cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Using API to copy a file to a folder not accessible to the user copying file

Using API to copy a file to a folder not accessible to the user copying file

mooreppj
Explorer | Level 4

Hello,

Strange question here: I am working on an excel timesheet application for my company.  Having searched a bit I can't seem to find anything on this topic and would like to get some feedback on feasibility.

What I currently do:

Our employees fill out a timesheet in excel which details some important information in addition to the hours they input for approval.  Without incorporating Dropbox at the moment, this application only lets the employees input their hours and task details and when they have validated their own hours, they can submit their timesheet for approval.  What the application currently does is lock the workbook and copy it to a folder where a manager can review and approve the timesheet.  Obviously, the employee shouldn't be able to write to this 'pending' timesheet any further.  Currently, it is programatically locked so they can't change anything.

What I'd like to do in Dropbox

Ideally, I would like to have all of these timesheets on Dropbox with shared folders isolating each employee.  They would fill out their tasks/hours, and when they press the button in excel to submit for approval, some code would ping Dropbox's API and copy a copy the file to a folder the employee would not be able to read/write to.  This is the crux of my question:  Is it possible to use dropbox's API to push files from one place where a user has read/write access to another place where the user does not have access at all?  In this way, when a timesheet is submitted, there is a 'safe' copy in a place an employee can no longer even see it let alone modify it and this is stored safely in the cloud.

//EDIT//

I should clarify that the place the employee's timesheets would be sent on dropbox would be a common "Pending Approval" folder that would be the end point for all employee's submitted timesheets. 

//EDIT//

From a feasibility perspective, does Dropbox's API currently support this kind of data mobility?  If so, could I please be given some information on which methods would be necessary to accomplish this?

Thank you very much!

2 Replies 2

Greg-DB
Dropbox Staff

Unfortunately, Dropbox and the Dropbox API don't really offer something like this. Dropbox generally doesn't distinguish between the ability to add a new file and otherwise being able to write (e.g., update or delete) in its access controls.

Some things that do come to mind as potential solutions though:

  • If the manager and all of the employees are members of the same Dropbox Business team, you could register a "Dropbox Business API" app with the "Team member file access" permission and use the "member file access" feature to administratively move files out of the employees' accounts and into a folder they don't have access to. I also recommend checking out the Namespace Guide and Content Access Guide for more information on how files/folders and access controls are structured. This blog post may also be helpful.
  • You could use the /2/files/get_temporary_upload_link endpoint to get temporary upload links that could be used to upload files to a location that the employees' accounts don't actually have access to. The actual /2/files/get_temporary_upload_link calls would need to be made by an access token for an account that does have access to the destination, e.g., the manager's account, though.
  • You could use file requests to collect the files from the employees. You can use the /2/file_requests/create endpoint from the manager's account to programmatically create file requests if you want different ones, or just manually make one to always use. Either way, the actual employee submissions to the file request(s) would need to be done manually though.

mooreppj
Explorer | Level 4

Thanks for the reply Greg, those are some interesting solutions.  I'll look into them today!

 

Have a great day!

Need more support?