@mindline/sync 1.0.68 → 1.0.70

package/.vs/VSWorkspaceState.json

@@ -2,6 +2,5 @@
   "ExpandedNodes": [
     ""
   ],
-  "SelectedNode": "\\README.md",
   "PreviewInSolutionExplorer": false
 }

package/.vs/sync/v17/DocumentLayout.json

@@ -2,10 +2,6 @@
   "Version": 1,
   "WorkspaceRootPath": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\",
   "Documents": [
-    {
-      "AbsoluteMoniker": "D:0:0:{A2FE74E1-B743-11D0-AE1A-00A0C90FFFC3}|\u003CMiscFiles\u003E|C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\README.md||{EFC0BB08-EA7D-40C6-A696-C870411A895B}",
-      "RelativeMoniker": "D:0:0:{A2FE74E1-B743-11D0-AE1A-00A0C90FFFC3}|\u003CMiscFiles\u003E|solutionrelative:README.md||{EFC0BB08-EA7D-40C6-A696-C870411A895B}"
-    },
     {
       "AbsoluteMoniker": "D:0:0:{A2FE74E1-B743-11D0-AE1A-00A0C90FFFC3}|\u003CMiscFiles\u003E|C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\index.d.ts||{0F2454B1-A556-402D-A7D0-1FDE7F99DEE0}",
       "RelativeMoniker": "D:0:0:{A2FE74E1-B743-11D0-AE1A-00A0C90FFFC3}|\u003CMiscFiles\u003E|solutionrelative:index.d.ts||{0F2454B1-A556-402D-A7D0-1FDE7F99DEE0}"
@@ -64,57 +60,46 @@
         },
         {
           "DockedWidth": 200,
-          "SelectedChildIndex": 0,
+          "SelectedChildIndex": 2,
           "Children": [
             {
               "$type": "Document",
-              "DocumentIndex": 0,
-              "Title": "README.md",
-              "DocumentMoniker": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\README.md",
-              "RelativeDocumentMoniker": "README.md",
-              "ToolTip": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\README.md",
-              "RelativeToolTip": "README.md",
-              "ViewState": "AQIAAAAAAAAAAAAAAAAAABoAAAASAAAA",
-              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.001818|",
-              "WhenOpened": "2024-01-05T21:52:59.93Z",
+              "DocumentIndex": 2,
+              "Title": "hybridspa.ts",
+              "DocumentMoniker": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\hybridspa.ts",
+              "RelativeDocumentMoniker": "hybridspa.ts",
+              "ToolTip": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\hybridspa.ts",
+              "RelativeToolTip": "hybridspa.ts",
+              "ViewState": "AQIAAOcAAAAAAAAAAAAwwBEBAAAHAAAA",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.003213|",
+              "WhenOpened": "2023-11-25T02:18:34.862Z",
               "EditorCaption": ""
             },
             {
               "$type": "Document",
-              "DocumentIndex": 2,
+              "DocumentIndex": 1,
               "Title": "index.ts",
               "DocumentMoniker": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\index.ts",
               "RelativeDocumentMoniker": "index.ts",
               "ToolTip": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\index.ts",
               "RelativeToolTip": "index.ts",
-              "ViewState": "AQIAAMsGAAAAAAAAAAAvwDkHAAABAAAA",
+              "ViewState": "AQIAANgAAAAAAAAAAAAwwO4AAAANAAAA",
               "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.003213|",
-              "WhenOpened": "2023-12-05T02:10:16.04Z"
+              "WhenOpened": "2023-12-05T02:10:16.04Z",
+              "EditorCaption": ""
             },
             {
               "$type": "Document",
-              "DocumentIndex": 1,
+              "DocumentIndex": 0,
               "Title": "index.d.ts",
               "DocumentMoniker": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\index.d.ts",
               "RelativeDocumentMoniker": "index.d.ts",
               "ToolTip": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\index.d.ts",
               "RelativeToolTip": "index.d.ts",
-              "ViewState": "AQIAAAMBAAAAAAAAAEAwwC8BAAAoAAAA",
+              "ViewState": "AQIAAGkAAAAAAAAAAAAwwH8AAAAIAAAA",
               "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.003213|",
               "WhenOpened": "2024-01-01T16:19:43.325Z",
               "EditorCaption": ""
-            },
-            {
-              "$type": "Document",
-              "DocumentIndex": 3,
