From 65f61bb50f57ff8091de53a771f619236b82db0a Mon Sep 17 00:00:00 2001 From: Nishkalank Bezawada <47456098+NishkalankBezawada@users.noreply.github.com> Date: Mon, 28 Oct 2024 19:53:29 +0100 Subject: [PATCH] Add warning to Get-PnPFlow command about required permissions (#4474) * Add warning to Get-PnPFlow command about required permissions * Added requiredApiDelegatedPermissions --------- Co-authored-by: Gautam Sheth --- documentation/Get-PnPFlow.md | 4 ++ .../PowerPlatform/PowerAutomate/GetFlow.cs | 67 +++++++++++-------- 2 files changed, 43 insertions(+), 28 deletions(-) diff --git a/documentation/Get-PnPFlow.md b/documentation/Get-PnPFlow.md index 8f1fa5532..4e464a06a 100644 --- a/documentation/Get-PnPFlow.md +++ b/documentation/Get-PnPFlow.md @@ -14,6 +14,10 @@ title: Get-PnPFlow **Required Permissions** * Azure: management.azure.com +* Azure Service Management : user_impersonation +* Dynamics CRM : user_impersonation +* PowerApps Service : User +* Link to Required permissions reference : https://pnp.github.io/powershell/articles/determinepermissions.html#help-i-cant-figure-out-which-permissions-i-need Returns Power Automate Flows diff --git a/src/Commands/PowerPlatform/PowerAutomate/GetFlow.cs b/src/Commands/PowerPlatform/PowerAutomate/GetFlow.cs index d64ab73a3..2d520d461 100644 --- a/src/Commands/PowerPlatform/PowerAutomate/GetFlow.cs +++ b/src/Commands/PowerPlatform/PowerAutomate/GetFlow.cs @@ -4,10 +4,14 @@ using System.Management.Automation; using PnP.PowerShell.Commands.Enums; using PnP.PowerShell.Commands.Utilities; +using PnP.PowerShell.Commands.Attributes; +using System; namespace PnP.PowerShell.Commands.PowerPlatform.PowerAutomate { [Cmdlet(VerbsCommon.Get, "PnPFlow", DefaultParameterSetName = ParameterSet_ALL)] + [ApiNotAvailableUnderApplicationPermissions] + [RequiredApiDelegatedPermissions("azure/user_impersonation")] public class GetFlow : PnPAzureManagementApiCmdlet { private const string ParameterSet_BYIDENTITY = "By Identity"; @@ -29,43 +33,50 @@ public class GetFlow : PnPAzureManagementApiCmdlet protected override void ExecuteCmdlet() { - var environmentName = ParameterSpecified(nameof(Environment)) ? Environment.GetName() : PowerPlatformUtility.GetDefaultEnvironment(this, Connection, Connection.AzureEnvironment, AccessToken)?.Name; - string baseUrl = PowerPlatformUtility.GetPowerAutomateEndpoint(Connection.AzureEnvironment); - - if (ParameterSpecified(nameof(Identity))) + try { - var flowName = Identity.GetName(); - - WriteVerbose($"Retrieving specific Power Automate Flow with the provided name '{flowName}' within the environment '{environmentName}'"); + var environmentName = ParameterSpecified(nameof(Environment)) ? Environment.GetName() : PowerPlatformUtility.GetDefaultEnvironment(this, Connection, Connection.AzureEnvironment, AccessToken)?.Name; + string baseUrl = PowerPlatformUtility.GetPowerAutomateEndpoint(Connection.AzureEnvironment); - var result = GraphHelper.Get(this, Connection, baseUrl + $"/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/flows/{flowName}?api-version=2016-11-01", AccessToken); - WriteObject(result, false); - } - else - { - string filter = null; - switch (SharingStatus) + if (ParameterSpecified(nameof(Identity))) { - case FlowSharingStatus.SharedWithMe: - filter = "search('team')"; - break; + var flowName = Identity.GetName(); - case FlowSharingStatus.Personal: - filter = "search('personal')"; - break; + WriteVerbose($"Retrieving specific Power Automate Flow with the provided name '{flowName}' within the environment '{environmentName}'"); - case FlowSharingStatus.All: - filter = "search('team AND personal')"; - break; + var result = GraphHelper.Get(this, Connection, baseUrl + $"/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/flows/{flowName}?api-version=2016-11-01", AccessToken); + WriteObject(result, false); } + else + { + string filter = null; + switch (SharingStatus) + { + case FlowSharingStatus.SharedWithMe: + filter = "search('team')"; + break; + + case FlowSharingStatus.Personal: + filter = "search('personal')"; + break; - WriteVerbose($"Retrieving all Power Automate Flows within environment '{environmentName}'{(filter != null ? $" with filter '{filter}'" : "")}"); + case FlowSharingStatus.All: + filter = "search('team AND personal')"; + break; + } - var flowUrl = $"{baseUrl}/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/{(AsAdmin ? "v2" : "")}/flows?api-version=2016-11-01{(filter != null ? $"&$filter={filter}" : "")}"; - var flows = GraphHelper.GetResultCollection(this, Connection, flowUrl, AccessToken); - - WriteObject(flows, true); + WriteVerbose($"Retrieving all Power Automate Flows within environment '{environmentName}'{(filter != null ? $" with filter '{filter}'" : "")}"); + var flowUrl = $"{baseUrl}/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/{(AsAdmin ? "v2" : "")}/flows?api-version=2016-11-01{(filter != null ? $"&$filter={filter}" : "")}"; + var flows = GraphHelper.GetResultCollection(this, Connection, flowUrl, AccessToken); + + WriteObject(flows, true); + + } + } + catch (Exception e) + { + WriteError(new ErrorRecord(new Exception("Make sure you have granted access to Azure AD App to Interact with Power Platform, To help understand the required permissions visit https://pnp.github.io/powershell/articles/determinepermissions.html#help-i-cant-figure-out-which-permissions-i-need"), e.Message, ErrorCategory.AuthenticationError, null)); } } }