forked from taers232c/GAM-Scripts3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
GetSharedWithUserTeamDriveACLs.py
executable file
·99 lines (90 loc) · 5.23 KB
/
GetSharedWithUserTeamDriveACLs.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env python3
"""
# Purpose: For a Google Drive User(s), show all drive file ACLs for Team Drive files shared with selected users or all users in selected domains.
# Note: This script requires Advanced GAM with Team Drive support:
# https://github.com/taers232c/GAMADV-XTD, https://github.com/taers232c/GAMADV-XTD3
# Customize: Set FILE_NAME and ALT_FILE_NAME based on your environment. Set USER_LIST and DOMAIN_LIST.
# Usage:
# For all Team Drives, start at step 1; For Team Drives selected by user/group/OU, start at step 6
# All Team Drives
# 1: Get all Team Drives.
# $ gam redirect csv ./TeamDrives.csv print teamdrives fields id,name
# 2: Get ACLs for all Team Drives
# $ gam redirect csv ./TeamDriveACLs.csv multiprocess csv TeamDrives.csv gam print drivefileacls ~id
# 3: Customize GetTeamDriveOrganizers.py for this task:
# Set DOMAIN_LIST as required
# Set ONE_ORGANIZER = True
# Set SHOW_GROUP_ORGANIZERS = False
# Set SHOW_USER_ORGANIZERS = True
# 4: From that list of ACLs, output a CSV file with headers "id,name,organizers"
# that shows the organizers for each Team Drive
# $ python GetTeamDriveOrganizers.py TeamDriveACLs.csv TeamDrives.csv TeamDriveOrganizers.csv
# 4: Get ACLs for all team drive files
# $ gam redirect csv ./filelistperms.csv multiprocess csv TeamDriveOrganizers.csv gam user ~organizers print filelist select teamdriveid ~id fields teamdriveid,id,title,permissions
# 5: Go to step 10
# Selected Team Drives
# 6: If want Team Drives for a specific set of organizers, replace <UserTypeEntity> with your user selection in the command below
# $ gam redirect csv ./AllTeamDrives.csv <UserTypeEntity> print teamdrives role organizer fields id,name
# 7: Customize DeleteDuplicateRows.py for this task:
# Set ID_FIELD = 'id'
# 8: Delete duplicate Team Drives (some may have multiple organizers).
# $ python DeleteDuplicateRows.py ./AllTeamDrives.csv ./TeamDrives.csv
# 9: Get ACLs for all team drive files
# $ gam redirect csv ./filelistperms.csv multiprocess csv TeamDrives.csv gam user ~User print filelist select teamdriveid ~id fields teamdriveid,id,title,permissions
# Common code
# 10: From that list of ACLs, output a CSV file with headers "Owner,driveFileId,driveFileTitle,permissionId,role,emailAddress"
# that lists the driveFileIds and permissionIds for all ACLs with the desired users
# (n.b., driveFileTitle, role, and emailAddress are not used in the next step, they are included for documentation purposes)
# $ python GetSharedWithUserTeamDriveACLs.py filelistperms.csv deleteperms.csv
# 11: Inspect deleteperms.csv, verify that it makes sense and then proceed
# 12: Delete the ACLs
# $ gam csv deleteperms.csv gam user "~Owner" delete drivefileacl "~driveFileId" "~permissionId"
"""
import csv
import re
import sys
# For GAMADV-XTD/GAMADV-XTD3 with drive_v3_native_names = false
FILE_NAME = 'title'
ALT_FILE_NAME = 'name'
# For GAMADV-XTD/GAMADV-XTD3 with drive_v3_native_names = true
#FILE_NAME = 'name'
#ALT_FILE_NAME = 'title'
# Substitute your specific user(s) in the list below, e.g., USER_LIST = ['[email protected]',] USER_LIST = ['[email protected]', '[email protected]',]
# The list should be empty if you're only specifiying domains in DOMAIN_LIST, e,g, USER_LIST = []
USER_LIST = ['[email protected]',]
# Substitute your domain(s) in the list below if you want all users in the domain, e.g., DOMAIN_LIST = ['domain.com',] DOMAIN_LIST = ['domain1.com', 'domain2.com',]
# The list should be empty if you're only specifiying users in USER_LIST, e,g, DOMAIN__LIST = []
DOMAIN_LIST = ['domain.com',]
QUOTE_CHAR = '"' # Adjust as needed
LINE_TERMINATOR = '\n' # On Windows, you probably want '\r\n'
PERMISSIONS_N_TYPE = re.compile(r"permissions.(\d+).type")
if (len(sys.argv) > 2) and (sys.argv[2] != '-'):
outputFile = open(sys.argv[2], 'w', encoding='utf-8', newline='')
else:
outputFile = sys.stdout
outputCSV = csv.DictWriter(outputFile, ['Owner', 'driveFileId', 'driveFileTitle', 'permissionId', 'role', 'emailAddress'], lineterminator=LINE_TERMINATOR, quotechar=QUOTE_CHAR)
outputCSV.writeheader()
if (len(sys.argv) > 1) and (sys.argv[1] != '-'):
inputFile = open(sys.argv[1], 'r', encoding='utf-8')
else:
inputFile = sys.stdin
for row in csv.DictReader(inputFile, quotechar=QUOTE_CHAR):
for k, v in iter(row.items()):
mg = PERMISSIONS_N_TYPE.match(k)
if mg and v == u'user':
permissions_N = mg.group(1)
if row['permissions.{0}.deleted'.format(permissions_N)] == u'True':
continue
emailAddress = row['permissions.{0}.emailAddress'.format(permissions_N)]
domain = row['permissions.{0}.domain'.format(permissions_N)]
if row['permissions.{0}.role'.format(permissions_N)] != 'owner' and (emailAddress in USER_LIST or domain in DOMAIN_LIST):
outputCSV.writerow({'Owner': row['Owner'],
'driveFileId': row['id'],
'driveFileTitle': row.get(FILE_NAME, row.get(ALT_FILE_NAME, 'Unknown')),
'permissionId': 'id:{0}'.format(row['permissions.{0}.id'.format(permissions_N)]),
'role': row['permissions.{0}.role'.format(permissions_N)],
'emailAddress': emailAddress})
if inputFile != sys.stdin:
inputFile.close()
if outputFile != sys.stdout:
outputFile.close()