Skip to main content

Posts

Showing posts from September, 2012

The Day The Security Guy Dropped By...

It's always a pleasure when Arthur the online security guy at York drops by for a cup of tea. Today he pointed out, kind of him to bother really, that....


When you run an AppsScript in a Google Spreadsheet, it is run by the ActiveUser i.e the person that is logged in and working with the spreadsheet. In order to run the AppsScript, which edits the spreadsheet, you need Edit permission on that spreadsheet.

Stay with me.

Because you've got Edit permission on the spreadsheet, the container for the AppsScript, you've also got Edit permission on the AppsScript. That means, that you ( the ActiveUser ) can edit the script to say... get a copy of all my Documents ( assignments etc ) and upload them to a homework cheating site over here... and do it from your actual email address. It could send rude messages from you, the ActiveUser.

AAAAAARGHHHHH!

It's a massive security hole.

You could lock down the spreadsheet so that users can't edit the cells, and give them View access,…

Analysing Collaboration, But Not As We Know It

Yesterday I went to a presentation about Analysing Collaborative Processes and Interaction Patterns in Online Discussions from researchers at the OU.

I found myself getting quite fired up, not in a good way, about their early work, which looked at how 12 students had worked on a collaborative task - generating 29 messages ( this was 2001 folks ). They went on to categorise the messages (by hand) like this...



Joint knowledge buildingAsking questions, dialogue extension promptsSupporting with reference or exampleAcknowledging/ replying / referring to another messageMotivation and commitment to taskInstructions/information - coordination messages... and then diagrams were drawn. I then found myself getting all worked up, not in a good way, about the diagrams, in which ( for me ) too much liberty had been taken with the spacial layout of the data, robbing it of potential meaning. For example, orphan messages were collected at the side, when maybe they should have been clustered ( is lonelin…

Bug or Feature? Google Groups and Google Drive, You Decide.

Photo: joffreylacour

I recently asked people if they'd be willing to help me work out what happens in terms of notification emails when you start sharing Google Documents with them. About 60 people said they'd be happy to take part.

So ( and this is part of the Booking System work ) I create a Google Group called Google-Guinea-Pigs and added everyone to this group. I set the email notification for this group to be "Web Only" because having found people willing to help, I didn't want to immediately start filling up their in trays with "You have been added to ... etc " emails.

So now, I wanted to share my spreadsheet with members of that group. I clicked the "Share" button and added the email address, google-guinea-pigs-group@.... etc. That seemed to work OK.

Next, I went to an unwitting member of the Google Guinea Pigs. When they went to Google Groups, in the My Groups list was indeed Google Guinea Pigs.

But when they went to Google Drive, the …

6. Booking System and Permissions (Update)

The original idea was to use a calendar for hot desk ( or perches as they're called ) bookings, that students could add their bookings to.The idea was to use a spreadsheet, to essentially show which hot desks ( or perches ) which were already booked.The idea was for the script to add an event to the booking calendar, and add the student to the event as a guest.

All of these lovely ideas would mean that there was one central calendar that admin people could check, that people could add their own bookings and also receive something in their calendar so they wouldn't to forget to show up.

Except, none of this works...

... or rather, because I was cornered into creating a Booking Task Queue sheet because adding events didn't work reliably I therefore ran the event adding code from a Trigger ( once a minute ) rather than as  it happens. This of course means that the script runs as ME ... the script author and not THE STUDENT ... who is using the booking system.

What this then me…

5.0 Building a Booking System With Google Apps

I think I have a booking system that is close to working. A big leap forward was made when someone on the Google Apps message boards shared a way of avoiding the painful timeouts and false error messages after creating a calendar entry.

You basically create an event, getting its ID and then get it again, using that ID rather than working with an object. Who'd have thought? Anyway, this is the code that works.


var cal = CalendarApp.getCalendarById('YOUR_CALENDAR_ID@group.calendar.google.com');
var eventID = cal.createEvent(title, startDate, startDate).getId();// create/get event ID

//recall the event for each element you want to add
   cal.getEventSeriesById(eventID).setDescription(eventDesc);
   cal.getEventSeriesById(eventID).setLocation(location)
   cal.getEventSeriesById(eventID).addGuest(email)
   cal.getEventSeriesById(eventID).addEmailReminder(30)
This workaround has meant that I could do away with the Task Queue sheet, which was becoming more complex than it needed to …