@pnp/cli-microsoft365
Version:
Manage Microsoft 365 and SharePoint Framework projects on any platform
121 lines • 5.08 kB
JavaScript
import { z } from 'zod';
import { globalOptionsZod } from '../../../../Command.js';
import Auth from '../../../../Auth.js';
import { cli } from '../../../../cli/cli.js';
import request from '../../../../request.js';
import { entraGroup } from '../../../../utils/entraGroup.js';
import { entraUser } from '../../../../utils/entraUser.js';
import { accessToken } from '../../../../utils/accessToken.js';
import { validation } from '../../../../utils/validation.js';
import PowerAppsCommand from '../../../base/PowerAppsCommand.js';
import commands from '../../commands.js';
export const options = z.strictObject({
...globalOptionsZod.shape,
appName: z.string()
.refine(val => validation.isValidGuid(val), {
message: 'The value is not a valid GUID for appName.'
}),
userId: z.string()
.refine(val => validation.isValidGuid(val), {
message: 'The value is not a valid GUID for userId.'
})
.optional(),
userName: z.string()
.refine(val => validation.isValidUserPrincipalName(val), {
message: 'The value is not a valid user principal name (UPN) for userName.'
})
.optional(),
groupId: z.string()
.refine(val => validation.isValidGuid(val), {
message: 'The value is not a valid GUID for groupId.'
})
.optional(),
groupName: z.string().optional(),
tenant: z.boolean().optional(),
asAdmin: z.boolean().optional(),
environmentName: z.string().optional().alias('e'),
force: z.boolean().optional().alias('f')
});
class PaAppPermissionRemoveCommand extends PowerAppsCommand {
get name() {
return commands.APP_PERMISSION_REMOVE;
}
get description() {
return 'Removes permissions to a Power Apps app';
}
get schema() {
return options;
}
getRefinedSchema(schema) {
return schema
.refine(opts => [opts.userId, opts.userName, opts.groupId, opts.groupName, opts.tenant].filter(x => x !== undefined).length === 1, {
error: `Specify exactly one of the following options: 'userId', 'userName', 'groupId', 'groupName' or 'tenant'.`,
params: {
customCode: 'optionSet',
options: ['userId', 'userName', 'groupId', 'groupName', 'tenant']
}
})
.refine(opts => !opts.environmentName || opts.asAdmin, {
message: 'Specifying environmentName is only allowed when using asAdmin.'
})
.refine(opts => !opts.asAdmin || opts.environmentName, {
message: 'Specifying asAdmin is only allowed when using environmentName.'
});
}
async commandAction(logger, args) {
try {
if (args.options.force) {
await this.removeAppPermission(logger, args.options);
}
else {
const result = await cli.promptForConfirmation({ message: `Are you sure you want to remove the permissions of '${args.options.userId || args.options.userName || args.options.groupId || args.options.groupName || (args.options.tenant && 'everyone')}' from the Power App '${args.options.appName}'?` });
if (result) {
await this.removeAppPermission(logger, args.options);
}
}
}
catch (err) {
this.handleRejectedODataJsonPromise(err);
}
}
async removeAppPermission(logger, options) {
if (this.verbose) {
await logger.logToStderr(`Removing permissions for '${options.userId || options.userName || options.groupId || options.groupName || (options.tenant && 'everyone')}' for the Power Apps app ${options.appName}...`);
}
const principalId = await this.getPrincipalId(options);
const requestOptions = {
url: `${this.resource}/providers/Microsoft.PowerApps/${options.asAdmin ? `scopes/admin/environments/${options.environmentName}/` : ''}apps/${options.appName}/modifyPermissions?api-version=2022-11-01`,
headers: {
accept: 'application/json'
},
data: {
delete: [
{
id: principalId
}
]
},
responseType: 'json'
};
await request.post(requestOptions);
}
async getPrincipalId(options) {
if (options.groupId) {
return options.groupId;
}
if (options.userId) {
return options.userId;
}
if (options.groupName) {
const group = await entraGroup.getGroupByDisplayName(options.groupName);
return group.id;
}
if (options.userName) {
const userId = await entraUser.getUserIdByUpn(options.userName);
return userId;
}
return `tenant-${accessToken.getTenantIdFromAccessToken(Auth.connection.accessTokens[Auth.defaultResource].accessToken)}`;
}
}
export default new PaAppPermissionRemoveCommand();
//# sourceMappingURL=app-permission-remove.js.map