Google Drive API V3：为域创建文件权限

Question

试图通过Google Drive的API V3向文件添加权限，我遇到了下面的错误。我想允许来自我的网站mta.io的请求读取文件。例如，错误似乎来自我在请求主体中传递的域，example.com工作正常，授予权限。我是否需要将我的网域列入白名单才能授予其文件权限？

作品：

{ 
    "role": "reader", 
    "type": "domain", 
    "domain": "example.com" 
} 

不起作用：

{ 
    "role": "reader", 
    "type": "domain", 
    "domain": "mta.io" 
} 

错误：

{ 
"error": { 
    "errors": [ 
    { 
    "domain": "global", 
    "reason": "invalid", 
    "message": "The specified domain is invalid or not applicable for the given permission type.", 
    "locationType": "other", 
    "location": "permission.domain" 
    } 
    ], 
    "code": 400, 
    "message": "The specified domain is invalid or not applicable for the given permission type." 
} 
} 

我使用API​​的网站上发现了try it功能。

Answer 1

想通了，你只能使用摹套房域。 这是一个无赖，但为了与一个域名共享文件许可，您需要拥有一个G Suite帐户并验证您拥有该域名 - 该域名需要与您的G Suite帐户相关联。

https://developers.google.com/drive/v3/web/about-permissions#types_and_values

For example, a permission with a type of domain may have a domain of thecompany.com, indicating that the permission grants the given role to all users in the G Suite domain thecompany.com

Answer 2

根据此related thread，这只能在同一域中的用户之间完成，并且服务帐户不属于任何域。

You're best option may be to create a Team Drive that the service account has access to, and perform a two stage process:

1. Use the service account to move the file into the team drive. Files.update with the addParents parameter set to the Team Drive ID.
2. Use the domain user to move the file out of the team drive. Files.update with the addParents parameter set to root (or some target folder's ID) and the removeParents parameter set to the Team Drive ID.

这里还有一个SO后这也可能有助于：Google Drive SDK - change item sharing permissions