-              "Title": "hybridspa.ts",
-              "DocumentMoniker": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\hybridspa.ts",
-              "RelativeDocumentMoniker": "hybridspa.ts",
-              "ToolTip": "C:\\Users\\ArvindSuthar\\source\\repos\\front\\sync\\hybridspa.ts",
-              "RelativeToolTip": "hybridspa.ts",
-              "ViewState": "AQIAAB8AAAAAAAAAAAAGwFUAAAAEAAAA",
-              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.003213|",
-              "WhenOpened": "2023-11-25T02:18:34.862Z"
             }
           ]
         },

package/hybridspa.ts

@@ -217,6 +217,88 @@ export async function adminPost(
     }
     return result;
 }
+//configConsentReadPut
+export async function configConsentReadPut(instance: IPublicClientApplication, authorizedUser: User, configId: string, tid: string, consent: boolean): Promise<APIResult> {
+    let result: APIResult = new APIResult();
+    // create parameterized config consent endpoint
+    let endpoint: string = mindlineConfig.configConsentEndpoint();
+    let url: URL = new URL(endpoint);
+    url.searchParams.append("configurationId", configId);
+    // create headers
+    const headers = await defineHeaders(instance, authorizedUser);
+    // create body
+    let configConsentReadBody: string = `
+    {
+      "tenantId": "${tid}",
+      "isReadPermissionConsented": ${consent ? "true" : "false"}
+     }`;
+    // make endpoint call
+    let options = { method: "PUT", headers: headers, body: configConsentReadBody };
+    try {
+        console.log("Attempting PUT read consent to /configuration/consent: " + url.href);
+        let response = await fetch(url.href, options);
+        if (response.status === 200 && response.statusText === "OK") {
+            console.log(`Successful PUT to ${url.href}`);
+            return result;
+        }
+        else {
+            result.error = await processErrors(response);
+            console.log(`Failed PUT to ${url.href}`);
+            console.log(result.error);
+            result.status = 500;
+            result.result = false;
+            return result;
+        }
+    }
+    catch (error: any) {
+        result.error = error.message;
+        result.status = 500;
+        result.result = false;
+        console.log(error.message);
+    }
+    return result;
+}
+//configConsentWritePut
+export async function configConsentWritePut(instance: IPublicClientApplication, authorizedUser: User, configId: string, tid: string, consent: boolean): Promise<APIResult> {
+    let result: APIResult = new APIResult();
+    // create parameterized config consent endpoint
+    let endpoint: string = mindlineConfig.configConsentEndpoint();
+    let url: URL = new URL(endpoint);
+    url.searchParams.append("configurationId", configId);
+    // create headers
+    const headers = await defineHeaders(instance, authorizedUser);
+    // create body
+    let configConsentWriteBody: string = `
+    {
+      "tenantId": "${tid}",
+      "isWritePermissionConsented": ${consent ? "true" : "false"}
+     }`;
+    // make endpoint call
+    let options = { method: "PUT", headers: headers, body: configConsentWriteBody };
+    try {
+        console.log("Attempting PUT read consent to /configuration/consent: " + url.href);
+        let response = await fetch(url.href, options);
+        if (response.status === 200 && response.statusText === "OK") {
+            console.log(`Successful PUT to ${url.href}`);
+            return result;
+        }
+        else {
+            result.error = await processErrors(response);
+            console.log(`Failed PUT to ${url.href}`);
+            console.log(result.error);
+            result.status = 500;
+            result.result = false;
+            return result;
+        }
+    }
+    catch (error: any) {
+        result.error = error.message;
+        result.status = 500;
+        result.result = false;
+        console.log(error.message);
+    }
+    return result;
+}
 //configDelete
 export async function configDelete(
     instance: IPublicClientApplication,
@@ -696,71 +778,6 @@ export async function tenantPost(
     }
