Episode 506: Secure File Sharing with External Partner

Monday, October 24, 2016
"Please share the presentation materials in PPT format with me, instead of PDF."

In-house sharing of files... Companies of nowadays would use "Cloud storage". (Besides, there used to be "File servers"...)

However, in cases where file sharing "with an associated company or an agency" or "in collaborative project", there will be troubles since the other party is not "In-house". Suppose if you share by "email attachment", there will be problems like, not being shared until demanded, or annoyed with unnecessary files, or hesitate to share for not being requested. (In the first place, there are anxieties in terms of security in email protocol.)

For those cases, you ought utilizing accounts of Google, which one billion people use.

Create a folder for the project in "Google Drive", and add "Google Accounts" of all the members of the project team in Share setting of the folder.
(And make a wish that every member has got an account...)

The following is a mechanism to upload files that have been approved through team Workflow, to "Google Drive" automatically.

If some members of the team were users of "G Suite" (Google Apps) and "external sharing' was permitted, you would simply use Questetra standard [Service Task (Google Drive)] (M229). Whereas, in this case here, it is assumed to be operated with common accounts of gmail.com / googlemail.com.

[File Approval flow]

In this Model, an auto-step that is not in the standard of Questetra is utilized. (Added as Add-on XML)

Moreover, you are required to do several settings in advance to run this Workflow. That is, the auto-processing of the "File upload" must be authorized. Specifically, a Process Owner makes registration about the project at "Google Apps Manager", then obtain "Consumer Key" and "Consumer Secret", and then register that information into [OAuth2.0 setting] of Questetra.

== Setting Sample for Google side
  • Authorized redirect URIs: https://s.questetra.net/oauth2callback
== Setting Sample for Questetra side
  • Name: Q2Drive
  • Authorization Endpoint URL: https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force
  • Token Endpoint URL: https://accounts.google.com/o/oauth2/token
  • Scope: https://www.googleapis.com/auth/drive
  • Consumer Key: (Retrieve at Google Developers Console)
  • Consumer Secret: (Retrieve at Google Developers Console)

Incidentally, I could design a Workflow of Questetra, which is attached at the end of this article, only in about 15 minutes since I used the auto-step that is published at "Auto-step addition file (Add-on XML) Download" in this example.

However, if you want to implement your own auto-step, it won't be easy. That is because you will be required skills such as
  • about authentication and authorization
  • API specifications of resource server side
  • programming in Questetra as the client
Especially for auto-communication step of this which utilizes APIs of high degree of difficulty / freedom such as "Google Drive APIs v3", you need to work some extent to implement.

In addition, Google Drive did not have "the concept of Folders" in its beginning, and even now, it has its characteristic such as
  • a file is capable to belong multiple folders
  • a file name is not necessary to be unique
That makes the implementation inevitably more complicated than other storage type APIs. (A folder in Google Drive is just a file of "mimeType": "application/vnd.google-apps.folder".)

Also in "upload-googledrive-20161019-addonxml" utilizing here is on a roundabout implementation method such as
  • POST toward "Upload URI" in [Simple upload]
  • and then to "Metadata URI", PATCH the file name and parent folder
That is because of the situation where the method that is prepared in the client side is not capable of satisfying requirement of file transmission in "multipart/related by APIs side (RFC2387)", in straight ahead implementation method (POST in [Multipart upload]).

When you wish for a certain auto-step, you may make a request to us for it to be add to the list.

= Codes for part of communication
var uri = "https://www.googleapis.com/upload/drive/v3/files?uploadType=media";
var response = httpClient.begin()
  .bearer( token )
  .body( files.get(i) )
  .post( uri );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";

var jsonObj = JSON.parse( response.getResponseAsString() );
var uri2 = "https://www.googleapis.com/drive/v3/files/";
uri2 += jsonObj.id;
var myObj2 = {};
myObj2.name = files.get(i).getName() + "";
var response2 = httpClient.begin()
  .bearer( token )
  .queryParam( "addParents", folderId )
  .queryParam( "removeParents", "root" )
  .body( JSON.stringify( myObj2 ), "application/json" )
  .patch( uri2 );
accessLog += "---PATCH request--- " + response2.getStatusCode() + "\n";
accessLog += response2.getResponseAsString() + "\n";

[File Approval flow: "2. Approval" screen]

[Data Items list]

[Free Download]
<Similar Models> <<Related Articles>> [ε’Œζ–‡θ¨˜δΊ‹ (Japanese Entry) ]