# Editor Permissions Without Upload Capability ## The Challenge Google Drive's permission levels are: - **Viewer**: Can view only - **Commenter**: Can view and comment - **Editor**: Can view, edit, **upload**, and delete - **Owner**: Full control **There is no native Google Drive permission that allows editing but blocks uploads.** ## Solution Options ### Option 1: System-Level Upload Block + Editor Permissions (Recommended) **How it works:** 1. Give `secretary@elparaisogolf.com` **Editor** permissions in Google Drive - This allows them to edit existing files - They can also upload manually through Google Drive interface (limitation) 2. Block uploads through your system - Set `can_upload = 'N'` in Volunteer Management - This blocks automatic API uploads via your system - Manual uploads through Google Drive will still work (Editor permission includes uploads) **Result:** - ✅ Can edit existing files in Google Drive - ✅ Cannot upload via your system interface - ⚠️ Can still upload manually through Google Drive (Editor permission limitation) ### Option 2: Commenter + Selective Editor on Files **How it works:** 1. Give `secretary@elparaisogolf.com` **Commenter** permission on the folder - This blocks uploads to the folder 2. Grant **Editor** permission on specific files they need to edit - Right-click each file → Share → Add Editor permission **Result:** - ✅ Can edit specific files (where Editor is granted) - ✅ Cannot upload new files to the folder - ❌ Cannot edit files without explicit Editor permission - ⚠️ Requires managing permissions per file (tedious) ### Option 3: Hybrid Approach (Best Balance) **How it works:** 1. Give **Editor** permission on `roles/secretary` folder - Allows editing all files in the folder 2. Set system restriction `can_upload = 'N'` - Blocks automatic uploads via your system 3. Accept that manual uploads through Google Drive are possible - Or use Google Workspace admin policies to monitor/restrict **Result:** - ✅ Can edit all files in the folder - ✅ Cannot upload via your system - ⚠️ Can upload manually through Google Drive (but you can monitor this) ## Recommended Implementation ### Step 1: Set Google Drive Permissions 1. Log in to Business Workspace Drive: `elparaisogolfclub@gmail.com` 2. Navigate to `roles/secretary` folder 3. Right-click → **Share** 4. Add `secretary@elparaisogolf.com` with **Editor** permission 5. Click **Done** ### Step 2: Set System Restriction 1. Log in as admin (999914) 2. Go to Volunteer Management 3. Find Secretary (8022) 4. Click **"Restrict Upload"** button 5. This sets `can_upload = 'N'` ### Step 3: Monitor Manual Uploads (Optional) If you want to prevent manual uploads through Google Drive: 1. **Google Workspace Admin Console**: https://admin.google.com/ 2. Go to **Reports** → **Drive** → **Sharing** 3. Monitor file uploads by `secretary@elparaisogolf.com` 4. Set up alerts for new files in `roles/secretary` folder ## Alternative: Custom Permission Workflow If you need strict control, you could: 1. Use **Commenter** permission on the folder 2. Create a workflow where: - Files are uploaded by admin/automated system - Secretary gets Editor permission on uploaded files automatically - Secretary can edit but cannot upload new files This would require additional automation/scripting. ## Summary **Best Approach:** - ✅ **Editor** permission in Google Drive (allows editing) - ✅ **System restriction** `can_upload = 'N'` (blocks system uploads) - ⚠️ **Accept limitation**: Manual uploads through Google Drive are still possible with Editor permission **If you need to block ALL uploads (including manual):** - Use **Commenter** permission instead - Grant **Editor** on specific files as needed - More restrictive but prevents all uploads ## Code Implementation The system already supports this! When `can_upload = 'N'`: - Blocks automatic API uploads ✅ - Allows editing through Google Drive (if Editor permission is set) ✅ - Manual uploads through Google Drive still work (Editor permission limitation) ⚠️