Google Workspace MCP Server

Instructions

Implementation Reference

• gdrive/drive_tools.py:304-306 (registration)

  Registers the get_drive_file_permissions tool with the MCP server using decorators for tool registration, HTTP error handling, and Google Drive service authentication.

  @server.tool()
  @handle_http_errors("get_drive_file_permissions", is_read_only=True, service_type="drive")
  @require_google_service("drive", "drive_read")

• gdrive/drive_tools.py:307-409 (handler)

  Core implementation of the get_drive_file_permissions tool. Fetches detailed file metadata and permissions from Google Drive API, formats sharing information, lists permissions, provides URLs, and checks for public link access.

  async def get_drive_file_permissions(
      service,
      user_google_email: str,
      file_id: str,
  ) -> str:
      """
      Gets detailed metadata about a Google Drive file including sharing permissions.
      
      Args:
          user_google_email (str): The user's Google email address. Required.
          file_id (str): The ID of the file to check permissions for.
      
      Returns:
          str: Detailed file metadata including sharing status and URLs.
      """
      logger.info(f"[get_drive_file_permissions] Checking file {file_id} for {user_google_email}")
      
      try:
          # Get comprehensive file metadata including permissions
          file_metadata = await asyncio.to_thread(
              service.files().get(
                  fileId=file_id,
                  fields="id, name, mimeType, size, modifiedTime, owners, permissions, "
                         "webViewLink, webContentLink, shared, sharingUser, viewersCanCopyContent",
                  supportsAllDrives=True
              ).execute
          )
          
          # Format the response
          output_parts = [
              f"File: {file_metadata.get('name', 'Unknown')}",
              f"ID: {file_id}",
              f"Type: {file_metadata.get('mimeType', 'Unknown')}",
              f"Size: {file_metadata.get('size', 'N/A')} bytes",
              f"Modified: {file_metadata.get('modifiedTime', 'N/A')}",
              "",
              "Sharing Status:",
              f"  Shared: {file_metadata.get('shared', False)}",
          ]
          
          # Add sharing user if available
          sharing_user = file_metadata.get('sharingUser')
          if sharing_user:
              output_parts.append(f"  Shared by: {sharing_user.get('displayName', 'Unknown')} ({sharing_user.get('emailAddress', 'Unknown')})")
          
          # Process permissions
          permissions = file_metadata.get('permissions', [])
          if permissions:
              output_parts.append(f"  Number of permissions: {len(permissions)}")
              output_parts.append("  Permissions:")
              for perm in permissions:
                  perm_type = perm.get('type', 'unknown')
                  role = perm.get('role', 'unknown')
                  
                  if perm_type == 'anyone':
                      output_parts.append(f"    - Anyone with the link ({role})")
                  elif perm_type == 'user':
                      email = perm.get('emailAddress', 'unknown')
                      output_parts.append(f"    - User: {email} ({role})")
                  elif perm_type == 'domain':
                      domain = perm.get('domain', 'unknown')
                      output_parts.append(f"    - Domain: {domain} ({role})")
                  elif perm_type == 'group':
                      email = perm.get('emailAddress', 'unknown')
                      output_parts.append(f"    - Group: {email} ({role})")
                  else:
                      output_parts.append(f"    - {perm_type} ({role})")
          else:
              output_parts.append("  No additional permissions (private file)")
          
          # Add URLs
          output_parts.extend([
              "",
              "URLs:",
              f"  View Link: {file_metadata.get('webViewLink', 'N/A')}",
          ])
          
          # webContentLink is only available for files that can be downloaded
          web_content_link = file_metadata.get('webContentLink')
          if web_content_link:
              output_parts.append(f"  Direct Download Link: {web_content_link}")
          
          # Check if file has "anyone with link" permission
          from gdrive.drive_helpers import check_public_link_permission
          has_public_link = check_public_link_permission(permissions)
          
          if has_public_link:
              output_parts.extend([
                  "",
                  "✅ This file is shared with 'Anyone with the link' - it can be inserted into Google Docs"
              ])
          else:
              output_parts.extend([
                  "",
                  "❌ This file is NOT shared with 'Anyone with the link' - it cannot be inserted into Google Docs",
                  "   To fix: Right-click the file in Google Drive → Share → Anyone with the link → Viewer"
              ])
          
          return "\n".join(output_parts)
          
      except Exception as e:
          logger.error(f"Error getting file permissions: {e}")
          return f"Error getting file permissions: {e}"

• gdrive/drive_helpers.py:10-23 (helper)

  Supporting helper function called by the handler to check if the Drive file has 'anyone with the link' permission enabled.

  def check_public_link_permission(permissions: List[Dict[str, Any]]) -> bool:
      """
      Check if file has 'anyone with the link' permission.
      
      Args:
          permissions: List of permission objects from Google Drive API
          
      Returns:
          bool: True if file has public link sharing enabled
      """
      return any(
          p.get('type') == 'anyone' and p.get('role') in ['reader', 'writer', 'commenter']
          for p in permissions
      )