Check google calendar API scope to determine if write access is enabled (#84749)

* Check google calendar API scope to determine if write access is enabled * Add API scope for calendar service for creating events
2022-12-29 02:00:31 -08:00 · 2022-12-29 02:00:31 -08:00 · 2049993941
parent bd9f03010f
commit 2049993941
2 changed files with 29 additions and 5 deletions
--- a/homeassistant/components/google/calendar.py
+++ b/homeassistant/components/google/calendar.py
@ -63,6 +63,7 @@ from . import (
    load_config,
    update_config,
 )
+from .api import get_feature_access
 from .const import (
    DATA_SERVICE,
    DATA_STORE,
@ -74,6 +75,7 @@ from .const import (
    EVENT_START_DATE,
    EVENT_START_DATETIME,
    EVENT_TYPES_CONF,
+    FeatureAccess,
 )

 _LOGGER = logging.getLogger(__name__)
@ -213,7 +215,10 @@ async def async_setup_entry(
            # Prefer calendar sync down of resources when possible. However, sync does not work
            # for search. Also free-busy calendars denormalize recurring events as individual
            # events which is not efficient for sync
-            support_write = calendar_item.access_role.is_writer
+            support_write = (
+                calendar_item.access_role.is_writer
+                and get_feature_access(hass, config_entry) is FeatureAccess.read_write
+            )
            if (
                search := data.get(CONF_SEARCH)
                or calendar_item.access_role == AccessRole.FREE_BUSY_READER
@ -265,7 +270,10 @@ async def async_setup_entry(
        await hass.async_add_executor_job(append_calendars_to_config)

    platform = entity_platform.async_get_current_platform()
-    if any(calendar_item.access_role.is_writer for calendar_item in result.items):
+    if (
+        any(calendar_item.access_role.is_writer for calendar_item in result.items)
+        and get_feature_access(hass, config_entry) is FeatureAccess.read_write
+    ):
        platform.async_register_entity_service(
            SERVICE_CREATE_EVENT,
            CREATE_EVENT_SCHEMA,
--- a/tests/components/google/test_calendar.py
+++ b/tests/components/google/test_calendar.py
@ -14,7 +14,7 @@ from aiohttp.client_exceptions import ClientError
 from gcal_sync.auth import API_BASE_URL
 import pytest

-from homeassistant.components.google.const import DOMAIN
+from homeassistant.components.google.const import CONF_CALENDAR_ACCESS, DOMAIN
 from homeassistant.const import STATE_OFF, STATE_ON, Platform
 from homeassistant.core import HomeAssistant
 from homeassistant.helpers import entity_registry as er
@ -1054,8 +1054,24 @@ async def test_websocket_delete_recurring_event_instance(


@pytest.mark.parametrize(
-    "calendar_access_role",
-    ["reader"],
+    "calendar_access_role,token_scopes,config_entry_options",
+    [
+        (
+            "reader",
+            ["https://www.googleapis.com/auth/calendar"],
+            {CONF_CALENDAR_ACCESS: "read_write"},
+        ),
+        (
+            "reader",
+            ["https://www.googleapis.com/auth/calendar.readonly"],
+            {CONF_CALENDAR_ACCESS: "read_only"},
+        ),
+        (
+            "owner",
+            ["https://www.googleapis.com/auth/calendar.readonly"],
+            {CONF_CALENDAR_ACCESS: "read_only"},
+        ),
+    ],
 )
 async def test_readonly_websocket_create(
    hass: HomeAssistant,