Cloud Identity Groups (CIG) 高级服务可提供与 Groups Service API 相当的功能,因此可用于替代该 API。
请参阅提供的辅助方法,了解如何通过 CIG 高级服务实现同等功能。
设置
如需使用 CIG 高级服务,请先在脚本项目中启用该服务。
为了缩短本指南中的一些方法签名,我们定义了以下变量:
const groups = CloudIdentityGroups.Groups;
GroupsApp 方法
以下辅助方法与 Groups 服务 GroupsApp 的方法相对应。
在本指南中,“群组”一词是指群组资源,而不是群组类对象。群组资源是 JavaScript 对象,没有方法,但可在 CIG 高级服务中使用,以检索与群组类对象中类似的信息。
getGroupByEmail
/**
* Given a group's email, returns that group's resource
*
* @param {String} email: The email address to lookup a group by
* @return {Group} group: The group resource associated with the email
*/
function groupsAppGetGroupByEmail(email) {
// Retrieve the name ID of the group
const groupName = groups.lookup({
'groupKey.id': email,
'groupKey.namespace': '' // Optional for google groups, dynamic groups, and security groups
// Necessary for identity-mapped groups (see https://developers.google.com/cloud-search/docs/guides/identity-mapping)
}).name;
// Retrieve the group resource
return groups.get(groupName);
}
getGroups
以下辅助方法会返回一个会员资源列表。
访问元素的 group 字段以查找其名称 ID。这对于 CIG 高级服务的许多方法都非常有用。同样,访问元素的 groupKey.id 即可找到其电子邮件地址。
/**
* Retrieves all the membership relation resources to groups which you are a
* direct member (or a pending member).
*
* @return {Array<MembershipRelation>} groups : List of direct memberships where
* you are the member.
*/
function groupsAppGetGroups() {
const myEmail = Session.getActiveUser().getEmail();
let pageToken = '';
let membershipList = [];
do {
const queryParams = {
query:`member_key_id=='${myEmail}'`,
pageToken:pageToken
};
const searchResult = groups.Memberships.searchDirectGroups('groups/-', queryParams);
membershipList = membershipList.concat(searchResult.memberships);
pageToken = searchResult.nextPageToken;
} while (pageToken);
return membershipList;
}
群组方法
以下辅助方法与 Groups 服务 Groups Class 的方法相对应。
getEmail
/**
* Gets a group's email address
*
* @param {Object} group: A group resource
* @return {String} email: The email associated with the group resource.
*/
function getEmail(group) {
return group.groupKey.id;
}
getGroups
以下方法使用 Memberships.list,该方法将提取指定群组的每项成员资格。这可以包括用户和群组的会员资格。
为了更好地近似于 Groups 服务 getGroups 方法,我们可以按成员资格的 Type 过滤成员资格。
我们可以通过以下方式获取此字段的访问权限:将 FULL View 作为查询参数提供给 Memberships.list,或者针对每个给定的会员资格执行单独的 Memberships.lookup。
/**
* Fetch a list of memberships with provided group as its parent
*
* @param {Group} group: A group resource
* @return {Array<Membership>} membershipList: The memberships where the parent
* is the provided group and member is a also a group.
*/
function getGroups(group) {
let membershipList = [];
let pageToken = '';
do {
// Fetch a page of memberships
const queryParams = {
view: 'FULL',
pageToken: pageToken
}
const response = groups.Memberships.list(group.name, queryParams);
// Filter non-group memberships
const onlyGroupMemberships = response.memberships.filter(
membership => membership.type == 'GROUP'
);
membershipList = membershipList.concat(onlyGroupMemberships);
// Set up next page
pageToken = response.nextPageToken;
} while(pageToken);
return membershipList;
}
getRole 和 getRoles
虽然 Groups 服务可能仅在 getRole() 中返回了优先级最高的角色,但成员资格资源中的 roles 字段包含成员有资格担任的每个角色的单独元素(例如:MEMBER、OWNER、ADMIN)。
/**
* Retrieve the membership roles of a member to a group.
*
* @param {Group} containingGroup: The group whom the member belongs to
* @param {String} email: The email address associated with a member that
* belongs to the containingGroup
* @return {Array<Role>} roles: List of roles the member holds with respect to
* the containingGroup.
*/
function getRoleWithEmail(containingGroup, email) {
// First fetch the membership
const membershipName = groups.Memberships.lookup(containingGroup.name, { 'memberKey.id': email }).name;
const membership = groups.Memberships.get(membershipName);
// Then retrieve the role
return membership.roles;
}
/**
* Retrieve the membership roles of a member to a group.
*
* @param {Group} containingGroup: The group resource whom the member belongs to
* @param {User} user: The user associated with a member that belongs to the
* containingGroup
* @return {Array<Role>} roles: List of roles the member holds with respect to
* the containingGroup
*/
function getRoleWithUser(containingGroup, user) {
return getRoleWithEmail(containingGroup, user.getEmail());
}
/**
* Retrieve the membership roles of a group of members to a group
*
* @param {Group} containingGroup: The group resource to which roles are
* relevant
* @param {Array<User>} users: List of users to fetch roles from
* @return {Array<Array<Role>>} roles: A list where every element is a list of
* roles of member to the containingGroup
*/
function getRoles(containingGroup, users) {
let roles = [];
for (const user of users) {
roles.push(getRoleWithUser(containingGroup, user));
}
return roles;
}
getUsers
与我们在 getGroups 中的方法类似,我们可以使用 Memberships.list 获取群组的成员资格,并过滤结果以仅保留目标 Type。
/**
* Given a group, retrieve its direct members and banned members of the group
* that have a known corresponding Google Account.
*
* @param {Group} group: The group Resource whom the users being queried belong
* to
* @return {Array<String>} users: A list of emails associated with members of
* the given group
*/
function getUsers(group) {
let userList = [];
let pageToken = '';
do {
// Fetch a page of memberships from the group
const queryParams = {
view: 'FULL',
pageToken: pageToken
}
const listResponse = groups.Memberships.list(group.name, queryParams);
// Filter non-users and keep member emails
const users = listResponse.memberships
.filter(membership => membership.type == 'USER')
.map(membership => membership.preferredMemberKey.id);
userList = userList.concat(users);
// Prepare next page
pageToken = listResponse.nextPageToken;
} while (pageToken);
return userList;
}
hasGroup 和 hasUser
Groups 服务 hasGroup 和 hasUser 均可用于确认实体是否是指定群组的成员。鉴于群组和用户都可以用电子邮件地址表示,因此可以使用以下方法来确认电子邮件地址是否属于指定群组。
/**
* Tests if the given email has an associated direct member to the given group.
*
* @param {Group} group: Group resource to which the entity is being checked as
* a member
* @param {String} email: Email that can represent a Group or User entity
* @return {Boolean} isMember: Whether the entity is a direct member to the
* group or not
*/
function checkDirectGroupMembership(group, email) {
try {
groups.Memberships.lookup(group.name, {'memberKey.id': email});
} catch(e) {
// Log failure if exception is not related to membership existence
if (!e.message.includes('Membership does not exist.')) {
console.error(e);
}
return false;
}
return true;
}