Limiting user access
Let us return for a while to publishing web apps, which we explored at the very beginning of this chapter: we saw that we could deploy them to run as myself and used by either Anyone or only me.
That's actually the first level of access limitation, but sometimes we would like to give access to some people we know and prevent everyone else from using it; this basic limitation is definitely too basic.
There are a few ways to get the result we want; the following are two simple examples.
When we deploy an app as User accessing the web app, the user will be asked to authorize the script to get his e-mail address (or more information if the app uses other Google services) and information about who is using it.
In this case, we can easily place a condition on this e-mail address for it to be compared to the list of authorized users. The following code for this is very simple:
var email = Session.getEffectiveUser().getEmail(); var client = ['serge@gmail.com','mary@yahoo.com','william...