UNPKG

@pnp/cli-microsoft365

Version:

Manage Microsoft 365 and SharePoint Framework projects on any platform

121 lines 5.08 kB
import { z } from 'zod'; import { globalOptionsZod } from '../../../../Command.js'; import Auth from '../../../../Auth.js'; import { cli } from '../../../../cli/cli.js'; import request from '../../../../request.js'; import { entraGroup } from '../../../../utils/entraGroup.js'; import { entraUser } from '../../../../utils/entraUser.js'; import { accessToken } from '../../../../utils/accessToken.js'; import { validation } from '../../../../utils/validation.js'; import PowerAppsCommand from '../../../base/PowerAppsCommand.js'; import commands from '../../commands.js'; export const options = z.strictObject({ ...globalOptionsZod.shape, appName: z.string() .refine(val => validation.isValidGuid(val), { message: 'The value is not a valid GUID for appName.' }), userId: z.string() .refine(val => validation.isValidGuid(val), { message: 'The value is not a valid GUID for userId.' }) .optional(), userName: z.string() .refine(val => validation.isValidUserPrincipalName(val), { message: 'The value is not a valid user principal name (UPN) for userName.' }) .optional(), groupId: z.string() .refine(val => validation.isValidGuid(val), { message: 'The value is not a valid GUID for groupId.' }) .optional(), groupName: z.string().optional(), tenant: z.boolean().optional(), asAdmin: z.boolean().optional(), environmentName: z.string().optional().alias('e'), force: z.boolean().optional().alias('f') }); class PaAppPermissionRemoveCommand extends PowerAppsCommand { get name() { return commands.APP_PERMISSION_REMOVE; } get description() { return 'Removes permissions to a Power Apps app'; } get schema() { return options; } getRefinedSchema(schema) { return schema .refine(opts => [opts.userId, opts.userName, opts.groupId, opts.groupName, opts.tenant].filter(x => x !== undefined).length === 1, { error: `Specify exactly one of the following options: 'userId', 'userName', 'groupId', 'groupName' or 'tenant'.`, params: { customCode: 'optionSet', options: ['userId', 'userName', 'groupId', 'groupName', 'tenant'] } }) .refine(opts => !opts.environmentName || opts.asAdmin, { message: 'Specifying environmentName is only allowed when using asAdmin.' }) .refine(opts => !opts.asAdmin || opts.environmentName, { message: 'Specifying asAdmin is only allowed when using environmentName.' }); } async commandAction(logger, args) { try { if (args.options.force) { await this.removeAppPermission(logger, args.options); } else { const result = await cli.promptForConfirmation({ message: `Are you sure you want to remove the permissions of '${args.options.userId || args.options.userName || args.options.groupId || args.options.groupName || (args.options.tenant && 'everyone')}' from the Power App '${args.options.appName}'?` }); if (result) { await this.removeAppPermission(logger, args.options); } } } catch (err) { this.handleRejectedODataJsonPromise(err); } } async removeAppPermission(logger, options) { if (this.verbose) { await logger.logToStderr(`Removing permissions for '${options.userId || options.userName || options.groupId || options.groupName || (options.tenant && 'everyone')}' for the Power Apps app ${options.appName}...`); } const principalId = await this.getPrincipalId(options); const requestOptions = { url: `${this.resource}/providers/Microsoft.PowerApps/${options.asAdmin ? `scopes/admin/environments/${options.environmentName}/` : ''}apps/${options.appName}/modifyPermissions?api-version=2022-11-01`, headers: { accept: 'application/json' }, data: { delete: [ { id: principalId } ] }, responseType: 'json' }; await request.post(requestOptions); } async getPrincipalId(options) { if (options.groupId) { return options.groupId; } if (options.userId) { return options.userId; } if (options.groupName) { const group = await entraGroup.getGroupByDisplayName(options.groupName); return group.id; } if (options.userName) { const userId = await entraUser.getUserIdByUpn(options.userName); return userId; } return `tenant-${accessToken.getTenantIdFromAccessToken(Auth.connection.accessTokens[Auth.defaultResource].accessToken)}`; } } export default new PaAppPermissionRemoveCommand(); //# sourceMappingURL=app-permission-remove.js.map