Skip to content

Commit 9091360

Browse files
subray2014subray2014
committed
Stash
1 parent 762c6a0 commit 9091360

File tree

2 files changed

+86
-31
lines changed

2 files changed

+86
-31
lines changed

src/Teams/beta/custom/RscConfigurationSynthesizer.cs

Lines changed: 47 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -84,33 +84,54 @@ internal MicrosoftGraphRscConfiguration ConvertToChatRscConfiguration(
8484

8585
if (teamsAppSettings.IsChatResourceSpecificConsentEnabled == true)
8686
{
87-
if (assignedPermissionGrantPoliciesApplicableToChatScope.Any())
88-
{
89-
this.LogVerbose(
90-
"Chat RSC is enabled in Teams App Settings and chat scoped permission grant policies are enabled. Not a supported scenario.",
91-
eventListener);
92-
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.Custom;
93-
}
94-
else
95-
{
96-
this.LogVerbose("Chat RSC is enabled in Teams App Settings.", eventListener);
97-
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
98-
}
87+
this.LogVerbose("Chat RSC is enabled in Teams App Settings.", eventListener);
88+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
9989
}
10090
else if (assignedPermissionGrantPoliciesApplicableToChatScope.Any())
10191
{
102-
if (assignedPermissionGrantPoliciesApplicableToChatScope.Any(pgp => !string.Equals(
103-
pgp.ManagePermissionGrantsForOwnedResourcePrefixedId,
104-
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForPreapprovedAppsForChats,
105-
StringComparison.OrdinalIgnoreCase)))
92+
int interestingPermissionGrantPolicyCount = assignedPermissionGrantPoliciesApplicableToChatScope.Count();
93+
94+
if (interestingPermissionGrantPolicyCount > 1)
10695
{
107-
this.LogVerbose("Unknown chat scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
96+
this.LogVerbose("Multiple chat scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
10897
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.Custom;
10998
}
99+
else if (interestingPermissionGrantPolicyCount == 0)
100+
{
101+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.DisabledForAllApps;
102+
}
110103
else
111104
{
112-
this.LogVerbose("Authorization policy contains permission grant policy for chat RSC preapprovals.", eventListener);
113-
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly;
105+
MGTeamsInternalPermissionGrantPolicy interestingPermissionGrantPolicy =
106+
assignedPermissionGrantPoliciesApplicableToChatScope.Single();
107+
108+
if (string.Equals(
109+
interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
110+
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForAllAppsForChats,
111+
StringComparison.OrdinalIgnoreCase))
112+
{
113+
this.LogVerbose("Authorization policy contains permission grant policy for all chat RSC applications.", eventListener);
114+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
115+
}
116+
else if (string.Equals(
117+
interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
118+
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForPreapprovedAppsForChats,
119+
StringComparison.OrdinalIgnoreCase))
120+
{
121+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly;
122+
}
123+
else if (string.Equals(
124+
interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
125+
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyManagedByMicrosoftForChats,
126+
StringComparison.OrdinalIgnoreCase))
127+
{
128+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.ManagedByMicrosoft;
129+
}
130+
else
131+
{
132+
this.LogVerbose("Unknown chat scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
133+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.Custom;
134+
}
114135
}
115136
}
116137
else
@@ -169,7 +190,6 @@ internal IMicrosoftGraphRscConfiguration ConvertToTeamRscConfiguration(
169190
}
170191
else if (interestingPermissionGrantPolicyCount == 0)
171192
{
172-
this.LogVerbose("Team scope RSC is disabled.", eventListener);
173193
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.DisabledForAllApps;
174194
}
175195
else
@@ -180,17 +200,22 @@ internal IMicrosoftGraphRscConfiguration ConvertToTeamRscConfiguration(
180200
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForAllAppsForTeams,
181201
StringComparison.OrdinalIgnoreCase))
182202
{
183-
this.LogVerbose("Authorization policy contains permission grant policy for all application permissions for teams.", eventListener);
184203
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
185204
}
186205
else if (string.Equals(
187206
interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
188207
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForPreapprovedAppsForTeams,
189208
StringComparison.OrdinalIgnoreCase))
190209
{
191-
this.LogVerbose("Authorization policy contains permission grant policy for team RSC preapprovals.", eventListener);
192210
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly;
193211
}
212+
else if (string.Equals(
213+
interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
214+
RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyManagedByMicrosoftForTeams,
215+
StringComparison.OrdinalIgnoreCase))
216+
{
217+
microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.ManagedByMicrosoft;
218+
}
194219
else
195220
{
196221
this.LogVerbose("Unknown group scoped permission grant policies are enabled. Not a supported scenario.", eventListener);

