results = UrlFetchApp.fetch(url, params);
return JSON.parse(results).response.result;
}
var results = ExecuteAsMe("searchFusionTable",['searchTerm', 50]);Execution API
https://developers.google.com/apps-script/guides/rest/api?hl=en