Ask a Question

PlantUML Gizmo - Google Docs Add-on: Allow this application to run when you are not present

+1 vote
asked Aug 4, 2014 in To be sorted by wernight (120 points)

The Google Docs add-on from fuhrmanator avaiable at https://chrome.google.com/webstore/detail/plantuml-gizmo/gkhhgpmifdpiagjagcbconfnnhkmomnp is asking for permissions which seem a bit too much.

I'm not sure if this extension is developped here or from a third party either.

Two in particular permssion seem too much:

  • View and manage your documents in Google Drive
  • Allow this application to run when you are not present

It should only require:

  • View and manage documents that this application has been installed in
  • View and manage data associated with the application
  • Connect to an external service

So it's a dual question / feature request:

  1. Is it developped officially OpenSource by PlantUML?
  2. ​Why require so much permissions? Can you reduce them?

1 Answer

+1 vote
answered Aug 4, 2014 by Fuhrmanator (1,700 points)
selected Aug 7, 2014 by wernight
 
Best answer

Hello,

Thanks for the feedback on PlantUML Gizmo. I'm the developer.

As for permissions, I can state for the record that if any extra permissions are required, it's not for any nefarious reasons on my part.

I just wrote a script based on one of their examples, and then let Google determine permissions when it's run (the Gizmo, that is). I think it asks permissions based on my code.

I agree that "allowing the application to run when you're not present" seems strange, but I don't recall having that permission when I installed it on my Drive account.

[Edit]

Answering your questions specifically:

1. Is it developed officially OpenSource by PlantUML. --> No, I've been trying to integrate PlantUML diagrams into Google Docs for months via Google Apps Script, and it wasn't until Add-ons were officially released in March that I made it happen. This is a personal project of mine (no official affiliation with PlantUML).

As for it being OpenSource, I don't have a problem sharing the code (there's not much that's my own - it will fill up 2-3 pages) and much of it is based on Google's Translate Add-on. The substantial code all was mostly in existing JavaScript modules that I re-used from PlantUML.

Add-ons have to go through a vetting process with Google (it's why PlantUML Gizmo came out at the end of July; the code was submitted in early April I think). So, it's not really an OpenSource project per se. The code is stored in a Google Apps Script source server (which isn't really "open" although I think I can share it if I share the document where it's written).

For now, Add-ons can't do a lot as far as I can tell. You can't easily modify the contents of a Google Document apart from the standard things. Gizmo inserts an image from a URL, and links the URL to the image so it can get the source back from it later. All the magic is in the coding/decoding of the PlantUML URL for an image. Gizmo stores nothing funny in the Google Document. This was the simplest way I could think of (I considered using comments, and Alternative Text, but didn't like those ideas).

2. Why require so much permissions? Can you reduce them? --> I would like to simplify things as much as possible. There is some good news:

  • View and manage your documents in Google Drive (as opposed to only the ones it's installed in). I found an answer here, and will try to change this in the next update.
  • Allow this application to run when you are not present. This looks like a bug in Google's API. I definitely use some URL manipulations, but don't make that specific call (although it may be done in one of the higher-level calls I make).
commented Aug 5, 2014 by Fuhrmanator (1,700 points)
The latest version (2) of PlantUML Gizmo only asks permissions to "View and manage documents that this application has been installed in"
commented Aug 7, 2014 by wernight (120 points)
Thanks for your replies. It would be nice to see it integrated or somehow referenced here even if it's a separate GitHub project behind. I know of the limitations; if you want to see a good example working with those limitations, see Lucidchart Docs plugin. It inserts an image with a link to the editor to edit it. There is also a update all in the toolbar that will updated all images (I guess from the link or something like that).
commented Nov 19, 2014 by Fuhrmanator (1,700 points)
I got it from a source at Google that the application runs when you're not present to refresh the tokens that are acquired with OAuth. I wish I had more than that to explain the permission. If it ever is documented and I can find it, I'll link to it on the FAQ.
Advertise
...