Manage shared drives

This guide contains tasks related to managing shared drives, such as creating shared drives and managing members and permissions.

Create shared drives

To create a new shared drive, use drives.create.

Java

drive/snippets/drive_v3/src/main/java/CreateDrive.java
import com.google.api.client.googleapis.json.GoogleJsonResponseException;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.drive.DriveScopes;
import com.google.api.services.drive.model.Drive;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;

import java.io.IOException;
import java.util.Arrays;
import java.util.UUID;

/* class to demonstrate use-case of Drive's create drive. */
public class CreateDrive {

    /**
     * Create a drive.
     * @return Newly created drive id.
     * @throws IOException if service account credentials file not found.
     */
    public static String createDrive() throws IOException {
        /*Load pre-authorized user credentials from the environment.
        TODO(developer) - See https://developers.google.com/identity for
        guides on implementing OAuth2 for your application.*/
        GoogleCredentials credentials = GoogleCredentials.getApplicationDefault().createScoped(Arrays.asList(DriveScopes.DRIVE));
        HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(
                credentials);

        // Build a new authorized API client service.
        com.google.api.services.drive.Drive service = new com.google.api.services.drive.Drive.Builder(new NetHttpTransport(),
                GsonFactory.getDefaultInstance(),
                requestInitializer)
                .setApplicationName("Drive samples")
                .build();

        Drive driveMetadata = new Drive();
        driveMetadata.setName("Project Resources");
        String requestId = UUID.randomUUID().toString();
        try {
            Drive drive = service.drives().create(requestId,
                            driveMetadata)
                    .execute();
            System.out.println("Drive ID: " + drive.getId());

            return drive.getId();
        } catch (GoogleJsonResponseException e) {
            // TODO(developer) - handle error appropriately
            System.err.println("Unable to create drive: " + e.getDetails());
            throw e;
        }
    }
}

Python

drive/snippets/drive-v3/drive_snippet/create_drive.py
from __future__ import print_function

import uuid

import google.auth
from googleapiclient.discovery import build
from googleapiclient.errors import HttpError


def create_drive():
    """Create a drive.
    Returns:
        Id of the created drive

    Load pre-authorized user credentials from the environment.
    TODO(developer) - See https://developers.google.com/identity
    for guides on implementing OAuth2 for the application.
    """
    creds, _ = google.auth.default()

    try:
        # create gmail api client
        service = build('drive', 'v3', credentials=creds)

        drive_metadata = {'name': 'Project Resources'}
        request_id = str(uuid.uuid4())
        # pylint: disable=maybe-no-member
        drive = service.drives().create(body=drive_metadata,
                                        requestId=request_id,
                                        fields='id').execute()
        print(F'Drive ID: {drive.get("id")}')

    except HttpError as error:
        print(F'An error occurred: {error}')
        drive = None

    return drive.get('id')


if __name__ == '__main__':
    create_drive()

Node.js

drive/snippets/drive_v3/drive_snippets/create_drive.js
/**
 * Create a drive.
 * */
async function createDrive() {
  // Get credentials and build service
  // TODO (developer) - Use appropriate auth mechanism for your app

  const {GoogleAuth} = require('google-auth-library');
  const {google} = require('googleapis');
  const uuid = require('uuid');

  const auth = new GoogleAuth({scopes: 'https://www.googleapis.com/auth/drive'});
  const service = google.drive({version: 'v3', auth});

  const driveMetadata = {
    'name': 'Project resources',
  };
  const requestId = uuid.v4();
  try {
    const Drive= await service.drives.create({
      resource: driveMetadata,
      requestId: requestId,
      fields: 'id',
    });
    console.log('Drive Id:', Drive.data.id);
    return Drive.data.id;
  } catch (err) {
    // TODO(developer) - Handle error
    throw err;
  }
}

