protected override void ExecuteCmdlet() { var packageName = $"pnp-temporary-request-{System.Guid.NewGuid()}"; var appCatalog = Tenant.GetAppCatalog(); using (var appCatalogContext = ClientContext.Clone(appCatalog)) { var list = appCatalogContext.Web.Lists.GetByTitle("Web Api Permission Requests"); var itemCI = new ListItemCreationInformation(); var item = list.AddItem(itemCI); item["_ows_PackageName"] = packageName; item["_ows_PackageVersion"] = "0.0.0.0"; item["_ows_Scope"] = Scope; item["_ows_ResourceId"] = Resource; item.Update(); appCatalogContext.ExecuteQueryRetry(); } var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); var requests = ClientContext.LoadQuery(servicePrincipal.PermissionRequests.Where(r => r.PackageName == packageName)); ClientContext.ExecuteQueryRetry(); if (requests.Any()) { var newRequest = requests.First(); var request = servicePrincipal.PermissionRequests.GetById(newRequest.Id); var grant = request.Approve(); ClientContext.Load(grant); ClientContext.ExecuteQueryRetry(); WriteObject(new TenantServicePrincipalPermissionGrant(grant)); } }
protected override void ExecuteCmdlet() { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); ClientContext.Load(servicePrincipal); ClientContext.ExecuteQueryRetry(); WriteObject(servicePrincipal); }
protected override void ExecuteCmdlet() { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); var requests = servicePrincipal.PermissionRequests; ClientContext.Load(requests); ClientContext.ExecuteQueryRetry(); WriteObject(requests, true); }
protected override void ExecuteCmdlet() { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); var permissionGrants = servicePrincipal.PermissionGrants; ClientContext.Load(permissionGrants); ClientContext.ExecuteQueryRetry(); WriteObject(permissionGrants.Select(g => new TenantServicePrincipalPermissionGrant(g)), true); }
protected override void ExecuteCmdlet() { if (Force || ShouldContinue($"Deny request {RequestId}?", "Continue")) { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); var request = servicePrincipal.PermissionRequests.GetById(RequestId); request.Deny(); ClientContext.ExecuteQueryRetry(); } }
protected override void ExecuteCmdlet() { if (Force || ShouldContinue("Revoke permission?", "Continue")) { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); var grant = servicePrincipal.PermissionGrants.GetByObjectId(ObjectId); grant.DeleteObject(); ClientContext.ExecuteQuery(); } }
protected override void ExecuteCmdlet() { if (Force || ShouldContinue($"Approve request {RequestId.Id}?", "Continue")) { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); var request = servicePrincipal.PermissionRequests.GetById(RequestId.Id); var grant = request.Approve(); ClientContext.Load(grant); ClientContext.ExecuteQueryRetry(); WriteObject(new TenantServicePrincipalPermissionGrant(grant)); } }
protected override void ExecuteCmdlet() { if (ShouldContinue("Do you want to enable the Tenant Service Principal?", "Continue?")) { var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext); servicePrincipal.AccountEnabled = true; servicePrincipal.Update(); ClientContext.Load(servicePrincipal); ClientContext.ExecuteQueryRetry(); WriteObject(servicePrincipal); } }
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation) { if (template.Tenant != null && template.Tenant.WebApiPermissions != null) { if (template.Tenant.WebApiPermissions.Any()) { using (var tenantContext = web.Context.Clone(web.GetTenantAdministrationUrl(), applyingInformation.AccessTokens)) { var servicePrincipal = new SPOWebAppServicePrincipal(tenantContext); //var requests = servicePrincipal.PermissionRequests; var requestsEnumerable = tenantContext.LoadQuery(servicePrincipal.PermissionRequests); var grantsEnumerable = tenantContext.LoadQuery(servicePrincipal.PermissionGrants); tenantContext.ExecuteQueryRetry(); var requests = requestsEnumerable.ToList(); foreach (var permission in template.Tenant.WebApiPermissions) { var request = requests.FirstOrDefault(r => r.Scope.Equals(permission.Scope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(permission.Resource, StringComparison.InvariantCultureIgnoreCase)); while (request != null) { if (grantsEnumerable.FirstOrDefault(g => g.Resource.Equals(permission.Resource, StringComparison.InvariantCultureIgnoreCase) && g.Scope.ToLower().Contains(permission.Scope.ToLower())) == null) { var requestToApprove = servicePrincipal.PermissionRequests.GetById(request.Id); tenantContext.Load(requestToApprove); tenantContext.ExecuteQueryRetry(); try { requestToApprove.Approve(); tenantContext.ExecuteQueryRetry(); } catch (Exception ex) { WriteMessage(ex.Message, ProvisioningMessageType.Warning); } } requests.Remove(request); request = requests.FirstOrDefault(r => r.Scope.Equals(permission.Scope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(permission.Resource, StringComparison.InvariantCultureIgnoreCase)); } } } } } return(parser); }
public static TokenParser ProcessWebApiPermissions(Tenant tenant, ProvisioningTenant provisioningTenant, TokenParser parser, PnPMonitoredScope scope, ProvisioningMessagesDelegate messagesDelegate) { if (provisioningTenant.WebApiPermissions != null && provisioningTenant.WebApiPermissions.Any()) { messagesDelegate?.Invoke("Processing WebApiPermissions", ProvisioningMessageType.Progress); var servicePrincipal = new SPOWebAppServicePrincipal(tenant.Context); //var requests = servicePrincipal.PermissionRequests; var requestsEnumerable = tenant.Context.LoadQuery(servicePrincipal.PermissionRequests); var grantsEnumerable = tenant.Context.LoadQuery(servicePrincipal.PermissionGrants); tenant.Context.ExecuteQueryRetry(); var requests = requestsEnumerable.ToList(); foreach (var permission in provisioningTenant.WebApiPermissions) { var parsedScope = parser.ParseString(permission.Scope); var parsedResource = parser.ParseString(permission.Resource); var request = requests.FirstOrDefault(r => r.Scope.Equals(parsedScope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(parsedResource, StringComparison.InvariantCultureIgnoreCase)); while (request != null) { if (grantsEnumerable.FirstOrDefault(g => g.Resource.Equals(parsedResource, StringComparison.InvariantCultureIgnoreCase) && g.Scope.ToLower().Contains(parsedScope.ToLower())) == null) { var requestToApprove = servicePrincipal.PermissionRequests.GetById(request.Id); tenant.Context.Load(requestToApprove); tenant.Context.ExecuteQueryRetry(); try { requestToApprove.Approve(); tenant.Context.ExecuteQueryRetry(); } catch (Exception ex) { messagesDelegate?.Invoke(ex.Message, ProvisioningMessageType.Warning); } } requests.Remove(request); request = requests.FirstOrDefault(r => r.Scope.Equals(parsedScope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(parsedResource, StringComparison.InvariantCultureIgnoreCase)); } } } return(parser); }
protected override void ExecuteCmdlet() { var tenantUrl = UrlUtilities.GetTenantAdministrationUrl(ClientContext.Url); using (var tenantContext = ClientContext.Clone(tenantUrl)) { var spoWebAppServicePrincipal = new SPOWebAppServicePrincipal(tenantContext); var appId = spoWebAppServicePrincipal.EnsureProperty(a => a.AppId); var results = GraphHelper.GetAsync <RestResultCollection <ServicePrincipal> >(this.HttpClient, $"/v1.0/servicePrincipals?$filter=appId eq '{appId}'&$select=id", AccessToken).GetAwaiter().GetResult(); if (results.Items.Any()) { var servicePrincipal = results.Items.First(); spoWebAppServicePrincipal.GrantManager.Add(servicePrincipal.Id, Resource, Scope); tenantContext.ExecuteQueryRetry(); } else { throw new PSInvalidOperationException("Cannot find the 'SharePoint Online Client Extensibility Web Application Principal' in your Azure AD Enterprise applications. Did you enable it using `Enable-PnPTenantServicePrincipal'?"); } } }