Google Apps Script: Calendar Sharing outside the Domain


Google Calendar allows client applications to view and update calendar events in the form of Google Data Protocol feeds. Your client application can use the Google Calendar Data API to create new events, edit or delete existing events, share calendar and query for events that match particular criteria.

To request, add, delete or share data, your application needs an authentication token. You should use OAuth as your application’s authentication method.

This blog describes, how to modify Google Calendar Access Control Lists (ACLs) using the raw protocol. An access control list identifies the set of users with whom a given calendar is shared, and the level of access for each user (such as read-only access, full access, and so on).

Specifically, an ACL is a list of access rules. Each access rule specifies a “scope” (a person or set of people) and then associates a “role” (an access level) with that scope. The ACL for each calendar is available as a Data API feed. Each entry in the feed defines a single access rule.

Google Calendar does not support query parameters on requests for ACL feeds.
A requester with permission to modify the access control list can add a new ACL rule by posting a new entry to the ACL feed’s POST URI. The entry should contain the following elements or properties:

  • <category>
  • <gAcl:scope>
  • <gAcl:role>

You could send a POST request to the following URI, after authentication:

POST /calendar/feeds/<user_emailId>/acl/full

Following, is the example to share the Google calendar to another outside the domain:

//Calender Sharing
var consumerKey="<domain_name>"
var consumerSecret="<domain_consumerSecretKey>"
user1='<email_id>'                                   //Email_Id of the person, whose calender would be shared
user2='<email_id>'                                   //Email_Id of the person,to whom calender would be share

function calenderSharing(){
     var scope = 'https://www.google.com/calendar/feeds/';
    var fetchArgs = googleOAuth_('calenders', scope);
    var rawXml= "<entry xmlns='http://www.w3.org/2005/Atom' xmlns:gAcl='http://schemas.google.com/acl/2007'>"+
      "<category scheme='http://schemas.google.com/g/2005#kind' term='http://schemas.google.com/acl/2007#accessRule'/>"+
      "<gAcl:scope type='user' value='"+user2+"'></gAcl:scope>"+
      "<gAcl:role value='http://schemas.google.com/gCal/2005#owner'>  </gAcl:role></entry>"
    fetchArgs.method = 'POST';
    fetchArgs.payload = rawXml
    fetchArgs.contentType = 'application/atom+xml';

    try{
         var url='https://www.google.com/calendar/feeds/'+user1+'/acl/full'
 //Giving Permission To personal account as a owner
         var urlFetch=UrlFetchApp.fetch(url,fetchArgs)
       }
    catch(err){
        var err1=err.toString()
        var ex='Exception: Request failed for  returned code 302'
        if(ex==err1.split('.')[0]){
              var tempCalenderUrl=[]
              tempCalenderUrl.id = err1.split('<A HREF="')[1];
              tempCalenderUrl.id = tempCalenderUrl.id.split('"')[0];
              var url=tempCalenderUrl.id
              try{
                  var urlFetch=UrlFetchApp.fetch(url,fetchArgs)
                 }
              catch(err){}
         }
     }
}

function googleOAuth_(name,scope) {
  var oAuthConfig = UrlFetchApp.addOAuthService(name);
  oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope="+scope);
  oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
  oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
    oAuthConfig.setConsumerKey(consumerKey);
  oAuthConfig.setConsumerSecret(consumerSecret);
  return {oAuthServiceName:name, oAuthUseToken:"always"};
}

If the specified <gAcl:scope> does not already have a role defined (or, equivalently, if the role for that scope is currently none), then Calendar creates a new ACL rule, and returns the corresponding ACL entry in the response. The returned entry includes several new elements or properties provided by the server.

If there is already a rule in the access control list with a scope whose type and value match that in the request, and whose role is anything other than none, then the POST operation fails with error code 409 Conflict.Thats why, try-catch block is used to skip conflict problem.

Now, you can see the calendar is shared with the person whose email_id is given to the scope’s value attribute.

For more information about Google Calendar Click here

About Ruchi Agarwal

Software Consultant at Knoldus Software LLP having around 2 year experience working in Scala and java. She has good understanding of various technologies like LiftWeb, Akka, Amazon EC2, jQuery, javascript, CSS etc. She is RAD (Rational Application Developer) for WebSphere Software and RFT (Rational Funtional Tester) for Java certified. She is a skilled professional focused on the basic business functions and creation of software. She has a firm understanding of design methodology. She likes to work with responsibility, dedication and perseverance, she has a facility to establish good interpersonal relationships and foremost she is loyal to her principles, ethics and always giving to the best of her caliber.
This entry was posted in Web and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s