Is it possible with Google Apps Script to either
A. Have a custom menu show up only for specific users?
or
B. Only allow specific users to click on a menu item.
I'd like to use the get active user command and try to bounce that off of a specific cell in another Google sheet in which our secretary maintains of about 5 administrators. Pull the email address from the sheet make it a variable called principal or directorOfTechnology etc. and have some kind of if statement so that either a menu only shows up for that person or an if statement so that if they are the correct person it does what I have and if not they get a message or something saying You are not able to click on this button etc.
If this is possible how would I go about writing this code? I am still in the learning stages and am not sure how to get this started and if this is even possible.
Doing this in the way you describe runs up against the fact that onOpen() runs in 'limited' authMode: you won't be able to read from the spreadsheet until the auth cycle is complete & your script gets to full authMode. (documentation)
Here are 2 possible work-arounds:
You can specify a list of authorised accounts in your script & check against them. This makes it difficult for a third party to manage the ACL as they have to modify the script directly.
You can deploy the script as a Sheets add-on & make it accessible only to members of a Google Group. e.g. You can then devolve management of the access group to a third party.
Related
I have a PowerApps App which is linked to a SharePoint List. When the user makes some changes to the text field in the app; I want the flow to send the user an email regarding the update.
I've been trying to track the SharePoint List entry and see if the entry is modified, then send an email. But so far I'm unable to do so.
I've been able to send an email when a text field changes to a specific text; but I'm looking for something where a particular entry in the list is changed.
When an item is created or modified > Condition (Column is equal to Yes) > Send email based on the condition
You don't need Powerapps for the same, what I mean is you need Flow for this.
Create and Run your flow on SharePoint directly.
In your flow check whatever your field is changed, if changed then you can send the user email.
You do not need to depend on Powerapps, Flow can alone work for this scenario.
Ensure you are using the Sharepoint When an item is created or modified Trigger in Power Automate (the tool formerly known as Flow)
Add a Trigger Condition for the column in question. Something along the lines of #triggerBody()?.Status,'Pending')
Trigger Conditions are not very well documented at the moment, but provide a powerful way to control when a Power Automate runs.
I am pretty sure my understanding is correct but since I cannot find any Google documentation that explicitly highlights this I wanted to ask here.
Per https://developers.google.com/apps-script/guides/triggers/installable:
Installable triggers always run under the account of the person who created them.
And we know that when you create a trigger it will ask to authorize for all the scopes the script uses.
Then, that means that anyone with edit access to the script could leverage the Google identity of the user used to create the trigger to access the scopes the trigger is authorized for.
For example:
User 1 creates a Google Apps Script that uses GmailApp to send an e-mail
(i.e. GmailApp.sendEmail("one#example.com", "test subject", "email body");)
User 1 creates a trigger to run said script every hour and authorizes it with the appropriate GmailApp scopes
User 1 gives User 2 edit access to said script
Now, User 2 can go into said script and make changes to the code and access User 1's Gmail account. For example, user 2 could change the code to:
var emails = GmailApp.search("search string to find sensitive emails")
// use GmailApp.sendEmail to forward those details to someone else like User 2
All they would have to do is make changes to the code and save; they wouldn't need to re-create the trigger since it already exists. And the next time the trigger runs it would run the newer/updated code.
I was able to confirm this behavior by creating a test script on one of my accounts and giving another account edit access.
So my question is, what is the official/recommended way to mitigate this risk? The obvious answer is to not give anyone else edit access but what if that is not an option -- what if for support purposes multiple people need to be able to access the script, then what?
As you say, the only official/recommend way is to limit editing access to trusted persons.
In your particular example, User 1 could have chosen MailApp instead of GmailApp. The two seemingly redundant services are available separately because MailApp has very limited privledges exposed compared to GmailApp. (For instance, User 2 cannot search the victims Gmail with the MailApp service.)
You can collaborate while avoiding giving direct access to your script file using clasp and git. Only you push with clasp to the script. Everyone else submits changes through git. You can setup the system to be fully automatic (i.e. a git push triggers a clasp push) or manual (i.e. you review all changes first), bit either way you have good records of who did what, when with git.
There's inherent trust when you provide edit access to the script project. You either trust the person or don't trust them. There's no inbetween.
Some "theoretical" ways you may still protect the data:
Create and use different Google accounts.
Install Triggers at the specific deployment/not at Head:
Possible only if done manually. Installable triggers created programmatically can only be used at Head
When you deploy a web-app/api, You can deploy it a specific version.
This deployment version can then be provided, When you create a new trigger for a project here.
There is no need for a working web-app/api. We're only looking to get a deployment id.
In this way, even if user changes the script, your trigger will only run at the old version deployed.
Deployed versions can be seen at Publish> Deploy from manifest.
As the previous answer states, git would be a better call.
For all practical purposes, any data you share with a malicious entity should be considered compromised.
We're developing a Gmail Addon to help internal staff to handle customers' email.
Our card widget will have a table with 2 column; first cell of every row will host, one or more domains, and the 2nd one will contains an editable text box with the default label that the addon will add to this user.
I'd like to allow user to change the default label, to adapt to his/her preferences and actual labelling method, adopted in some cases since years.
So the problem: how to save the user preferences, the user settings, of our addon only of course, but keeping related to user account? The goal is allow user to login with different devices and find the same settings
The sample Gmail add-ons projects that Google have published on Github should help you. In particular I've just found this Settings.js source file.
The core seems to be
var savedSettings = cachedPropertiesForUser_().get("settings", {});
But I've not used this in anger.
there are many standard objects e.g. AccountcontactRole, LetterHead, Approval etc. which can be retrieved using Salesforce APIs. What is the way to see these objects in Salesforce environment in browser?
Very roughly speaking - easiest cheat is to simply put the Id in the URL. So if your Salesforce instance is https://na1.salesforce.com then adding /001.... (any valid Account Id) will take you to this account. Similarly /016... will take you to "this" Letterhead record.
Some data is easily accessible to users - for example AccountContactRole should be available as related list under Account. If it isn't - probably the administrator removed it from page layout because the company decided to use only the straightforward Account - Contact relationship.
Some data like Letterheads, EmailTemplates, Approval processes is visible in the setup area (not all users have the "View Setup and Configuration" permission in their Profiles!)
*Share records (like AccountShare) would be visible after you click the Sharing button on the page layout (if it's not visible - again, check with Admin).
If you're using API to fetch the data, you probably can also use "describe" calls to fetch info which objects are available, what fields are present in the tables... Sometimes the "Frontdoor URLs" property is set (although I confess I'm not sure how to get it, http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_Schema_DescribeSObjectResult_instance_methods.htm doesn't mention it).
Also - if you haven't noticed yet - all Accounts start with "001". Try to guess where "/001" and "/001/o" links would lead.
I have a simple requirement where a user can input some details using a form.I have created a List and using sharepoint designer generated a customized new entry form which can submit data into list.There are two types of users one end user and second admin.
The problem is ,I have to give permission to the list for end users so that they can fill entry and submit request.This permission allow end end user to jump main site and they able to see list data and other site details.
Is there any way which I can create a group which has only access to that entry (request from) page and not able to browse any other urls
I want to use coding level solution if it is possible with in built functionality.
The new customized form is inbuilt functionality.
Please help .
Thanks
Ritu
you can specific permissions on the list, without giving permissions to the whole site. This way you can even give permissions to only add items. All that could be done using the browser alone