.NET

drive/snippets/drive_v3/DriveV3Snippets/CreateDrive.cs
using Google.Apis.Auth.OAuth2;
using Google.Apis.Drive.v3;
using Google.Apis.Drive.v3.Data;
using Google.Apis.Services;

namespace DriveV3Snippets
{
    // Class to demonstrate use of Drive's create drive.
    public class CreateDrive
    {
        /// <summary>
        /// Create a drive.
        /// </summary>
        /// <returns>newly created drive Id.</returns>
        public static string DriveCreateDrive()
        {
            try
            {
                /* Load pre-authorized user credentials from the environment.
                 TODO(developer) - See https://developers.google.com/identity for
                 guides on implementing OAuth2 for your application. */
                GoogleCredential credential = GoogleCredential.GetApplicationDefault()
                    .CreateScoped(DriveService.Scope.Drive);

                // Create Drive API service.
                var service = new DriveService(new BaseClientService.Initializer
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Drive API Snippets"
                });

                var driveMetadata = new Drive()
                {
                    Name = "Project Resources"
                };
                var requestId = Guid.NewGuid().ToString();
                var request = service.Drives.Create(driveMetadata, requestId);
                request.Fields = "id";
                var drive = request.Execute();
                Console.WriteLine("Drive ID: " + drive.Id);
                return drive.Id;
            }
            catch (Exception e)
            {
                // TODO(developer) - handle error appropriately
                if (e is AggregateException)
                {
                    Console.WriteLine("Credential Not found");
                }
                else
                {
                    throw;
                }
            }
            return null;
        }
    }
}

Calls to drives.create are idempotent.

The requestId parameter identifies the logical attempt to create the shared drive. If the request times out or returns an indeterminate backend error, the same request may be repeated. The requestId and body of the request must remain the same.

If the shared drive was successfully created on a previous request or as a result of a retry, the normal response is returned. In some cases, such as after a prolonged period of time or if the body of the request has changed, a 409 error may be returned indicating the requestId must be discarded.

Add or remove shared drive members

Add or remove shared drive members using the permissions API.

To add a member, create the permission on the shared drive itself. Permission methods can also be used on individual files within a shared drive to grant members additional privileges or allow non-members to collaborate on specific items.

See Share files and folders for additional details and sample code.

Delete a shared drive

Use the drives.delete method to delete a shared drive. All content in the shared drive must be trashed or deleted prior to deleting the shared drive.

Manage shared drives for domain administrators

Use the useDomainAdminAccess parameter with the drives and permissions resources to manage shared drives across an organization.

Users calling these methods with useDomainAdminAccess=true must have the Drive and Docs administrator privilege. Administrators can search for shared drives or update permissions for shared drives owned by their organization, regardless of the admin's membership in any given shared drive.

Recover a shared drive that doesn't have an organizer

The following example demonstrates how to use these resources to recover shared drives that no longer have an organizer.

Java

drive/snippets/drive_v3/src/main/java/RecoverDrive.java

import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.drive.DriveScopes;
import com.google.api.services.drive.model.Drive;
import com.google.api.services.drive.model.DriveList;
import com.google.api.services.drive.model.Permission;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

/* class to demonstrate use-case of Drive's shared drive without an organizer. */
public class RecoverDrive {

    /**
     * Find all shared drives without an organizer and add one.
     * @param  realUser User's email id.
     * @return All shared drives without an organizer.
     * @throws IOException if shared drive not found.
     */
    public static List<Drive> recoverDrives(String realUser)
            throws IOException {
        /*Load pre-authorized user credentials from the environment.
        TODO(developer) - See https://developers.google.com/identity for
        guides on implementing OAuth2 for your application.*/
        GoogleCredentials credentials = GoogleCredentials.getApplicationDefault().createScoped(Arrays.asList(DriveScopes.DRIVE));
        HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(
                credentials);

        // Build a new authorized API client service.
        com.google.api.services.drive.Drive service = new com.google.api.services.drive.Drive.Builder(new NetHttpTransport(),
                GsonFactory.getDefaultInstance(),
                requestInitializer)
                .setApplicationName("Drive samples")
                .build();
        List<Drive> drives = new ArrayList<Drive>();