     return result;
 }
-//tenantPut: write access token for onboarded tenant
-export async function tenantPut(
-    instance: IPublicClientApplication,
-    authorizedUser: User,
-    tenant: Tenant,
-    debug: boolean
-): Promise<APIResult> {
-    let result: APIResult = new APIResult();
-    // we expect valid tid
-    if (tenant.tid === "") {
-        result.result = false;
-        result.error = "tenantPut: invalid tid";
-        result.status = 500;
-        return result;
-    }
-    // create tenant endpoint
-    let endpoint: string = mindlineConfig.tenantEndpoint();
-    // create tenant headers
-    const headers = await defineHeaders(instance, authorizedUser);
-    // establish read and write service principals ("notassigned" is default")
-    let readServicePrincipal: string = "null";
-    let writeServicePrincipal: string = "null";
-    if (tenant.permissionType == "write") {
-        writeServicePrincipal = `"1"`;
-    }
-    else if (tenant.permissionType == "read") {
-        readServicePrincipal = `"1"`;
-    }
-    // create tenant body
-    let tenantBody: string = `{"tenantId": "${tenant.tid}",
-                               "name": "${tenant.name}",
-                               "domain": "${tenant.domain}",
-                               "type": "${tenant.tenantType}",
-                               "permissionType": "${tenant.permissionType}",
-                               "isOnboarded": ${tenant.onboarded == "true"},
-                               "authority": "${tenant.authority}",
-                               "readServicePrincipal": ${readServicePrincipal},
-                               "writeServicePrincipal": ${writeServicePrincipal}}`;
-    let options = { method: "PUT", headers: headers, body: tenantBody };
-    // make tenant endpoint call
-    try {
-        if (debug) debugger;
-        console.log(`Attempting PUT to ${endpoint}`);
-        let response = await fetch(endpoint, options);
-        if (response.status === 200 && response.statusText === "OK") {
-            console.log(`Successful PUT to ${endpoint}`);
-            return result;
-        }
-        else {
-            console.log(`Failed PUT to ${endpoint}: ${tenantBody}`);
-            result.error = await processErrors(response);
-            console.log(result.error);
-            result.status = 500;
-            result.result = false;
-            return result;
-        }
-    }
-    catch (error: any) {
-        result.error = error.message;
-        result.status = 500;
-        result.result = false;
-        console.log(result.error);
-    }
-    return result;
-}
 //workspacePut
 export async function workspacePut(instance: IPublicClientApplication, authorizedUser: User, workspaceId: string, workspaceName: string): Promise<APIResult> {
     let result: APIResult = new APIResult();

package/index.d.ts

@@ -99,8 +99,6 @@ declare module "@mindline/sync" {
         name: string; // findTenantInformationByTenantId
         domain: string; // findTenantInformationByTenantId
         tenantType: TenantTypeStrings; // always "aad" for now
-        permissionType: TenantPermissionTypeStrings; // read/write/notassigned
-        onboarded: string;  // have we onboarded this tenant? "true" or "false"
         authority: string;  // from AAD ID auth response
         workspaceIDs: string;
         sel: boolean; // selection state
@@ -126,6 +124,8 @@ declare module "@mindline/sync" {
         usersWritten: number;
         configId: string;
         batchId: string;
+        isReadPermissionConsented: boolean;
+        isWritePermissionConsented: boolean;
     }
     export class Config {
         id: string;
@@ -156,6 +156,8 @@ declare module "@mindline/sync" {
         ts: Tenant[];
         cs: Config[];
         ws: Workspace[];
+        configlevelconsent_configid: string;
+        configlevelconsent_access: TenantConfigType;
         constructor(bClearLocalStorage: boolean);
         init(bClearLocalStorage: boolean): void;
         save(): void;
@@ -166,12 +168,7 @@ declare module "@mindline/sync" {
                             "reload React" | 
                             "GET tenant details" | 
