Merge branch 'main' of github.com:taylorwilsdon/google_workspace_mcp into add-chat-spaces-readonly-scope

2026-02-18 12:36:18 -05:00
parent d964324e5d 6b21632e58
commit 96725470ec
20 changed files with 577 additions and 154 deletions
--- a/auth/scopes.py
+++ b/auth/scopes.py
@@ -81,6 +81,52 @@ SCRIPT_DEPLOYMENTS_READONLY_SCOPE = (
 SCRIPT_PROCESSES_READONLY_SCOPE = "https://www.googleapis.com/auth/script.processes"
 SCRIPT_METRICS_SCOPE = "https://www.googleapis.com/auth/script.metrics"

+# Google scope hierarchy: broader scopes that implicitly cover narrower ones.
+# See https://developers.google.com/gmail/api/auth/scopes,
+# https://developers.google.com/drive/api/guides/api-specific-auth, etc.
+SCOPE_HIERARCHY = {
+    GMAIL_MODIFY_SCOPE: {
+        GMAIL_READONLY_SCOPE,
+        GMAIL_SEND_SCOPE,
+        GMAIL_COMPOSE_SCOPE,
+        GMAIL_LABELS_SCOPE,
+    },
+    DRIVE_SCOPE: {DRIVE_READONLY_SCOPE, DRIVE_FILE_SCOPE},
+    CALENDAR_SCOPE: {CALENDAR_READONLY_SCOPE, CALENDAR_EVENTS_SCOPE},
+    DOCS_WRITE_SCOPE: {DOCS_READONLY_SCOPE},
+    SHEETS_WRITE_SCOPE: {SHEETS_READONLY_SCOPE},
+    SLIDES_SCOPE: {SLIDES_READONLY_SCOPE},
+    TASKS_SCOPE: {TASKS_READONLY_SCOPE},
+    CONTACTS_SCOPE: {CONTACTS_READONLY_SCOPE},
+    CHAT_WRITE_SCOPE: {CHAT_READONLY_SCOPE},
+    FORMS_BODY_SCOPE: {FORMS_BODY_READONLY_SCOPE},
+    SCRIPT_PROJECTS_SCOPE: {SCRIPT_PROJECTS_READONLY_SCOPE},
+    SCRIPT_DEPLOYMENTS_SCOPE: {SCRIPT_DEPLOYMENTS_READONLY_SCOPE},
+}
+
+
+def has_required_scopes(available_scopes, required_scopes):
+    """
+    Check if available scopes satisfy all required scopes, accounting for
+    Google's scope hierarchy (e.g., gmail.modify covers gmail.readonly).
+
+    Args:
+        available_scopes: Scopes the credentials have (set, list, or frozenset).
+        required_scopes: Scopes that are required (set, list, or frozenset).
+
+    Returns:
+        True if all required scopes are satisfied.
+    """
+    available = set(available_scopes or [])
+    required = set(required_scopes or [])
+    # Expand available scopes with implied narrower scopes
+    expanded = set(available)
+    for broad_scope, covered in SCOPE_HIERARCHY.items():
+        if broad_scope in available:
+            expanded.update(covered)
+    return all(scope in expanded for scope in required)
+
+
 # Base OAuth scopes required for user identification
 BASE_SCOPES = [USERINFO_EMAIL_SCOPE, USERINFO_PROFILE_SCOPE, OPENID_SCOPE]