Power app permissions

CHANGELOG.md

@@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Added `Add-PnPBrandCenterFontPackage` cmdlet to allow creating a font package in the Brand Center [#4970](https://github.com/pnp/powershell/pull/4970)
 - Added support for `-FederatedIdentity` in `Connect-PnPOnline` to support Federated Identity.
 - Added support for SSO in WSL (Windows Subsystem for Linux) and Linux distributions. You can now use `Connect-PnPOnline` with `-OSLogin` which helps with more secure auth such as FIDO, Conditional Access policies etc.
+- Added `Get-PnPPowerAppPermission` cmdlet to retrieve the permissions for a specific Power App [#5030](https://github.com/pnp/powershell/pull/5030)
 
 ### Changed
 - Improved `Get-PnPTerm` cmdlet to show a better error message. [#4933](https://github.com/pnp/powershell/pull/4933)

documentation/Get-PnPPowerAppPermission.md

@@ -0,0 +1,134 @@
+---
+Module Name: PnP.PowerShell
+schema: 2.0.0
+applicable: SharePoint Online
+online version: https://pnp.github.io/powershell/cmdlets/Get-PnPPowerAppPermission.html
+external help file: PnP.PowerShell.dll-Help.xml
+title: Get-PnPPowerAppPermission
+---
+
+# Get-PnPPowerAppPermission
+
+## SYNOPSIS
+
+**Required Permissions**
+
+* Azure: management.azure.com  
+* PowerApps: service.powerapps.com
+
+Returns the list of permissions assigned to a specified Power App.
+
+## SYNTAX
+
+```powershell
+Get-PnPPowerAppPermission [-Environment <PowerPlatformEnvironmentPipeBind>] [-AsAdmin] -Identity <PowerAppPipeBind> 
+[-Connection <PnPConnection>] [-Verbose]
+```
+
+## DESCRIPTION
+
+This cmdlet returns the list of user or group permissions granted to a specific Power App.
+
+## EXAMPLES
+
+### Example 1
+
+```powershell
+Get-PnPPowerAppPermission -Identity "bde2239e-fabc-42ad-9c9e-72323413b1b0"
+```
+
+Returns the list of permissions for the specified Power App in the default environment.
+
+### Example 2
+
+```powershell
+Get-PnPPowerAppPermission -Environment (Get-PnPPowerPlatformEnvironment -Identity "myenvironment") -Identity "bde2239e-fabc-42ad-9c9e-72323413b1b0" -AsAdmin
+```
+
+Returns the list of permissions for the specified Power App in the given environment using admin context.
+
+## PARAMETERS
+
+### -Environment
+
+The name of the Power Platform environment or an Environment instance. If omitted, the default environment will be used.
+
+```yaml
+Type: PowerPlatformEnvironmentPipeBind
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: The default environment
+Accept pipeline input: True
+Accept wildcard characters: False
+```
+
+### -AsAdmin
+
+If specified, returns permissions using admin privileges. If not specified, only permissions for the current user will be returned.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Identity
+
+The ID or instance of the Power App to retrieve permissions for.
+
+```yaml
+Type: PowerAppPipeBind
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Connection
+
+Optional connection to be used by the cmdlet.  
+Retrieve the value for this parameter by either specifying `-ReturnConnection` on `Connect-PnPOnline` or by executing `Get-PnPConnection`.
+
+```yaml
+Type: PnPConnection
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Verbose
+
+When provided, additional debug statements will be shown while executing the cmdlet.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+## RELATED LINKS
+
+[Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

resources/PnP.PowerShell.Format.ps1xml

@@ -3252,6 +3252,6 @@
           </TableRowEntry>
         </TableRowEntries>
       </TableControl>
-    </View>          
+    </View>  
   </ViewDefinitions>
 </Configuration>

src/Commands/Model/PowerPlatform/PowerApp/PowerAppPermission.cs

@@ -0,0 +1,14 @@
+
+namespace PnP.PowerShell.Commands.Model.PowerPlatform.PowerApp
+{
+    /// <summary>
+    /// Definition of a permission set for a Power App
+    /// </summary>
+    public class PowerAppPermission
+    {
+        public string Name { get; set; }
+        public string Id { get; set; }
+        public string Type { get; set; }
+        public PowerAppPermissionsProperties Properties { get; set; }
+    }
+}

