Skip to content

Add a sample for listing groups with external access. #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
erickoledadevrel merged 7 commits into from
May 18, 2018
Merged

Add a sample for listing groups with external access. #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
dd984ab
Add a sample for listing groups with external access.
May 18, 2018
c715ce5
Remove incorrect comments.
May 18, 2018
11c43ea
Fix pylint errors.
May 18, 2018
c3f628d
Fix typo in README.
May 18, 2018
495f6db
Remove extra whitespace.
May 18, 2018
838e1a5
Fix comment with correct credentials file location.
May 18, 2018
2712996
Fix PEP8 nits.
May 18, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 22 additions & 3 deletions admin_sdk/groups_settings/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,37 @@
# Google Admin SDK Groups Settings Python Quickstart
# Google Admin SDK Groups Settings Python Samples

## Quickstart

Complete the steps described in the [Google Admin SDK Groups Settings Python
Quickstart](https://developers.google.com/admin-sdk/groups-settings/quickstart/python),
and in about five minutes you'll have a simple Python command-line application
that makes requests to the Google Admin SDK Groups Settings API.

## Install
### Install

```
pip install --upgrade google-api-python-client
```

## Run
### Run

```
python quickstart.py
```

## Detect External Access

This script lists all groups in your domain with some form of external access
enabled.

### Install

```
pip install --upgrade google-api-python-client
```

### Run

```
detect_external_access.py
```
135 changes: 135 additions & 0 deletions admin_sdk/groups_settings/detect_external_access.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""
print_group_settingss all the groups in the domain which have 'external' to the domain access.
Also print_group_settingss their access settings.
"""
from __future__ import print_function
import httplib2

from apiclient import discovery, errors
from oauth2client import client, tools
from oauth2client.file import Storage

# If modifying these scopes, delete your previously saved credentials
# at credentials.json
SCOPES = ['https://www.googleapis.com/auth/admin.directory.group',
'https://www.googleapis.com/auth/apps.groups.settings']
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'List Groups with external access'

# External access for view group
ANYONE_CAN_VIEW_GROUP = 'ANYONE_CAN_VIEW'

# External access for who can join
ANYONE_CAN_JOIN_GROUP = 'ANYONE_CAN_JOIN'

# Group can have external members
EXTERNAL_MEMBERS_CAN_JOIN = 'true'

# External access for who can post messages
ANYONE_CAN_POST_MESSAGE = 'ANYONE_CAN_POST'

# External access for who can view members
ANYONE_CAN_VIEW_MEMBERSHIP = 'ANYONE_CAN_VIEW'

def get_credentials():
"""
Gets valid user credentials from storage.

If nothing has been stored, or if the stored credentials are invalid,
the OAuth2 flow is completed to obtain the new credentials.

Returns:
Credentials, the obtained credential.
"""
store = Storage('credentials.json')
creds = store.get()
if not creds or creds.invalid:
flow = client.flow_from_clientsecrets('client_secret.json', SCOPES)
creds = tools.run_flow(flow, store)
return creds

def print_group_settings(group_email, settings):
"""
Given the group email and its settings, checks some of its settings and
prints them if the group has external access.
"""
who_can_view_group = settings['whoCanViewGroup']
who_can_join = settings['whoCanJoin']
allow_external_members = settings['allowExternalMembers']
who_can_post_message = settings['whoCanPostMessage']
who_can_view_membership = settings['whoCanViewMembership']
if (who_can_view_group == ANYONE_CAN_VIEW_GROUP or
who_can_join == ANYONE_CAN_JOIN_GROUP or
allow_external_members == EXTERNAL_MEMBERS_CAN_JOIN or
who_can_post_message == ANYONE_CAN_POST_MESSAGE or
who_can_view_membership == ANYONE_CAN_VIEW_MEMBERSHIP):
print(group_email)
print('\twhoCanViewGroup - {0}'.format(who_can_view_group))
print('\twhoCanJoin - {0}'.format(who_can_join))
print('\tallowExternalMembers - {0}'.format(allow_external_members))
print('\twhoCanPostMessage - {0}'.format(who_can_post_message))
print('\twhoCanViewMembership - {0}'.format(who_can_view_membership))

def check_group_settings(group_settings_service, group_email):
"""
Gets the group settings for the given group_email and prints the group
if it has external access enabled.
"""
try:
settings = group_settings_service.groups().get(
groupUniqueId=group_email).execute()
print_group_settings(group_email, settings)
except errors.HttpError:
print('Unable to read group: {0}'.format(group_email))

def check_groups(group_service, group_settings_service, page_token):
"""
Gets the groups in the domain, gets group settings for each group and prints
the ones which have external access enabled.

Returns:
page_token to get the next page of groups
"""
results = group_service.groups().list(customer='my_customer',
pageToken=page_token,
orderBy='email').execute()
groups = results.get('groups', [])

if groups:
for group in groups:
check_group_settings(group_settings_service, group['email'])
return results.get('nextPageToken', None)

def main():
"""
Runs the script.
"""
credentials = get_credentials()
http = credentials.authorize(httplib2.Http())
group_service = discovery.build('admin', 'directory_v1', http=http)
group_settings_service = discovery.build('groupssettings', 'v1', http=http)

page_token = None
while True:
page_token = check_groups(group_service=group_service,
group_settings_service=group_settings_service,
page_token=page_token)
if page_token is None:
break

if __name__ == '__main__':
main()