google-apps-scriptoauth-2.0google-docsgoogle-apps-script-api

Google Apps Script API give entire organization read access for a Script

I am developing an add-on for Google Docs. The add-on is being constantly updated and therefore I have created an auto-update mechanism which works by saving the last script version used to a Document Property for each document, and then I check if there is a new version available by listing all script versions with the Apps Script API, like so:

var oauthtoken =  ScriptApp.getOAuthToken();
var resp = UrlFetchApp.fetch(`https://script.googleapis.com/v1/projects/${ScriptApp.getScriptId()}/versions`, {
  headers: {
    'Authorization': 'Bearer ' + oauthtoken,
    'method': 'GET',
    'muteHttpExceptions': true,
  }
});
resp = JSON.parse(res.getContentText());
var last_version = resp.versions[0].versionNumber;
var current_version = PropertiesService.getDocumentProperties().getProperty('ADD_ON_VERSION');
if (version != last_version) {
  PropertiesService.getDocumentProperties().setProperty('ADD_ON_VERSION', last_version);
  // new version available
}

The problem with this is that if a user does not have access to the Script (script wasn't shared with him - like a Google Drive file share), the request to https://script.googleapis.com/v1/projects/{sciprt_id}/versions yeilds a 403 Unauthorized error.
Is there a way to give the entire organization access to specifically this request URL?

Solution

  • enter image description here

    enter image description here

    Reference:

    What you can see in "Shared with me"

    Files shared with you.

    Folders shared with you.

    Files shared with a link that you have opened.

    Just imagine what would happen otherwise - all publicly shared Apps Script files of which there are thousands - if not millions - would show up in your https://script.google.com/home/shared and Shared with me, as well as with the API method Files:list!