search

alexwforsythe / code-blocks

Syntax highlighting for Google Docs
https://www.alexwforsythe.com/code-blocks/
MIT License
707 stars 90 forks source link

Trim permissions #58

Closed aggieben closed 6 years ago

aggieben commented 6 years ago

This extension looks very nice, but I have a concern similar to #24: would it be reasonably possible to trim the required permissions further? Does this extension need the ability to:

All of these are problematic for use with a business account where proprietary information may be stored.

alexwforsythe commented 6 years ago

Thanks for raising the issue! I agree those permissions are problematic for both business and personal use, nor should they all be necessary for Code Blocks to do its job.

From a quick search, I found out that OAuth scopes are detected and required automatically based on references to script services (e.g. ScriptApp) anywhere inside the add-on code. This applies to services even if they are never invoked. The culprit in this case was a docstring I had copied from the official GAS docs along with the initial boilerplate code for this add-on.

Sources

alexwforsythe commented 6 years ago

This seems to be the best I can do: image

aggieben commented 6 years ago

Thanks, this may be good enough. "share documents" and "run in the background" were the most worrisome.

aiyerkvdnc commented 4 years ago

It seems like the required scopes still includes run in the background. Is this a regression? Screenshot 2020-03-04 at 4 48 56 PM

414n commented 2 years ago

I also see an additional "display your personal data, including those that you made public" (translated from my language, apologies it that is not the exact string) permission request.