                             "POST config init" |
-                            "GET workspaces" |
-                            "onboard tenant" |
-                            "create 2nd tenant" |
-                            "invite 2nd admin" |
-                            "onboard 2nd tenant" | 
-                            "create config";
+                            "GET workspaces";
     export class TaskArray {
         tasks: Task[];  
         constructor(bClearLocalStorage: boolean);
@@ -273,7 +270,7 @@ declare module "@mindline/sync" {
     //
     export function groupsGet(instance: IPublicClientApplication, user: User | undefined, groupSearchString: string): Promise<{ groups: Group[], error: string }>;
     export function oauth2PermissionGrantsGet(options: RequestInit, user: User, spid: string, oid: string): Promise<{grants: string, error: string}>;
-    export function requestAdminConsent(user: User, scope: string): void;
+    export function requestAdminConsent(admin: User, tct: TenantConfigType): void;
     export function servicePrincipalGet(options: RequestInit, user: User, appid: string): Promise<{ spid: string, error: string }>;
     export function signIn(user: User, tasks: TaskArray): boolean;
     export function signInIncrementally(user: User, scope: string): void;
@@ -287,6 +284,8 @@ declare module "@mindline/sync" {
     //
     // Mindline Config API
     //
+    export function configConsentForRead(instance: IPublicClientApplication, authorizedUser: User, configId: string, tid: string, consent: boolean): Promise<APIResult>;
+    export function configConsentForWrite(instance: IPublicClientApplication, authorizedUser: User, configId: string, tid: string, consent: boolean): Promise<APIResult>;
     export function configEdit(
         instance: IPublicClientApplication,
         authorizedUser: User,
@@ -300,7 +299,6 @@ declare module "@mindline/sync" {
     export function configsRefresh(instance: IPublicClientApplication, authorizedUser: User, workspaceId: string, ii: InitInfo, debug: boolean): APIResult;
     export function initGet(instance: IPublicClientApplication, authorizedUser: User, user: User, ii: InitInfo, tasks: TaskArray, debug: boolean): APIResult;
     export function tenantAdd(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, workspaceId: string): APIResult;
-    export function tenantComplete(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, debug: boolean): APIResult;
     export function tenantRemove(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, workspaceId: string, debug: boolean): APIResult;
     export function userAdd(instance: IPublicClientApplication, authorizedUser: User, user: User, workspaceId: string): APIResult;
     export function userRemove(instance: IPublicClientApplication, authorizedUser: User, user: User, workspaceId: string): APIResult;

package/index.ts

@@ -2,7 +2,7 @@
 import * as signalR from "@microsoft/signalr"
 import { IPublicClientApplication, AuthenticationResult } from "@azure/msal-browser"
 import { deserializeArray } from 'class-transformer';
-import { defineHeaders, adminDelete, adminPost, adminsGet, configDelete, configsGet, configPost, configPut, initPost, readerPost, tenantPut, tenantPost, tenantDelete, tenantsGet, workspacePut, workspacesGet } from './hybridspa';
+import { defineHeaders, adminDelete, adminPost, adminsGet, configConsentReadPut, configConsentWritePut, configDelete, configsGet, configPost, configPut, initPost, readerPost, tenantPost, tenantDelete, tenantsGet, workspacePut, workspacesGet } from './hybridspa';
 import { version } from './package.json';
 import users from "./users.json";
 import tenants from "./tenants.json";
@@ -40,6 +40,9 @@ export class mindlineConfig {
     static adminsEndpoint(): string {
         return `https://${mindlineConfig.environmentTag}-configurationapi-westus.azurewebsites.net/api/v1/admins`;
     };
+    static configConsentEndpoint(): string {
+        return `https://${mindlineConfig.environmentTag}-configurationapi-westus.azurewebsites.net/api/v1/configuration/consent`;
+    };
     static configEndpoint(): string {
