protected override void ExecuteCmdlet()
{
var packageName = $"pnp-temporary-request-{System.Guid.NewGuid()}";
var appCatalog = Tenant.GetAppCatalog();
using (var appCatalogContext = ClientContext.Clone(appCatalog))
{
var list = appCatalogContext.Web.Lists.GetByTitle("Web Api Permission Requests");
var itemCI = new ListItemCreationInformation();
var item = list.AddItem(itemCI);
item["_ows_PackageName"] = packageName;
item["_ows_PackageVersion"] = "0.0.0.0";
item["_ows_Scope"] = Scope;
item["_ows_ResourceId"] = Resource;
item.Update();
appCatalogContext.ExecuteQueryRetry();
}
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
var requests = ClientContext.LoadQuery(servicePrincipal.PermissionRequests.Where(r => r.PackageName == packageName));
ClientContext.ExecuteQueryRetry();
if (requests.Any())
{
var newRequest = requests.First();
var request = servicePrincipal.PermissionRequests.GetById(newRequest.Id);
var grant = request.Approve();
ClientContext.Load(grant);
ClientContext.ExecuteQueryRetry();
WriteObject(new TenantServicePrincipalPermissionGrant(grant));
}
}
protected override void ExecuteCmdlet()
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
ClientContext.Load(servicePrincipal);
ClientContext.ExecuteQueryRetry();
WriteObject(servicePrincipal);
}
protected override void ExecuteCmdlet()
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
var requests = servicePrincipal.PermissionRequests;
ClientContext.Load(requests);
ClientContext.ExecuteQueryRetry();
WriteObject(requests, true);
}
protected override void ExecuteCmdlet()
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
var permissionGrants = servicePrincipal.PermissionGrants;
ClientContext.Load(permissionGrants);
ClientContext.ExecuteQueryRetry();
WriteObject(permissionGrants.Select(g => new TenantServicePrincipalPermissionGrant(g)), true);
}
protected override void ExecuteCmdlet()
{
if (Force || ShouldContinue($"Deny request {RequestId}?", "Continue"))
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
var request = servicePrincipal.PermissionRequests.GetById(RequestId);
request.Deny();
ClientContext.ExecuteQueryRetry();
}
}
protected override void ExecuteCmdlet()
{
if (Force || ShouldContinue("Revoke permission?", "Continue"))
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
var grant = servicePrincipal.PermissionGrants.GetByObjectId(ObjectId);
grant.DeleteObject();
ClientContext.ExecuteQuery();
}
}
protected override void ExecuteCmdlet()
{
if (Force || ShouldContinue($"Approve request {RequestId.Id}?", "Continue"))
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
var request = servicePrincipal.PermissionRequests.GetById(RequestId.Id);
var grant = request.Approve();
ClientContext.Load(grant);
ClientContext.ExecuteQueryRetry();
WriteObject(new TenantServicePrincipalPermissionGrant(grant));
}
}
protected override void ExecuteCmdlet()
{
if (ShouldContinue("Do you want to enable the Tenant Service Principal?", "Continue?"))
