Open kcwu opened 9 years ago
Sure, restricting access to specific files sounds cool but it is going to make things a bit complicated. I am quite hesitant to add this because it would mean making a subset of drive that only works with the files created by this app. This will mean that pulling, listing, pushing, deleting etc might be broken. Plus a lot of explaining to the user will have to be made. However, I am willing to experiment with it.
Just got back to this. Here is a recommendation from developers.google.com on scopes
Ping!
Currently drive client use full permissive api scope and thus can access all files in the drive. According to https://developers.google.com/drive/web/scopes, "drive.file" is more restricted and can only access files created by the app. It is possible to make drive client use "drive.file" scope?
I imaged that may be implemented like
then it auth the access token using restricted scope.
I have ever tried hard coded the DriveScope in src/remote.go, but it doesn't work. Looks like it failed when access root. Still need to figure out how to do that.