         return `https://${mindlineConfig.environmentTag}-configurationapi-westus.azurewebsites.net/api/v1/configuration`;
     };
@@ -159,8 +162,6 @@ export class Tenant {
     name: string;
     domain: string;
     tenantType: TenantTypeStrings;
-    permissionType: TenantPermissionTypeStrings;
-    onboarded: string;
     authority: string;
     workspaceIDs: string;
     sel: boolean; // selection state
@@ -171,8 +172,6 @@ export class Tenant {
         this.name = "";
         this.domain = "";
         this.tenantType = "aad";
-        this.permissionType = "notassigned";
-        this.onboarded = "false";
         this.authority = "";
         this.workspaceIDs = "";
         this.sel = false;
@@ -180,14 +179,15 @@ export class Tenant {
         this.lookupfield = "Domain";
     }
 }
-function getAppId(authority: string): string {
+function getAppId(authority: string, tct: TenantConfigType): string {
     switch (authority) {
-        case graphConfig.authorityWW: return "63100afe-506e-4bb2-8ff7-d8d5ab373129";
-        case graphConfig.authorityUS: return "762d313c-dcfd-4582-8cc5-53cc9844f62e";
-        case graphConfig.authorityCN: return "814e0ebd-ada6-42b4-b8ae-e26f3861a0aa";
+        case graphConfig.authorityWW: return tct === TenantConfigType.source ? "85d35da2-4118-4b03-aa05-605cedd7f2f8" : "63100afe-506e-4bb2-8ff7-d8d5ab373129";
+        case graphConfig.authorityUS: return tct === TenantConfigType.source ? "b08630c7-e227-4215-9746-afc9286fb864" : "17aa5d5a-f09f-4cec-87a6-28596f9fa513";
+        case graphConfig.authorityCN: return tct === TenantConfigType.source ? "7db7293b-add9-4a3f-8562-1a20bfe27d5e" : "debd015b-1154-4111-a4cb-fc220a537697";
         default: debugger; return "";
     }
 }
+// https://learn.microsoft.com/en-us/graph/deployments
 function getGraphEndpoint(authority: string): string {
     switch (authority) {
         case graphConfig.authorityWW: return "https://graph.microsoft.com/";
@@ -196,10 +196,11 @@ function getGraphEndpoint(authority: string): string {
         default: debugger; return "";
     }
 }
+// https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud
 function getLoginEndpoint(authority: string): string {
     switch (authority) {
-        case graphConfig.authorityWW: return "https://login.microsoft.com/";
-        case graphConfig.authorityUS: return "https://login.microsoft.us/";
+        case graphConfig.authorityWW: return "https://login.microsoftonline.com/";
+        case graphConfig.authorityUS: return "https://login.microsoftonline.us/";
         case graphConfig.authorityCN: return "https://login.partner.microsoftonline.cn/";
         default: debugger; return "";
     }
@@ -221,6 +222,8 @@ export class TenantConfigInfo {
     usersWritten: number;
     configId: string;
     batchId: string;
+    isReadPermissionConsented: boolean;
+    isWritePermissionConsented: boolean;
     constructor() {
         this.tid = "";
         this.sourceGroupId = "";
@@ -232,6 +235,8 @@ export class TenantConfigInfo {
         this.usersWritten = 0;
         this.configId = "";
         this.batchId = "";
+        this.isReadPermissionConsented = false;
+        this.isWritePermissionConsented = false;
     }
 }
 export class Config {
@@ -304,6 +309,8 @@ export class InitInfo {
     ts: Tenant[];
     cs: Config[];
     ws: Workspace[];
+    configlevelconsent_configid: string;
+    configlevelconsent_access: TenantConfigType;
     constructor(bClearLocalStorage: boolean) {
         this.init(bClearLocalStorage);
     }
@@ -328,13 +335,15 @@ export class InitInfo {
             }
         }
         // if storage unavailable or we were just asked to clear, read defaults to enable usable UI
+        this.tab = 0;
+        this.version = version;
+        this.configlevelconsent_configid = "";
+        this.configlevelconsent_access = TenantConfigType.sourcetarget;
         var usersString = JSON.stringify(users);
         var tenantsString = JSON.stringify(tenants);
         var configsString = JSON.stringify(configs);
         var workspacesString = JSON.stringify(workspaces);
         try {
-            this.tab = 0;
-            this.version = version;
