Google Drive Access re-requested and fixed

Author: gcclinux

src/cloud/__tests__/GoogleDriveProvider.test.ts

@@ -330,7 +330,7 @@ describe('GoogleDriveProvider Property Tests', () => {
           provider: 'googledrive',
           accessToken: 'valid-token',
           expiresAt: new Date(Date.now() + 3600000), // 1 hour from now
-          scope: 'https://www.googleapis.com/auth/drive.file'
+          scope: 'https://www.googleapis.com/auth/drive'
         });
     });
 

src/cloud/config/demo-credentials.example.ts

@@ -18,8 +18,7 @@ export const GOOGLE_DRIVE_CONFIG = {
 
   // OAuth scopes required by EasyEditor
   SCOPES: [
-    'https://www.googleapis.com/auth/drive.file',    // Create, edit, delete files the app creates
-    'https://www.googleapis.com/auth/drive.readonly'  // Read all files (needed to discover manually uploaded files)
+    'https://www.googleapis.com/auth/drive',    // Full drive access for managing files across sessions
   ],
 
   // Discovery document for Google Drive API v3

src/cloud/config/google-credentials.ts

@@ -201,9 +201,14 @@ export const GOOGLE_DRIVE_CONFIG: GoogleDriveConfig = (() => {
     REDIRECT_URI: envConfig.REDIRECT_URI,
 
     // OAuth scopes required by EasyEditor
+    // NOTE: We use the full 'drive' scope instead of 'drive.file' + 'drive.readonly'
+    // because drive.file only grants write access to files created by the *current*
+    // OAuth session. When a user disconnects and reconnects, the per-file grants
+    // are lost and previously created files become read-only (403 appNotAuthorizedToFile).
+    // The full 'drive' scope ensures the app can always read/write/delete files in
+    // its Easyeditor folder, regardless of which OAuth session created them.
     SCOPES: [
-      'https://www.googleapis.com/auth/drive.file',    // Create, edit, delete files the app creates
-      'https://www.googleapis.com/auth/drive.readonly'  // Read all files (needed to discover manually uploaded files)
+      'https://www.googleapis.com/auth/drive',
     ],
 
     // Discovery document for Google Drive API v3

src/cloud/providers/GISGoogleDriveProvider.ts

@@ -38,7 +38,7 @@ export class GISGoogleDriveProvider implements CloudProvider {
   readonly icon = '🗂️';
 
   private clientId: string;
-  private scope: string = 'https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.readonly';
+  private scope: string = 'https://www.googleapis.com/auth/drive';
   private tokenClient: any = null;
   private isGISLoaded: boolean = false;
 

src/cloud/providers/GoogleDriveProvider.ts

@@ -39,7 +39,7 @@ export class GoogleDriveProvider implements CloudProvider {
 
   private clientId: string;
   private apiKey: string;
-  private scope: string = 'https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.readonly';
+  private scope: string = 'https://www.googleapis.com/auth/drive';
   private isGapiInitialized: boolean = false;
   private gapiInstance: any = null;
 

src/cloud/providers/MockGoogleDriveProvider.ts

@@ -19,7 +19,7 @@ export class MockGoogleDriveProvider implements CloudProvider {
       provider: this.name,
       accessToken: 'fake-access-token-' + Date.now(),
       expiresAt: new Date(Date.now() + 3600000), // 1 hour from now
-      scope: 'https://www.googleapis.com/auth/drive.file'
+      scope: 'https://www.googleapis.com/auth/drive'
     };
 
     // Save the fake credentials

src/cloud/providers/SimpleGoogleDriveProvider.ts

@@ -36,7 +36,7 @@ export class SimpleGoogleDriveProvider implements CloudProvider {
 
   private clientId: string;
   private apiKey: string;
-  private scope: string = 'https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.readonly';
+  private scope: string = 'https://www.googleapis.com/auth/drive';
 
   constructor(clientId?: string, apiKey?: string) {
     this.clientId = clientId || GOOGLE_DRIVE_CONFIG.CLIENT_ID;

src/cloud/providers/TauriGoogleDriveProvider.ts

@@ -36,7 +36,7 @@ export class TauriGoogleDriveProvider implements CloudProvider {
   readonly icon = '🗂️';
 
   private clientId: string;
-  private scope: string = 'https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.readonly';
+  private scope: string = 'https://www.googleapis.com/auth/drive';
   private redirectUri: string = 'http://localhost:8080/oauth/callback';
 
   constructor(clientId?: string, _apiKey?: string) {

src/services/oauth/__tests__/GoogleOAuthProvider.test.ts

@@ -37,7 +37,7 @@ describe('GoogleOAuthProvider', () => {
 
           // Scope should be an array with Google Drive scope
           expect(Array.isArray(provider.scope)).toBe(true);
-          expect(provider.scope).toContain('https://www.googleapis.com/auth/drive.file');
+          expect(provider.scope).toContain('https://www.googleapis.com/auth/drive');
 
           // Properties should be defined and consistent
           expect(typeof provider.name).toBe('string');
@@ -83,7 +83,7 @@ describe('GoogleOAuthProvider', () => {
 
           // Scope should contain Google Drive scope
           const scope = params.get('scope');
-          expect(scope).toContain('https://www.googleapis.com/auth/drive.file');
+          expect(scope).toContain('https://www.googleapis.com/auth/drive');
         }
       ),
       { numRuns: 100 }

src/services/oauth/__tests__/OAuth.workflow-integration.test.ts

@@ -33,7 +33,7 @@ describe('OAuth Workflow Integration Tests', () => {
         'google': {
           clientId: 'google-test-client-id',
           enabled: true,
-          scope: ['https://www.googleapis.com/auth/drive.file']
+          scope: ['https://www.googleapis.com/auth/drive']
         },
         'github': {
           clientId: 'github-test-client-id',
@@ -602,7 +602,7 @@ describe('OAuth Workflow Integration Tests', () => {
         displayName: 'Google',
         authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
         tokenUrl: 'https://oauth2.googleapis.com/token',
-        scope: ['https://www.googleapis.com/auth/drive.file'],
+        scope: ['https://www.googleapis.com/auth/drive'],
         clientId: 'valid-google-client-id'
       },
       {