Here is the scenario:
We have a central application built on Google App Maker for all the users of the organization, however, the access to different modules is restricted on need-basis.
The challenge is that whenever a user 'Y' creates a new project, a new folder corresponding to that project is created in the Google Drive that is owned by a Google Account 'X' containing all the projects.
What I want is that a folder is created in the X's Google Drive and then the permissions to access/view/edit/add-users, are granted to that user Y. However, Y must not have access to all the X's Drive but only the folder corresponding to his/her project.
The challenge is that all of this happen seamlessly in the back-end without the need for the intervention by the X-owner. Because my understanding is that the Drive Api will work for the current user in the App Maker Application. I need to make this happen when any user is logged in and X should not have to manually give permissions to user.
Yes, it shouldn't be very complicated, whenever user Y clicks a button like 'Create a new project', you should call a client function that will handle the call of the server function. The client function can be called on the button property called 'onClick'. So, on 'onClick' input you should reference the function you'll like to execute: NewProject();
Client Script
function NewProject() {
google.script.run
.withFailureHandler(function(error) {
console.error(error)
})
.withSuccessHandler(function(result) {
console.info(result)
})
.CreateFolder();
}
This function is called on the client side and it only calls the server function and returns info about it's execution success or not.
Server Script
function CreateFolder() {
var folder = DriveApp.createFolder(Session.getActiveUser().getEmail()+' Folder');
folder.addEditor(Session.getActiveUser().getEmail());
return(folder.getUrl());
}
Whenever you create a folder on drive, it's created with the most limited access: only the Drive account owner can access this folder.
So, on the first line this is what we are doing: we are creating a folder named 'Y folder' that is only accessible by the Drive account owner.
The second line adds an Editor to that newly created folder, to make it so we only have to put it's mail in between the brackets.
To make this work as you wish the app has to run as Developer's account, this is set up on App Settings, just be aware the app runs on behalf of the Developer account.
It's a bit of a summary but hope it clarify what you can and can't do.
For AppMaker tutorials visit this: