Re: Multiple ACLs in a Single Call

Eric (Google) Fri, 07 Nov 2008 12:55:53 -0800

On Nov 7, 8:43 am, tazz_ben <[EMAIL PROTECTED]> wrote:
> Eric -
>
> > I think you're right.  You should be able to construct a <feed>
> > with multiple ACL <entry>s.  I'm tempted to file a public issue
> > (http://code.google.com/p/gdata-issues/issues/list) but still want
> > to investigate first.
>
> Not to bug you too much about this, but do you have any update of any
> sort?  My current implementation can be really slow when they have
> more than 20 users on a project (btw, I don't know why but sharing
> Google Docs seems to be substantially slower than sharing Google
> Spreadsheets - I don't have a question here, I just think it's weird).
>

All of the Google Data APIs use a similar ACL mechanism so I'm
beginning
to think adding multiple ACLs in a single request isn't possible.
Calendar does this same thing:
http://code.google.com/apis/calendar/developers_guide_protocol.html#AddAcl

I'd like to see this get changed myself.  Feel free to open a feature
request:
http://code.google.com/p/gdata-issues/issues/list

> Thanks!
>
> Ben
>
> On Nov 5, 9:42 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > On Nov 5, 9:29 pm, tazz_ben <[EMAIL PROTECTED]> wrote:
>
> > > Hi Eric -
>
> > > > I'm not sure what you mean by this?  I was able to request a token
> > > > for scope=http://docs.google.com/feeds/whichworkedwiththe
> > > > ACL feed.  Is that the scope you are using?
>
> > > The scope get value I'm using now (and is working) is:
>
> > > http%3A%2F%2Fdocs.google.com%2Ffeeds%2Fdocuments%20http%3A%2F
> > > %2Fdocs.google.com%2Ffeeds%2Facl
>
> > > Initially I was using:
>
> > > http%3A%2F%2Fdocs.google.com%2Ffeeds%2Fdocuments
>
> > Ah, ok.  For the most versatility you should use
> > the broadest URL possible =>http://docs.google.com/feeds/.
> > Under that scope, the token will be valid for ALL of the DocList
> > feeds,
> > whereas something likehttp://docs.google.com/feeds/documentswill
> > create
> > a token that's only valid forhttp://docs.google.com/feeds/documents/*
> > feeds.
>
> > > Because the documentation said to use that.  Also (and I may be the
> > > only one dumb enough to think this way), but until it came back with
> > > an error relating to scope it did not occur to me that the scope would
> > > be different than that (because, regardless of the path, the ACLs are
> > > *part* of the document -- logically if you have access to the
> > > document, you have access to the ACL for said document).  It's not a
> > > big deal, I just thought there should be a note.
>
> > Perfectly understandable.  If you wanted to, you _could_ request a
> > token
> > that's only valid for a single document!  Can you point me to
> > where the docs mentionedhttp://docs.google.com/feeds/documentsasthe
> > scope?
>
> > > > I think your second example should work, but there may be a reason
> > > > creating multiple ACLs wasn't implemented.  I'll look into this one.
>
> > > Thanks for looking into it; also if there is another format for
> > > multiple ACLs, I'm more than happy to switch to that.  I was sort of
> > > shooting in the dark given that I couldn't find an example of a feed
> > > creating multiple ACLs.
>
> > I think you're right.  You should be able to construct a <feed>
> > with multiple ACL <entry>s.  I'm tempted to file a public issue
> > (http://code.google.com/p/gdata-issues/issues/list) but still want
> > to investigate first.
>
> > Thanks again,
> > Eric
>
> > > On Nov 5, 7:46 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > On Nov 5, 6:02 pm, tazz_ben <[EMAIL PROTECTED]> wrote:
>
> > > > > Anyone at Google:
>
> > > > > Ok, so with some trial and error, I've got it working.  A couple of
> > > > > things:
>
> > > > > 1) Your documentation isn't clear.  According to your document the
> > > > > header should look like this:
>
> > > > > POST /feeds/acl/private/full/document%3A<your document id> HTTP/1.1
> > > > > Host: docs.google.com
> > > > > Authorization: <your authorization header here>
>
> > > > > But it will fail if you don't include a content type.  So you should
> > > > > include that in your example.
>
> > > > > Also I think you should make a note that if you are planning on using
> > > > > acls you need to include a separate scope item when creating the
> > > > > token.  I thought that the ACL would be included in the docs scope
> > > > > because the ACL is part of the document, it wasn't until I got the
> > > > > error that I added the additional scope.
>
> > > > I'm not sure what you mean by this?  I was able to request a token
> > > > for scope=http://docs.google.com/feeds/whichworkedwiththe
> > > > ACL feed.  Is that the scope you are using?
>
> > > > > 2) There doesn't appear to be any way to add multiple ACLs at once.  I
> > > > > tried:
>
> > > > > <entry xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > schemas.google.com/acl/2007'>
> > > > >    <category scheme='http://schemas.google.com/g/2005#kind'
> > > > >      term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > >    <gAcl:role value='writer'/>
> > > > >    <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > </entry>
> > > > > <entry xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > schemas.google.com/acl/2007'>
> > > > >    <category scheme='http://schemas.google.com/g/2005#kind'
> > > > >      term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > >    <gAcl:role value='writer'/>
> > > > >    <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > </entry>
>
> > > > > --- AND ---
>
> > > > > <feed xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > schemas.google.com/acl/2007'>
> > > > > <entry>
> > > > >    <category scheme='http://schemas.google.com/g/2005#kind'
> > > > >      term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > >    <gAcl:role value='writer'/>
> > > > >    <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > </entry>
> > > > > <entry>
> > > > >    <category scheme='http://schemas.google.com/g/2005#kind'
> > > > >      term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > >    <gAcl:role value='writer'/>
> > > > >    <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > </entry>
> > > > > </feed>
>
> > > > > And a few others, all resulted in "permission denied".  I've programed
> > > > > around it by submitting a request for each e-mail.  But this can be
> > > > > very slow, and it is just wasteful on both our parts.
>
> > > > I think your second example should work, but there may be a reason
> > > > creating multiple ACLs wasn't implemented.  I'll look into this one.
>
> > > > Thanks,
> > > > Eric
>
> > > > > On Nov 4, 4:25 pm, tazz_ben <[EMAIL PROTECTED]> wrote:
>
> > > > > > Hi Folks -
>
> > > > > > I'm about to work on implementing the new ACL features, but I had a
> > > > > > couple things that I'm not clear on.  Ok, the example in the docs 
> > > > > > is:
>
> > > > > > POST /feeds/acl/private/full/document%3A<your document id> HTTP/1.1
> > > > > > Host: docs.google.com
> > > > > > Authorization: <your authorization header here>
>
> > > > > > <entry xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > > schemas.google.com/acl/2007'>
> > > > > >   <category scheme='http://schemas.google.com/g/2005#kind'
> > > > > >     term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > > >   <gAcl:role value='writer'/>
> > > > > >   <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > > </entry>
>
> > > > > > But lets say I have a list of three people that I want to grant 
> > > > > > access
> > > > > > to, could I do this?
>
> > > > > > POST /feeds/acl/private/full/document%3A<your document id> HTTP/1.1
> > > > > > Host: docs.google.com
> > > > > > Authorization: <your authorization header here>
>
> > > > > > <entry xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > > schemas.google.com/acl/2007'>
> > > > > >   <category scheme='http://schemas.google.com/g/2005#kind'
> > > > > >     term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > > >   <gAcl:role value='writer'/>
> > > > > >   <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > > </entry>
> > > > > > <entry xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > > schemas.google.com/acl/2007'>
> > > > > >   <category scheme='http://schemas.google.com/g/2005#kind'
> > > > > >     term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > > >   <gAcl:role value='writer'/>
> > > > > >   <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > > </entry>
> > > > > > <entry xmlns="http://www.w3.org/2005/Atom"; xmlns:gAcl='http://
> > > > > > schemas.google.com/acl/2007'>
> > > > > >   <category scheme='http://schemas.google.com/g/2005#kind'
> > > > > >     term='http://schemas.google.com/acl/2007#accessRule'/>
> > > > > >   <gAcl:role value='writer'/>
> > > > > >   <gAcl:scope type='user' value='[EMAIL PROTECTED]'/>
> > > > > > </entry>
>
> > > > > > Also what happens if my modification conflicts with an existing 
> > > > > > role?
> > > > > > So let's say in the above that [EMAIL PROTECTED] already is a
> > > > > > collaborator.  Would [EMAIL PROTECTED] and
> > > > > > [EMAIL PROTECTED] still be granted access?  In essence, do I
> > > > > > always have to retrieve the ACL to see what's currently going on, or
> > > > > > if my only interest is that there are particular collaborators (and
> > > > > > don't care if there is more), is actually faster to just post those
> > > > > > permissions?
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google Docs Data APIs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/Google-Docs-Data-APIs?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: Multiple ACLs in a Single Call

Reply via email to
