Google Apps Script: Calendar Sharing outside the Domain

Table of contents

Reading Time: 2 minutes

Google Calendar allows client applications to view and update calendar events in the form of Google Data Protocol feeds. Your client application can use the Google Calendar Data API to create new events, edit or delete existing events, share calendar and query for events that match particular criteria.

To request, add, delete or share data, your application needs an authentication token. You should use OAuth as your application’s authentication method.

This blog describes, how to modify Google Calendar Access Control Lists (ACLs) using the raw protocol. An access control list identifies the set of users with whom a given calendar is shared, and the level of access for each user (such as read-only access, full access, and so on).

Specifically, an ACL is a list of access rules. Each access rule specifies a “scope” (a person or set of people) and then associates a “role” (an access level) with that scope. The ACL for each calendar is available as a Data API feed. Each entry in the feed defines a single access rule.

Google Calendar does not support query parameters on requests for ACL feeds.
A requester with permission to modify the access control list can add a new ACL rule by posting a new entry to the ACL feed’s POST URI. The entry should contain the following elements or properties:

<category>
<gAcl:scope>
<gAcl:role>

You could send a POST request to the following URI, after authentication:

POST /calendar/feeds/<user_emailId>/acl/full

Following, is the example to share the Google calendar to another outside the domain:

//Calender Sharing
var consumerKey="<domain_name>"
var consumerSecret="<domain_consumerSecretKey>"
user1='<email_id>'                                   //Email_Id of the person, whose calender would be shared
user2='<email_id>'                                   //Email_Id of the person,to whom calender would be share

function calenderSharing(){
     var scope = 'https://www.google.com/calendar/feeds/';
    var fetchArgs = googleOAuth_('calenders', scope);
    var rawXml= "<entry xmlns='http://www.w3.org/2005/Atom' xmlns:gAcl='http://schemas.google.com/acl/2007'>"+
      "<category scheme='http://schemas.google.com/g/2005#kind' term='http://schemas.google.com/acl/2007#accessRule'/>"+
      "<gAcl:scope type='user' value='"+user2+"'></gAcl:scope>"+
      "<gAcl:role value='http://schemas.google.com/gCal/2005#owner'>  </gAcl:role></entry>"
    fetchArgs.method = 'POST';
    fetchArgs.payload = rawXml
    fetchArgs.contentType = 'application/atom+xml';

    try{
         var url='https://www.google.com/calendar/feeds/'+user1+'/acl/full'
 //Giving Permission To personal account as a owner
         var urlFetch=UrlFetchApp.fetch(url,fetchArgs)
       }
    catch(err){
        var err1=err.toString()
        var ex='Exception: Request failed for  returned code 302'
        if(ex==err1.split('.')[0]){
              var tempCalenderUrl=[]
              tempCalenderUrl.id = err1.split('<A HREF="')[1];
              tempCalenderUrl.id = tempCalenderUrl.id.split('"')[0];
              var url=tempCalenderUrl.id
              try{
                  var urlFetch=UrlFetchApp.fetch(url,fetchArgs)
                 }
              catch(err){}
         }
     }
}

function googleOAuth_(name,scope) {
  var oAuthConfig = UrlFetchApp.addOAuthService(name);
  oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope="+scope);
  oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
  oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
    oAuthConfig.setConsumerKey(consumerKey);
  oAuthConfig.setConsumerSecret(consumerSecret);
  return {oAuthServiceName:name, oAuthUseToken:"always"};
}

If the specified <gAcl:scope> does not already have a role defined (or, equivalently, if the role for that scope is currently none), then Calendar creates a new ACL rule, and returns the corresponding ACL entry in the response. The returned entry includes several new elements or properties provided by the server.

If there is already a rule in the access control list with a scope whose type and value match that in the request, and whose role is anything other than none, then the POST operation fails with error code 409 Conflict.Thats why, try-catch block is used to skip conflict problem.

Now, you can see the calendar is shared with the person whose email_id is given to the scope’s value attribute.

For more information about Google Calendar Click here