        // Find all shared drives without an organizer and add one.
        // Note: This example does not capture all cases. Shared drives
        // that have an empty group as the sole organizer, or an
        // organizer outside the organization are not captured. A
        // more exhaustive approach would evaluate each shared drive
        // and the associated permissions and groups to ensure an active
        // organizer is assigned.
        String pageToken = null;
        Permission newOrganizerPermission = new Permission()
                .setType("user")
                .setRole("organizer");

        newOrganizerPermission.setEmailAddress(realUser);


        do {
            DriveList result = service.drives().list()
                    .setQ("organizerCount = 0")
                    .setFields("nextPageToken, drives(id, name)")
                    .setUseDomainAdminAccess(true)
                    .setPageToken(pageToken)
                    .execute();
            for (Drive drive : result.getDrives()) {
                System.out.printf("Found drive without organizer: %s (%s)\n",
                        drive.getName(), drive.getId());
                // Note: For improved efficiency, consider batching
                // permission insert requests
                Permission permissionResult = service.permissions()
                        .create(drive.getId(), newOrganizerPermission)
                        .setUseDomainAdminAccess(true)
                        .setSupportsAllDrives(true)
                        .setFields("id")
                        .execute();
                System.out.printf("Added organizer permission: %s\n",
                        permissionResult.getId());

            }

            drives.addAll(result.getDrives());

            pageToken = result.getNextPageToken();
        } while (pageToken != null);

        return drives;
    }
}

Python

drive/snippets/drive-v3/drive_snippet/recover_drives.py
from __future__ import print_function

import google.auth
from googleapiclient.discovery import build
from googleapiclient.errors import HttpError


def recover_drives(real_user):
    """Find all shared drives without an organizer and add one.
    Args:
        real_user:User ID for the new organizer.
    Returns:
        drives object

    Load pre-authorized user credentials from the environment.
    TODO(developer) - See https://developers.google.com/identity
    for guides on implementing OAuth2 for the application.
    """
    creds, _ = google.auth.default()
    try:
        # create gmail api client
        service = build('drive', 'v3', credentials=creds)

        drives = []

        # pylint: disable=maybe-no-member
        page_token = None
        new_organizer_permission = {
            'type': 'user',
            'role': 'organizer',
            'emailAddress': 'user@example.com'
        }
        new_organizer_permission['emailAddress'] = real_user

        while True:
            response = service.drives().list(
                q='organizerCount = 0',
                fields='nextPageToken, drives(id, name)',
                useDomainAdminAccess=True, pageToken=page_token).execute()
            for drive in response.get('drives', []):
                print(F'Found shared drive without organizer: '
                      F'{drive.get("title")}, {drive.get("id")}')
                permission = service.permissions().create(
                    fileId=drive.get('id'),
                    body=new_organizer_permission,
                    useDomainAdminAccess=True,
                    supportsAllDrives=True,
                    fields='id').execute()
                print(F'Added organizer permission: {permission.get("id")}')

            drives.extend(response.get('drives', []))
            page_token = response.get('nextPageToken', None)
            if page_token is None:
                break

    except HttpError as error:
        print(F'An error occurred: {error}')

    return drives


if __name__ == '__main__':
    recover_drives(real_user='gduser1@workspacesamples.dev')

