feat(google-drive): support group, domain, and gated anyone-with-link sharing#164
Conversation
… sharing google_drive_share_files only created type=user permissions from an email. Drive's permissions.create also supports group, domain, and anyone grants. Extend ShareFilesParams with a share_type discriminator (user/group/domain) plus the matching target field (email/group_email/ domain), validated so a mismatched or missing target fails before any request. Anyone-with-link stays out of share_type behind an explicit allow_anyone_with_link opt-in (default False), since type=anyone exposes the file to anyone holding the link; when set it overrides share_type. The tool docstring calls out the anyone/domain exposure. The permission body and target summary are derived per share type; the bulk file_ids/role flow and per-file items (partial-failure surfacing) are unchanged. ShareFilesResult.email becomes target to describe any grantee, not just a user email. Closes #154
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (8)
WalkthroughGoogle Drive file sharing was extended to support group, domain, and gated anyone-with-link targets alongside user sharing. ChangesMulti-target Drive sharing
Sequence Diagram(s)sequenceDiagram
participant Caller
participant google_drive_share_files
participant _build_permission_body
participant _share_one_file
participant DriveAPI
Caller->>google_drive_share_files: ShareFilesParams (share_type, target fields)
google_drive_share_files->>_build_permission_body: params
_build_permission_body-->>google_drive_share_files: permission body (type/role/target)
loop each file_id
google_drive_share_files->>_share_one_file: file_id, body
_share_one_file->>DriveAPI: permissions.create(body)
DriveAPI-->>_share_one_file: result/error
end
google_drive_share_files-->>Caller: ShareFilesResult(target=...)
Related issues: Suggested labels: enhancement, google-drive, tests Suggested reviewers: (none identified from provided context) 🐰 A hop through Drive's sharing lane, 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
google_drive_share_filesonly createdtype=userpermissions from an email. Drive'spermissions.createalso supports group, domain, and anyone grants. This extends the tool to cover all four, keeping anyone-with-link behind an explicit gate.Changes
ShareFilesParams— replaces the single requiredemailwith a typed target:share_type: Literal["user","group","domain"](defaultuser) + the matching field (email/group_email/domain).allow_anyone_with_link: bool = False— a separate, explicit opt-in fortype=anyone, deliberately not folded intoshare_type. When set, it overridesshare_type.@model_validator(mode="after")requires the field matchingshare_type(skipped for anyone-with-link), so a missing/mismatched target raisesValidationErrorbefore any HTTP request is made.tools.py—_build_permission_bodymaps params onto thepermissions.createbody per type;_share_target_labelproduces the human-readable grantee. The bulkfile_ids/roleflow and per-fileitems(partial-failure surfacing) are unchanged. Docstrings carryNOTE:lines spelling out thatanyone/domainare broad-exposure grants.ShareFilesResult.email→target— the result now describes any grantee (group email,domain example.com,anyone with the link), not just a user email.Security posture
type=anyoneandtype=domainare broad-exposure grants. Anyone-with-link is gated behind an explicit boolean (defaultFalse) and documented, keeping the footgun off the default path — the reason it is not ashare_typevalue.Tests
type=groupbody with the group email; resulttype=group.type=domainbody with the domain; resulttype=domain.allow_anyone_with_link=True→type=anyonebody created; also asserted it overridesshare_type; default (False) never creates one.email/group_email/domainfor the chosenshare_type, and invalidshare_type.targetfield.Verification
make lint→ all hooks pass (ruff, ruff-format, detect-secrets, ty, uv-lock).make test→ 2235 passed, 49 skipped.Note
Renames the result field
email→target(breaking that field name) since it no longer always holds an email. Flagging in case backward-compat on the field name is preferred.Closes #154
Summary by CodeRabbit
New Features
Bug Fixes
Tests