{
var servicePrincipal = new SPOWebAppServicePrincipal(ClientContext);
servicePrincipal.AccountEnabled = true;
servicePrincipal.Update();
ClientContext.Load(servicePrincipal);
ClientContext.ExecuteQueryRetry();
WriteObject(servicePrincipal);
}
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
if (template.Tenant != null && template.Tenant.WebApiPermissions != null)
{
if (template.Tenant.WebApiPermissions.Any())
{
using (var tenantContext = web.Context.Clone(web.GetTenantAdministrationUrl(), applyingInformation.AccessTokens))
{
var servicePrincipal = new SPOWebAppServicePrincipal(tenantContext);
//var requests = servicePrincipal.PermissionRequests;
var requestsEnumerable = tenantContext.LoadQuery(servicePrincipal.PermissionRequests);
var grantsEnumerable = tenantContext.LoadQuery(servicePrincipal.PermissionGrants);
tenantContext.ExecuteQueryRetry();
var requests = requestsEnumerable.ToList();
foreach (var permission in template.Tenant.WebApiPermissions)
{
var request = requests.FirstOrDefault(r => r.Scope.Equals(permission.Scope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(permission.Resource, StringComparison.InvariantCultureIgnoreCase));
while (request != null)
{
if (grantsEnumerable.FirstOrDefault(g => g.Resource.Equals(permission.Resource, StringComparison.InvariantCultureIgnoreCase) && g.Scope.ToLower().Contains(permission.Scope.ToLower())) == null)
{
var requestToApprove = servicePrincipal.PermissionRequests.GetById(request.Id);
tenantContext.Load(requestToApprove);
tenantContext.ExecuteQueryRetry();
try
{
requestToApprove.Approve();
tenantContext.ExecuteQueryRetry();
}
catch (Exception ex)
{
WriteMessage(ex.Message, ProvisioningMessageType.Warning);
}
}
requests.Remove(request);
request = requests.FirstOrDefault(r => r.Scope.Equals(permission.Scope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(permission.Resource, StringComparison.InvariantCultureIgnoreCase));
}
}
}
}
}
return(parser);
}
public static TokenParser ProcessWebApiPermissions(Tenant tenant, ProvisioningTenant provisioningTenant, TokenParser parser, PnPMonitoredScope scope, ProvisioningMessagesDelegate messagesDelegate)
{
if (provisioningTenant.WebApiPermissions != null && provisioningTenant.WebApiPermissions.Any())
{
messagesDelegate?.Invoke("Processing WebApiPermissions", ProvisioningMessageType.Progress);
var servicePrincipal = new SPOWebAppServicePrincipal(tenant.Context);
//var requests = servicePrincipal.PermissionRequests;
var requestsEnumerable = tenant.Context.LoadQuery(servicePrincipal.PermissionRequests);
var grantsEnumerable = tenant.Context.LoadQuery(servicePrincipal.PermissionGrants);
tenant.Context.ExecuteQueryRetry();
var requests = requestsEnumerable.ToList();
foreach (var permission in provisioningTenant.WebApiPermissions)
{
var parsedScope = parser.ParseString(permission.Scope);
var parsedResource = parser.ParseString(permission.Resource);
var request = requests.FirstOrDefault(r => r.Scope.Equals(parsedScope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(parsedResource, StringComparison.InvariantCultureIgnoreCase));
while (request != null)
{
if (grantsEnumerable.FirstOrDefault(g => g.Resource.Equals(parsedResource, StringComparison.InvariantCultureIgnoreCase) && g.Scope.ToLower().Contains(parsedScope.ToLower())) == null)
{
var requestToApprove = servicePrincipal.PermissionRequests.GetById(request.Id);
tenant.Context.Load(requestToApprove);
tenant.Context.ExecuteQueryRetry();
try
{
requestToApprove.Approve();
tenant.Context.ExecuteQueryRetry();
}
catch (Exception ex)
{
messagesDelegate?.Invoke(ex.Message, ProvisioningMessageType.Warning);
}
}
requests.Remove(request);
request = requests.FirstOrDefault(r => r.Scope.Equals(parsedScope, StringComparison.InvariantCultureIgnoreCase) && r.Resource.Equals(parsedResource, StringComparison.InvariantCultureIgnoreCase));
}
}
}
return(parser);
}
protected override void ExecuteCmdlet()
{
var tenantUrl = UrlUtilities.GetTenantAdministrationUrl(ClientContext.Url);
using (var tenantContext = ClientContext.Clone(tenantUrl))
{
var spoWebAppServicePrincipal = new SPOWebAppServicePrincipal(tenantContext);
var appId = spoWebAppServicePrincipal.EnsureProperty(a => a.AppId);
var results = GraphHelper.GetAsync <RestResultCollection <ServicePrincipal> >(this.HttpClient, $"/v1.0/servicePrincipals?$filter=appId eq '{appId}'&$select=id", AccessToken).GetAwaiter().GetResult();
if (results.Items.Any())
{
var servicePrincipal = results.Items.First();
spoWebAppServicePrincipal.GrantManager.Add(servicePrincipal.Id, Resource, Scope);
tenantContext.ExecuteQueryRetry();
}
else
{
throw new PSInvalidOperationException("Cannot find the 'SharePoint Online Client Extensibility Web Application Principal' in your Azure AD Enterprise applications. Did you enable it using `Enable-PnPTenantServicePrincipal'?");
}
}
}
