Quota, orphaned files and uploads using service ac

2019-04-10 16:31发布

问题:

Context

I'm building a php web app that needs to upload files to a Google Drive which belongs to a user (let's call him Bob). I used a Google Drive service account (let's call it service@gmail.com).

Bob created a folder ("uploads") in his Google Drive and shared it with service@gmail.com.

The service account (service@gmail.com) can user the Drive API to list the files in that shared upload folder and upload files to it. The uploaded files show up in Bob's Google Drive as well. So far so good.

The problem

The owner of the files uploaded by service@gmail.com is service@gmail.com, as one could expect. This has the following consequences:

  1. Since service@gmail.com is the owner of the uploaded files, they count against that account's quota. However, Bob purchased increased space for his Google Drive and wants the uploaded files to count against his quota to not run out of space in the service account.
  2. When a file previously uploaded by service@gmail.com is deleted (by Bob) from the shared upload folder, a few things happen:
    • The deleted file does not show up in the uploads folder for either user.
    • Bob can still see the deleted file in his "All Items" view.
    • The deleted file still chows up when the service account lists all files through the API but it doesn't have any parent (i.e. it's orphaned).
    • When getting the deleted file details through the API, it shows that it's using up quota.

What to do?

How can this use case be handled (cleanly)? I see 2 possible solutions:

  1. When uploading a file, set the ownership to Bob. Is that possible? This does not work! First, it doesn't work with uploaded files for regular account. Second, the service account has an email @developer.gserviceaccount.com while Bob's account has @gmail.com. from the doc says:

Google Apps Customers: You can't make someone outside of your domain the owner of your Google Doc. Only Google Apps customers in Premier, Government, and Education domains can transfer ownership of a synced or uploaded file (like a PDF or image file).

Consumer Drive users: You can't transfer ownership of a synced or uploaded file (like a PDF or an image file).

  1. Don't use a service account and have the web app use Bob's account directly instead. This does require getting an OAuth access token for Bob however. Also, using a service account with a shared upload folder allowed me to restrict the access of the service account to only the upload folder.
  2. Periodically search for orphaned files in the service account to clean them up. This however does not solve the issue of the quota used for the non-deleted files...

Please help!

Info regarding offline access and access tokens

回答1:

I think that you should see this page: Perform Google Apps Domain-Wide Delegation of Authority. This page shows how to use SA to invoke requests in behalf of Bob user. This page contains Java code which describes how to create Drive object for Bob. Using this Drive you will be able to upload file and the owner of the file will be Bob not service@gmail.com. I am using this method a lot and it works for me.