Use Google Drive for checking permissions instead of e-mail address domain

[rgtaylor]

After looking at the source code and some testing, my understanding that a user is allowed to view library pages (Google docs) based solely on the domain associated with their e-mail address. This authorization check is made here:

library\server\userAuth.js:61

if (isDev || (authenticated && domains.has(userDomain))) { setUserInfo(req) return next() }

This means that users who don't have permission through Google's sharing settings can still view Google documents through the library app because the library app is accessing the content through the service account (which does have permission). If the user's e-mail domain is included in the domains list specified by the APPROVED_DOMAINS environment variable, they can view all the documents in the library.

This approach to authorization is far too coarse for a large organization.

Ideally, the authorization should be controlled by the current user's permission to the folder/files through the Google API (https://developers.google.com/drive/api/v3/reference/permissions) to avoid a back door to accessing sensitive Google docs.

Please consider adding this feature to make the library app more secure.

[tmotyl]

This is a missing feature which prevents us from using the app. I can get some js engineer to work on it, but I would like to have support from maintainers to create sth in line with your architectural design.