src/cmdlets/common/ConsentHelper.ps1
# Copyright 2019, Adam Edwards # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. . (import-script DisplayTypeFormatter) ScriptClass ConsentHelper { static { const CONSENT_DISPLAY_TYPE GraphConsentDisplayType $formatter = $null function __initialize { $this.formatter = new-so DisplayTypeFormatter $CONSENT_DISPLAY_TYPE 'PermissionType', 'StartTime', 'GrantedTo', 'Permission' __RegisterDisplayType } function ToDisplayableObject($object, $targetAppId, $targetServicePrincipalId) { $consentEntries = @() $isOAuth2PermissionGrant = !(!($object | gm -erroraction ignore clientid)) if ( $isOAuth2PermissionGrant ) { $startTime = if ( $object | gm startTime -erroraction ignore ) { $object.startTime } $expiryTime = if ( $object | gm expiryTime -erroraction ignore ) { $object.expiryTime } $startTimeOffset = if ( $startTime ) { $::.DisplayTypeFormatter |=> UtcTimeStringToDateTimeOffset $startTime $true } $expiryTimeOffset = if ( $expiryTime ) { $::.DisplayTypeFormatter |=> UtcTimeStringToDateTimeOffset $expiryTime $true } $grantedTo = if ( $object.consentType -eq 'AllPrincipals' ) { 'AllPrincipals' } else { $object.PrincipalId } $scopes = $object.scope -split ' ' foreach ( $scope in $scopes ) { if ( $scope ) { $consentEntries += [PSCustomObject] @{ AppId = $targetAppId PermissionType = 'Delegated' Permission = $scope GrantedTo = $grantedTo ServicePrincipalId = $targetServicePrincipalId StartTime = $startTimeOffset GraphResource = $object } } } } else { $roleName = $::.ScopeHelper |=> GraphPermissionIdToName $object.appRoleId role $null $true $permissionDisplayName = if ( $roleName ) { $roleName } else { $appRoleId } $creationTimeOffset = if ( $object | gm creationTimeStamp -erroraction ignore ) { $::.DisplayTypeFormatter |=> UtcTimeStringToDateTimeOffset $object.creationTimestamp $true } $principalId = if ( $object | gm PrincipalId -erroraction ignore ) { $object.PrincipalId } $consentEntries += [PSCustomObject] @{ AppId = $targetAppId PermissionType = 'Application' Permission = $permissionDisplayName GrantedTo = $object.PrincipalId ServicePrincipalId = $targetServicePrincipalId StartTime = $creationTimeOffset GraphResource = $object } } foreach ( $consentEntry in $consentEntries ) { $consentEntry.pstypenames.insert(0, $CONSENT_DISPLAY_TYPE) $consentEntry } } function __RegisterDisplayType { $typeProperties = @( 'AppId' 'PermissionType' 'Permission' 'GrantedTo' 'ServicePrincipalId' 'StartTime' ) $::.DisplayTypeFormatter |=> RegisterDisplayType $CONSENT_DISPLAY_TYPE $typeProperties $true } } } $::.ConsentHelper |=> __initialize |