@pnp/cli-microsoft365
Version:
Manage Microsoft 365 and SharePoint Framework projects on any platform
129 lines • 5.39 kB
JavaScript
import { z } from 'zod';
import { globalOptionsZod } from '../../../../Command.js';
import Auth from '../../../../Auth.js';
import request from '../../../../request.js';
import { entraGroup } from '../../../../utils/entraGroup.js';
import { entraUser } from '../../../../utils/entraUser.js';
import { accessToken } from '../../../../utils/accessToken.js';
import { validation } from '../../../../utils/validation.js';
import PowerAppsCommand from '../../../base/PowerAppsCommand.js';
import commands from '../../commands.js';
export const options = z.strictObject({
...globalOptionsZod.shape,
appName: z.string()
.refine(val => validation.isValidGuid(val), {
message: 'The value is not a valid GUID for appName.'
}),
roleName: z.enum(['CanEdit', 'CanView']),
userId: z.string()
.refine(val => validation.isValidGuid(val), {
message: 'The value is not a valid GUID for userId.'
})
.optional(),
userName: z.string()
.refine(val => validation.isValidUserPrincipalName(val), {
message: 'The value is not a valid user principal name (UPN) for userName.'
})
.optional(),
groupId: z.string()
.refine(val => validation.isValidGuid(val), {
message: 'The value is not a valid GUID for groupId.'
})
.optional(),
groupName: z.string().optional(),
tenant: z.boolean().optional(),
environmentName: z.string().optional().alias('e'),
sendInvitationMail: z.boolean().optional(),
asAdmin: z.boolean().optional()
});
class PaAppPermissionEnsureCommand extends PowerAppsCommand {
get name() {
return commands.APP_PERMISSION_ENSURE;
}
get description() {
return 'Assigns/updates permissions to a Power Apps app';
}
get schema() {
return options;
}
getRefinedSchema(schema) {
return schema
.refine(opts => [opts.userId, opts.userName, opts.groupId, opts.groupName, opts.tenant].filter(x => x !== undefined).length === 1, {
error: `Specify exactly one of the following options: 'userId', 'userName', 'groupId', 'groupName' or 'tenant'.`,
params: {
customCode: 'optionSet',
options: ['userId', 'userName', 'groupId', 'groupName', 'tenant']
}
})
.refine(opts => !opts.environmentName || opts.asAdmin, {
message: 'Specifying environmentName is only allowed when using asAdmin.'
})
.refine(opts => !opts.asAdmin || opts.environmentName, {
message: 'Specifying asAdmin is only allowed when using environmentName.'
})
.refine(opts => !opts.tenant || opts.roleName === 'CanView', {
message: 'Sharing with the entire tenant is only supported with CanView role.'
});
}
async commandAction(logger, args) {
if (this.verbose) {
await logger.logToStderr(`Assigning/updating permissions for '${args.options.userId || args.options.userName || args.options.groupId || args.options.groupName || (args.options.tenant && 'everyone')}' to the Power Apps app '${args.options.appName}'...`);
}
try {
const principalId = await this.getPrincipalId(args.options);
const requestOptions = {
url: `${this.resource}/providers/Microsoft.PowerApps/${args.options.asAdmin ? `scopes/admin/environments/${args.options.environmentName}/` : ''}apps/${args.options.appName}/modifyPermissions?api-version=2022-11-01`,
headers: {
accept: 'application/json'
},
data: {
put: [
{
properties: {
principal: {
id: principalId,
type: this.getPrincipalType(args.options)
},
NotifyShareTargetOption: args.options.sendInvitationMail ? 'Notify' : 'DoNotNotify',
roleName: args.options.roleName
}
}
]
},
responseType: 'json'
};
await request.post(requestOptions);
}
catch (err) {
this.handleRejectedODataJsonPromise(err);
}
}
getPrincipalType(options) {
if (options.userId || options.userName) {
return 'User';
}
if (options.groupId || options.groupName) {
return 'Group';
}
return 'Tenant';
}
async getPrincipalId(options) {
if (options.groupId) {
return options.groupId;
}
if (options.userId) {
return options.userId;
}
if (options.groupName) {
const group = await entraGroup.getGroupByDisplayName(options.groupName);
return group.id;
}
if (options.userName) {
const userId = await entraUser.getUserIdByUpn(options.userName);
return userId;
}
return accessToken.getTenantIdFromAccessToken(Auth.connection.accessTokens[Auth.defaultResource].accessToken);
}
}
export default new PaAppPermissionEnsureCommand();
//# sourceMappingURL=app-permission-ensure.js.map