             this.us = deserializeArray(User, usersString);
             this.ts = deserializeArray(Tenant, tenantsString);
             this.cs = deserializeArray(Config, configsString);
@@ -396,6 +405,9 @@ export class InitInfo {
     }
     #initFromObjects(ii: InitInfo): void {
         this.tab = ii.tab;
+        this.version = version;
+        this.configlevelconsent_configid = ii.configlevelconsent_configid;
+        this.configlevelconsent_access = ii.configlevelconsent_access;
         if (typeof ii.us === "undefined") {
             this.us = new Array<User>();
         }
@@ -431,8 +443,6 @@ export class InitInfo {
                 newtenant.name = tenant.name;
                 newtenant.domain = tenant.domain;
                 newtenant.tenantType = tenant.tenantType;
-                newtenant.permissionType = tenant.permissionType;
-                newtenant.onboarded = tenant.onboarded;
                 newtenant.authority = tenant.authority;
                 newtenant.workspaceIDs = tenant.workspaceIDs;
                 newtenant.sel = tenant.sel;
@@ -480,12 +490,7 @@ export type TaskType = "initialization" |
     "reload React" |
     "GET tenant details" |
     "POST config init" |
-    "GET workspaces" |
-    "onboard tenant" |
-    "create 2nd tenant" |
-    "invite 2nd admin" |
-    "onboard 2nd tenant" |
-    "create config";
+    "GET workspaces";
 export class TaskArray {
     tasks: Task[];
     constructor(bClearLocalStorage: boolean) {
@@ -1299,31 +1304,33 @@ export async function oauth2PermissionGrantsSet(instance: IPublicClientApplicati
         return false;
     }
 }
-export function requestAdminConsent(user: User, scope: string): void {
-    if (user.oid == "1") return;
+export function requestAdminConsent(admin: User, tct: TenantConfigType): void {
     //
     // for app permissions (app roles) we must use the /.default scope for admin consent
     //      https://learn.microsoft.com/EN-US/azure/active-directory/develop/v2-admin-consent#:~:text=In%20order%20to%20request%20app%20permissions%2C%20you%20must%20use%20the%20/.default%20value.
     //      https://learn.microsoft.com/en-us/answers/questions/431784/how-to-grant-application-permissions-with-dynamic
     //
     // this means that, if we want to be granular about SyncReader vs. SyncWriter permissions, we must have separate Applications
-    // for now, we request the /.default scope whenever any of the SyncReader or SyncWriter permissions are requested
+    // in addition, if there are permissions like Group.Read.All, that also must be admin consented
+    // for now, this function will perform admin consent for the Reader and Writer applications, we will come back to Group.Read.All and User.Read.All
     //
-    // trying to use the Challenge endpoint for app permissions, setting this scope caused the call to quietly fail without error
-    // scope = "63100afe-506e-4bb2-8ff7-d8d5ab373129/.default";
+    // FYI - using the Challenge endpoint for app permissions caused the call to quietly fail without error
+    // FYI - using the Challenge endpoint for this scope also caused the call to quietly fail withour error
+    //  scope = "63100afe-506e-4bb2-8ff7-d8d5ab373129/.default";
     //
-    // thereforce, we are assuming that, for app permissions (app roles), the Microsoft Identity Web Challenge endpoint does not work and we need to perform our own redirect to the admin consent endpoint
+    // thereforce, we are assuming that, for app permissions (app roles) or delegated permissions requiring admin consent, the Microsoft Identity Web Challenge endpoint does not work and we need to perform our own redirect to the admin consent endpoint
     // https://learn.microsoft.com/EN-US/azure/active-directory/develop/scopes-oidc#client-credentials-grant-flow-and-default
     // https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#request-the-permissions-from-a-directory-admin
     //
-    let adminConsentURL: string = getLoginEndpoint(user.authority);
-    adminConsentURL += user.tid;
+    let adminConsentURL: string = getLoginEndpoint(admin.authority);
+    adminConsentURL += admin.tid;
     adminConsentURL += "/adminconsent";