src/Commands/Model/PowerPlatform/PowerApp/PowerAppPermissionsPrincipal.cs

@@ -0,0 +1,13 @@
+
+namespace PnP.PowerShell.Commands.Model.PowerPlatform.PowerApp
+{
+    public class PowerAppPermissionsPrincipal
+    {
+        public string Id { get; set; }
+        public string DisplayName { get; set; }
+        public string Email { get; set; }
+        public string Type { get; set; }
+        public string TenantId { get; set; }
+        public string PreferredLanguage { get; set; }
+    }
+}

src/Commands/Model/PowerPlatform/PowerApp/PowerAppPermissionsProperties.cs

@@ -0,0 +1,15 @@
+using System;
+
+namespace PnP.PowerShell.Commands.Model.PowerPlatform.PowerApp
+{
+    public class PowerAppPermissionsProperties
+    {
+        public string RoleName { get; set; }
+        public PowerAppPermissionsPrincipal Principal { get; set; }
+        public string Scope { get; set; }
+        public string NotifyShareTargetOption { get; set; }
+        public bool InviteGuestToTenant { get; set; }
+        public DateTime CreatedOn { get; set; }
+        public string CreatedBy { get; set; }
+    }
+}

src/Commands/PowerPlatform/PowerApps/GetPowerAppPermission.cs

@@ -0,0 +1,57 @@
+using PnP.PowerShell.Commands.Base;
+using PnP.PowerShell.Commands.Base.PipeBinds;
+using PnP.PowerShell.Commands.Utilities;
+using System;
+using System.Linq;
+using System.Management.Automation;
+
+namespace PnP.PowerShell.Commands.PowerPlatform.PowerApps
+{
+    [Cmdlet(VerbsCommon.Get, "PnPPowerAppPermission")]
+    [OutputType(typeof(Model.PowerPlatform.PowerApp.PowerApp))]
+    public class GetPowerAppPermission : PnPAzureManagementApiCmdlet
+    {
+        [Parameter(Mandatory = false, ValueFromPipeline = true)]
+        public PowerPlatformEnvironmentPipeBind Environment;
+
+        [Parameter(Mandatory = false)]
+        public SwitchParameter AsAdmin;
+
+        [Parameter(Mandatory = true, ValueFromPipeline = true)]
+        public PowerAppPipeBind Identity;
+
+        protected override void ExecuteCmdlet()
+        {
+            string environmentName;
+            string powerAppsUrl = PowerPlatformUtility.GetPowerAppsEndpoint(Connection.AzureEnvironment);
+            if (ParameterSpecified(nameof(Environment)))
+            {
+                environmentName = Environment.GetName();
+
+                WriteVerbose($"Using environment as provided '{environmentName}'");
+            }
+            else
+            {
+                environmentName = ParameterSpecified(nameof(Environment)) ? Environment.GetName() : PowerPlatformUtility.GetDefaultEnvironment(ArmRequestHelper, Connection.AzureEnvironment)?.Name;
+
+                if (string.IsNullOrEmpty(environmentName))
+                {
+                    throw new Exception($"No default environment found, please pass in a specific environment name using the {nameof(Environment)} parameter");
+                }
+
+                WriteVerbose($"Using default environment as retrieved '{environmentName}'");
+            }
+
+            if (ParameterSpecified(nameof(Identity)))
+            {
+                var appName = Identity.GetName();
+
+                WriteVerbose($"Retrieving specific PowerApp permissions with the provided name '{appName}' within the environment '{environmentName}'");
+
+                var result = PowerAppsRequestHelper.GetResultCollection<Model.PowerPlatform.PowerApp.PowerAppPermission>($"{powerAppsUrl}/providers/Microsoft.PowerApps{(AsAdmin ? "/scopes/admin/environments/" + environmentName : "")}/apps/{appName}/permissions?api-version=2022-11-01");
+
+                WriteObject(result.Select(p => p.Properties), true);
+            }
+        }
+    }
+}