UNPKG

@pnp/cli-microsoft365

Version:

Manage Microsoft 365 and SharePoint Framework projects on any platform

129 lines 5.39 kB
import { z } from 'zod'; import { globalOptionsZod } from '../../../../Command.js'; import Auth from '../../../../Auth.js'; import request from '../../../../request.js'; import { entraGroup } from '../../../../utils/entraGroup.js'; import { entraUser } from '../../../../utils/entraUser.js'; import { accessToken } from '../../../../utils/accessToken.js'; import { validation } from '../../../../utils/validation.js'; import PowerAppsCommand from '../../../base/PowerAppsCommand.js'; import commands from '../../commands.js'; export const options = z.strictObject({ ...globalOptionsZod.shape, appName: z.string() .refine(val => validation.isValidGuid(val), { message: 'The value is not a valid GUID for appName.' }), roleName: z.enum(['CanEdit', 'CanView']), userId: z.string() .refine(val => validation.isValidGuid(val), { message: 'The value is not a valid GUID for userId.' }) .optional(), userName: z.string() .refine(val => validation.isValidUserPrincipalName(val), { message: 'The value is not a valid user principal name (UPN) for userName.' }) .optional(), groupId: z.string() .refine(val => validation.isValidGuid(val), { message: 'The value is not a valid GUID for groupId.' }) .optional(), groupName: z.string().optional(), tenant: z.boolean().optional(), environmentName: z.string().optional().alias('e'), sendInvitationMail: z.boolean().optional(), asAdmin: z.boolean().optional() }); class PaAppPermissionEnsureCommand extends PowerAppsCommand { get name() { return commands.APP_PERMISSION_ENSURE; } get description() { return 'Assigns/updates permissions to a Power Apps app'; } get schema() { return options; } getRefinedSchema(schema) { return schema .refine(opts => [opts.userId, opts.userName, opts.groupId, opts.groupName, opts.tenant].filter(x => x !== undefined).length === 1, { error: `Specify exactly one of the following options: 'userId', 'userName', 'groupId', 'groupName' or 'tenant'.`, params: { customCode: 'optionSet', options: ['userId', 'userName', 'groupId', 'groupName', 'tenant'] } }) .refine(opts => !opts.environmentName || opts.asAdmin, { message: 'Specifying environmentName is only allowed when using asAdmin.' }) .refine(opts => !opts.asAdmin || opts.environmentName, { message: 'Specifying asAdmin is only allowed when using environmentName.' }) .refine(opts => !opts.tenant || opts.roleName === 'CanView', { message: 'Sharing with the entire tenant is only supported with CanView role.' }); } async commandAction(logger, args) { if (this.verbose) { await logger.logToStderr(`Assigning/updating permissions for '${args.options.userId || args.options.userName || args.options.groupId || args.options.groupName || (args.options.tenant && 'everyone')}' to the Power Apps app '${args.options.appName}'...`); } try { const principalId = await this.getPrincipalId(args.options); const requestOptions = { url: `${this.resource}/providers/Microsoft.PowerApps/${args.options.asAdmin ? `scopes/admin/environments/${args.options.environmentName}/` : ''}apps/${args.options.appName}/modifyPermissions?api-version=2022-11-01`, headers: { accept: 'application/json' }, data: { put: [ { properties: { principal: { id: principalId, type: this.getPrincipalType(args.options) }, NotifyShareTargetOption: args.options.sendInvitationMail ? 'Notify' : 'DoNotNotify', roleName: args.options.roleName } } ] }, responseType: 'json' }; await request.post(requestOptions); } catch (err) { this.handleRejectedODataJsonPromise(err); } } getPrincipalType(options) { if (options.userId || options.userName) { return 'User'; } if (options.groupId || options.groupName) { return 'Group'; } return 'Tenant'; } async getPrincipalId(options) { if (options.groupId) { return options.groupId; } if (options.userId) { return options.userId; } if (options.groupName) { const group = await entraGroup.getGroupByDisplayName(options.groupName); return group.id; } if (options.userName) { const userId = await entraUser.getUserIdByUpn(options.userName); return userId; } return accessToken.getTenantIdFromAccessToken(Auth.connection.accessTokens[Auth.defaultResource].accessToken); } } export default new PaAppPermissionEnsureCommand(); //# sourceMappingURL=app-permission-ensure.js.map