Node.js

drive/snippets/drive_v3/drive_snippets/recover_drives.js
/**
 * Find all shared drives without an organizer and add one.
 * @param{string} realUser user ID
 * */
async function recoverDrives(realUser) {
  // Get credentials and build service
  // TODO (developer) - Use appropriate auth mechanism for your app

  const {GoogleAuth} = require('google-auth-library');
  const {google} = require('googleapis');

  const auth = new GoogleAuth({scopes: 'https://www.googleapis.com/auth/drive'});
  const service = google.drive({version: 'v3', auth});
  const drives = [];
  const newOrganizerPermission = {
    type: 'user',
    role: 'organizer',
    value: 'user@example.com',
  };
  newOrganizerPermission.value = realUser;

  let pageToken = null;
  try {
    const res = await service.drives.list({
      q: 'organizerCount = 0',
      fields: 'nextPageToken, items(id, name)',
      useDomainAdminAccess: true,
      pageToken: pageToken,
    });
    Array.prototype.push.apply(drives, res.data.items);
    res.data.items.forEach(function(drive) {
      console.log('Found shared drive without organizer:', drive.name, drive.id);
      drive.permissions.create({
        resource: newOrganizerPermission,
        fileId: drive.id,
        useDomainAdminAccess: true,
        supportsAllDrives: true,
        fields: 'id',
      });
    });
    pageToken = res.nextPageToken;
    return !!pageToken;
  } catch (err) {
    // TODO(developer) - Handle error
    throw err;
  }
}

.NET

drive/snippets/drive_v3/DriveV3Snippets/RecoverDrives.cs
using Google.Apis.Auth.OAuth2;
using Google.Apis.Drive.v3;
using Google.Apis.Drive.v3.Data;
using Google.Apis.Services;

namespace DriveV3Snippets
{
    // Class to demonstrate use-case of Drive's shared drive without an organizer.
    public class RecoverDrives
    {
        /// <summary>
        /// Find all shared drives without an organizer and add one.
        /// </summary>
        /// <param name="realUser">User ID for the new organizer.</param>
        /// <returns>all shared drives without an organizer.</returns>
        public static IList<Drive> DriveRecoverDrives(string realUser)
        {
            try
            {
                /* Load pre-authorized user credentials from the environment.
                 TODO(developer) - See https://developers.google.com/identity for
                 guides on implementing OAuth2 for your application. */
                GoogleCredential credential = GoogleCredential.GetApplicationDefault()
                    .CreateScoped(DriveService.Scope.Drive);

                // Create Drive API service.
                var service = new DriveService(new BaseClientService.Initializer
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Drive API Snippets"
                });

                var drives = new List<Drive>();
                // Find all shared drives without an organizer and add one.
                // Note: This example does not capture all cases. Shared drives
                // that have an empty group as the sole organizer, or an
                // organizer outside the organization are not captured. A
                // more exhaustive approach would evaluate each shared drive
                // and the associated permissions and groups to ensure an active
                // organizer is assigned.
                string pageToken = null;
                var newOrganizerPermission = new Permission()
                {
                    Type = "user",
                    Role = "organizer",
                    EmailAddress = realUser
                };

                do
                {
                    var request = service.Drives.List();
                    request.UseDomainAdminAccess = true;
                    request.Q = "organizerCount = 0";
                    request.Fields = "nextPageToken, drives(id, name)";
                    request.PageToken = pageToken;
                    var result = request.Execute();
                    foreach (var drive in result.Drives)
                    {
                        Console.WriteLine(("Found abandoned shared drive: {0} ({1})",
                            drive.Name, drive.Id));
                        // Note: For improved efficiency, consider batching
                        // permission insert requests
                        var permissionRequest = service.Permissions.Create(
                            newOrganizerPermission,
                            drive.Id
                        );
                        permissionRequest.UseDomainAdminAccess = true;
                        permissionRequest.SupportsAllDrives = true;
                        permissionRequest.Fields = "id";
                        var permissionResult = permissionRequest.Execute();
                        Console.WriteLine("Added organizer permission: {0}", permissionResult.Id);
                    }

                    pageToken = result.NextPageToken;
                } while (pageToken != null);

                return drives;
            }
            catch (Exception e)
            {
                // TODO(developer) - handle error appropriately
                if (e is AggregateException)
                {
                    Console.WriteLine("Credential Not found");
                }
                else
                {
                    throw;
                }
            }
            return null;
        }
    }
}