@pnp/cli-microsoft365
Version:
Manage Microsoft 365 and SharePoint Framework projects on any platform
182 lines • 7.45 kB
JavaScript
import { z } from 'zod';
import { globalOptionsZod } from '../../../../Command.js';
import request from '../../../../request.js';
import { entraGroup } from '../../../../utils/entraGroup.js';
import { entraUser } from '../../../../utils/entraUser.js';
import { validation } from '../../../../utils/validation.js';
import { zod } from '../../../../utils/zod.js';
import GraphCommand from '../../../base/GraphCommand.js';
import commands from '../../commands.js';
const RoleEnum = {
Owner: 'Owner',
Member: 'Member'
};
export const options = z.strictObject({
...globalOptionsZod.shape,
groupId: z.uuid().optional().alias('i'),
groupName: z.string().optional().alias('n'),
userIds: z.string()
.refine(ids => validation.isValidGuidArray(ids) === true, {
error: e => `The following GUIDs are invalid for the option 'userIds': ${validation.isValidGuidArray(e.input)}.`
}).optional(),
userNames: z.string()
.refine(names => validation.isValidUserPrincipalNameArray(names) === true, {
error: e => `User principal name '${validation.isValidUserPrincipalNameArray(e.input)}' is invalid for option 'userNames'.`
}).optional(),
role: zod.coercedEnum(RoleEnum).alias('r')
});
class EntraGroupMemberSetCommand extends GraphCommand {
get name() {
return commands.GROUP_MEMBER_SET;
}
get description() {
return 'Updates the role of members in a Microsoft Entra ID group';
}
get schema() {
return options;
}
getRefinedSchema(schema) {
return schema
.refine(options => [options.groupId, options.groupName].filter(o => o !== undefined).length === 1, {
error: 'Use one of the following options: groupId or groupName.',
params: {
customCode: 'optionSet',
options: ['groupId', 'groupName']
}
})
.refine(options => [options.userIds, options.userNames].filter(o => o !== undefined).length === 1, {
error: 'Use one of the following options: userIds or userNames.',
params: {
customCode: 'optionSet',
options: ['userIds', 'userNames']
}
});
}
async commandAction(logger, args) {
try {
if (this.verbose) {
await logger.logToStderr(`Adding member(s) ${args.options.userIds || args.options.userNames} to role ${args.options.role} of group ${args.options.groupId || args.options.groupName}...`);
}
const groupId = await this.getGroupId(logger, args.options);
const userIds = await this.getUserIds(logger, args.options);
// we can't simply switch the role
// first add users to the new role
await this.addUsers(groupId, userIds, args.options);
// remove users from the old role
await this.removeUsersFromRole(logger, groupId, userIds, args.options);
}
catch (err) {
this.handleRejectedODataJsonPromise(err);
}
}
async getGroupId(logger, options) {
if (options.groupId) {
return options.groupId;
}
if (this.verbose) {
await logger.logToStderr(`Retrieving ID of group ${options.groupName}...`);
}
return entraGroup.getGroupIdByDisplayName(options.groupName);
}
async getUserIds(logger, options) {
if (options.userIds) {
return options.userIds.split(',').map(i => i.trim());
}
if (this.verbose) {
await logger.logToStderr('Retrieving ID(s) of user(s)...');
}
return entraUser.getUserIdsByUpns(options.userNames.split(',').map(u => u.trim()));
}
async removeUsersFromRole(logger, groupId, userIds, options) {
const userIdsToRemove = [];
const currentRole = options.role === 'Member' ? 'owners' : 'members';
if (this.verbose) {
await logger.logToStderr(`Removing members from the old role '${currentRole}'.`);
}
for (let i = 0; i < userIds.length; i += 20) {
const userIdsBatch = userIds.slice(i, i + 20);
const requestOptions = this.getRequestOptions();
userIdsBatch.map(userId => {
requestOptions.data.requests.push({
id: userId,
method: 'GET',
url: `/groups/${groupId}/${currentRole}/$count?$filter=id eq '${userId}'`,
headers: {
'ConsistencyLevel': 'eventual'
}
});
});
// send batch request
const res = await request.post(requestOptions);
for (const response of res.responses) {
if (response.status === 200) {
if (response.body === 1) {
// user can be removed from current role
userIdsToRemove.push(response.id);
}
}
else {
throw response.body;
}
}
}
for (let i = 0; i < userIdsToRemove.length; i += 20) {
const userIdsBatch = userIds.slice(i, i + 20);
const requestOptions = this.getRequestOptions();
userIdsBatch.map(userId => {
requestOptions.data.requests.push({
id: userId,
method: 'DELETE',
url: `/groups/${groupId}/${currentRole}/${userId}/$ref`
});
});
const res = await request.post(requestOptions);
for (const response of res.responses) {
if (response.status !== 204) {
throw response.body;
}
}
}
}
async addUsers(groupId, userIds, options) {
for (let i = 0; i < userIds.length; i += 400) {
const userIdsBatch = userIds.slice(i, i + 400);
const requestOptions = this.getRequestOptions();
for (let j = 0; j < userIdsBatch.length; j += 20) {
const userIdsChunk = userIdsBatch.slice(j, j + 20);
requestOptions.data.requests.push({
id: j + 1,
method: 'PATCH',
url: `/groups/${groupId}`,
headers: {
'content-type': 'application/json;odata.metadata=none'
},
body: {
[`${options.role === 'Member' ? 'members' : 'owners'}@odata.bind`]: userIdsChunk.map(u => `${this.resource}/v1.0/directoryObjects/${u}`)
}
});
}
const res = await request.post(requestOptions);
for (const response of res.responses) {
if (response.status !== 204) {
throw response.body;
}
}
}
}
getRequestOptions() {
const requestOptions = {
url: `${this.resource}/v1.0/$batch`,
headers: {
'content-type': 'application/json;odata.metadata=none'
},
responseType: 'json',
data: {
requests: []
}
};
return requestOptions;
}
}
export default new EntraGroupMemberSetCommand();
//# sourceMappingURL=group-member-set.js.map