Skip to content

Commit 6250ed2

Browse files
subray2014subray2014
committed
Comments.
1 parent 98bcb7c commit 6250ed2

File tree

2 files changed

+20
-18
lines changed

2 files changed

+20
-18
lines changed

src/Teams/beta/custom/SetMgBetaChatRscConfiguration_Update.cs

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -276,22 +276,23 @@ await this.Client.UpdateTeamsAppSettings(
276276

277277
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
278278

279-
// Disable preapproval configs.
280-
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
279+
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope.
280+
IEnumerable<string> existingPermissionGrantPoliciesExceptChatScopePolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
281281
.Except(assignedPermissionGrantPoliciesApplicableToChatScope
282282
.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId), StringComparer.OrdinalIgnoreCase);
283283
await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
284-
updatedPermissionGrantPolicies,
284+
existingPermissionGrantPoliciesExceptChatScopePolicies,
285285
this,
286286
Pipeline);
287287

288-
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
288+
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", existingPermissionGrantPoliciesExceptChatScopePolicies)}'.");
289289

290290
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
291291
}
292292
else if (this.State == MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly)
293293
{
294-
// Enable preapproval configs.
294+
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
295+
// Microsoft created.policy enabling pre-approvals.
295296
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
296297
.Except(
297298
assignedPermissionGrantPoliciesApplicableToChatScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
@@ -328,17 +329,17 @@ await this.Client.UpdateTeamsAppSettings(
328329

329330
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
330331

331-
// Disable preapproval configs.
332-
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
332+
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope.
333+
IEnumerable<string> existingPermissionGrantPoliciesExceptChatScopePolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
333334
.Except(
334335
assignedPermissionGrantPoliciesApplicableToChatScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
335336
StringComparer.OrdinalIgnoreCase);
336337
await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
337-
updatedPermissionGrantPolicies,
338+
existingPermissionGrantPoliciesExceptChatScopePolicies,
338339
this,
339340
Pipeline);
340341

341-
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
342+
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", existingPermissionGrantPoliciesExceptChatScopePolicies)}'.");
342343

343344
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
344345
}

src/Teams/beta/custom/SetMgBetaTeamRscConfiguration_Update.cs

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -282,23 +282,24 @@ await this.AddOrUpdateGroupConsentSettings(
282282

283283
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
284284

285-
// Disable preapproval/permission grant policies applicable to Teams.
286-
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
285+
// Remove all permission grant policies assigned to default user role permissions which are relevant to team scope.
286+
IEnumerable<string> existingPermissionGrantPoliciesExceptTeamScopePolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
287287
.Except(
288288
assignedPermissionGrantPoliciesApplicableToTeamScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
289289
StringComparer.OrdinalIgnoreCase);
290290
await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
291-
updatedPermissionGrantPolicies,
291+
existingPermissionGrantPoliciesExceptTeamScopePolicies,
292292
this,
293293
Pipeline);
294294

295-
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
295+
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", existingPermissionGrantPoliciesExceptTeamScopePolicies)}'.");
296296

297297
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
298298
}
299299
else if (this.State == MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly)
300300
{
301-
// Enable preapproval configs.
301+
// Remove all permission grant policies assigned to default user role permissions which are relevant to team scope and add
302+
// Microsoft created.policy enabling pre-approvals.
302303
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
303304
.Except(
304305
assignedPermissionGrantPoliciesApplicableToTeamScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
@@ -333,17 +334,17 @@ await this.AddOrUpdateGroupConsentSettings(
333334

334335
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
335336

336-
// Disable preapproval/permission grant policies applicable to Teams.
337-
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
337+
// Remove all permission grant policies assigned to default user role permissions which are relevant to team scope.
338+
IEnumerable<string> existingPermissionGrantPoliciesExceptTeamScopePolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
338339
.Except(
339340
assignedPermissionGrantPoliciesApplicableToTeamScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
340341
StringComparer.OrdinalIgnoreCase);
341342
await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
342-
updatedPermissionGrantPolicies,
343+
existingPermissionGrantPoliciesExceptTeamScopePolicies,
343344
this,
344345
Pipeline);
345346

346-
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
347+
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", existingPermissionGrantPoliciesExceptTeamScopePolicies)}'.");
347348

348349
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
349350
}

0 commit comments

Comments
 (0)