src/Teams/beta/custom/SetMgBetaChatRscConfiguration_Update.cs

Lines changed: 39 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,16 @@ await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
291291
}
292292
else if (this.State == MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly)
293293
{
294+
// Disable chat RSC Teams Setting.
295+
await this.Client.UpdateTeamsAppSettings(
296+
isChatResourceSpecificConsentEnabled: false,
297+
eventListener: this,
298+
sender: Pipeline);
299+
300+
WriteVerbose($"Disabled Chat RSC Teams setting.");
301+
302+
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
303+
294304
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
295305
// Microsoft created.policy enabling pre-approvals.
296306
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
@@ -306,7 +316,9 @@ await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
306316
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
307317

308318
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
309-
319+
}
320+
else if (this.State == MicrosoftGraphRscConfigurationState.ManagedByMicrosoft)
321+
{
310322
// Disable chat RSC Teams Setting.
311323
await this.Client.UpdateTeamsAppSettings(
312324
isChatResourceSpecificConsentEnabled: false,
@@ -316,30 +328,48 @@ await this.Client.UpdateTeamsAppSettings(
316328
WriteVerbose($"Disabled Chat RSC Teams setting.");
317329

318330
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
331+
332+
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
333+
// Microsoft created.policy enabling pre-approvals.
334+
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
335+
.Except(
336+
assignedPermissionGrantPoliciesApplicableToChatScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
337+
StringComparer.OrdinalIgnoreCase)
338+
.Union(new string[] { RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyManagedByMicrosoftForChats }, StringComparer.OrdinalIgnoreCase);
339+
await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
340+
updatedPermissionGrantPolicies,
341+
this,
342+
Pipeline);
343+
344+
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
345+
346+
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
319347
}
320348
else if (this.State == MicrosoftGraphRscConfigurationState.EnabledForAllApps)
321349
{
322-
// Enable chat RSC Teams Setting.
350+
// Disable chat RSC Teams Setting.
323351
await this.Client.UpdateTeamsAppSettings(
324-
isChatResourceSpecificConsentEnabled: true,
352+
isChatResourceSpecificConsentEnabled: false,
325353
eventListener: this,
326354
sender: Pipeline);
327355

328-
WriteVerbose($"Enabled Chat RSC Teams setting.");
356+
WriteVerbose($"Disabled Chat RSC Teams setting.");
329357

330358
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
331359

332-
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope.
333-
IEnumerable<string> existingPermissionGrantPoliciesExceptChatScopePolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
360+
// Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
361+
// Microsoft created.policy enabling permissions for all apps.
362+
IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
334363
.Except(
335364
assignedPermissionGrantPoliciesApplicableToChatScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
336-
StringComparer.OrdinalIgnoreCase);
365+
StringComparer.OrdinalIgnoreCase)
366+
.Union(new string[] { RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForAllAppsForChats }, StringComparer.OrdinalIgnoreCase);
337367
await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
338-
existingPermissionGrantPoliciesExceptChatScopePolicies,
368+
updatedPermissionGrantPolicies,
339369
this,
340370
Pipeline);
341371

342-
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", existingPermissionGrantPoliciesExceptChatScopePolicies)}'.");
372+
WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
343373

344374
if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
345375
}

0 commit comments

Comments
 (0)