     let url: URL = new URL(adminConsentURL);
-    let clientId: string = getAppId(user.authority);
+    let clientId: string = getAppId(admin.authority, tct);
     url.searchParams.append("client_id", clientId);
     url.searchParams.append("redirect_uri", window.location.origin);
-    url.searchParams.append("domain_hint", user.companyDomain);
+    url.searchParams.append("domain_hint", admin.companyDomain);
+    url.searchParams.append("login_hint", admin.mail);
     window.location.assign(url.href);
 }
 export async function servicePrincipalGet(options: RequestInit, user: User, appid: string): Promise<{ spid: string, error: string }> {
@@ -1736,7 +1743,9 @@ export async function configEdit(
         result = await configPost(instance, authorizedUser, config, workspace.id, debug);
         if (result.result) {
             // config id was updated from "1"
-            setConfigId(config.id);
+            if (setConfigId) {
+                setConfigId(config.id);
+            }
             // set this config as the selected config
             const newSelection = {};
             Object.defineProperty(newSelection, config.id, { value: true, writable: true, enumerable: true });
@@ -1758,6 +1767,12 @@ export async function configEdit(
 export async function configRemove(instance: IPublicClientApplication, authorizedUser: User, config: Config, workspaceId: string, debug: boolean): Promise<APIResult> {
     return configDelete(instance, authorizedUser, config, workspaceId, debug);
 }
+export async function configConsentForRead(instance: IPublicClientApplication, authorizedUser: User, configId: string, tid: string, consent: boolean): Promise<APIResult> {
+    return configConsentReadPut(instance, authorizedUser, configId, tid, consent);
+}
+export async function configConsentForWrite(instance: IPublicClientApplication, authorizedUser: User, configId: string, tid: string, consent: boolean): Promise<APIResult> {
+    return configConsentWritePut(instance, authorizedUser, configId, tid, consent);
+}
 export async function configsRefresh(instance: IPublicClientApplication, authorizedUser: User, workspaceId: string, ii: InitInfo, debug: boolean): Promise<APIResult> {
     let result: APIResult = new APIResult();
     if (debug) debugger;
@@ -1802,7 +1817,7 @@ export async function initGet(instance: IPublicClientApplication, authorizedUser
             tasks.setTaskStart("GET tenant details", new Date());
             result.result = await tenantRelationshipsGetById(user, ii, instance, debug);
             tasks.setTaskEnd("GET tenant details", new Date(), "complete");
-            // if this is the first time, we have just gotten tenant info, then we must POST user and not-yet-onboarded tenant to back end
+            // if this is the first time, we have just gotten tenant info, then we must POST user and tenant to back end
             if (result.result) {
                 tasks.setTaskStart("POST config init", new Date());
                 result = await initPost(instance, authorizedUser, user, debug);
@@ -1832,9 +1847,6 @@ export async function initGet(instance: IPublicClientApplication, authorizedUser
 export async function tenantAdd(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, workspaceId: string): Promise<APIResult> {
     return tenantPost(instance, authorizedUser, tenant, workspaceId);
 }
-export async function tenantComplete(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, debug: boolean): Promise<APIResult> {
-    return tenantPut(instance, authorizedUser, tenant, debug);
-}
 export async function tenantRemove(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, workspaceId: string, debug: boolean): Promise<APIResult> {
     return tenantDelete(instance, authorizedUser, tenant, workspaceId, debug);
 }
@@ -1849,7 +1861,7 @@ export async function workspaceEdit(instance: IPublicClientApplication, authoriz
     return await workspacePut(instance, authorizedUser, workspaceId, workspaceName);
 }
 // retrieve Workspace(s), User(s), Tenant(s), Config(s) given newly logged in user
-function processReturnedAdmins(workspace: Workspace, ii: InitInfo, returnedAdmins: Array<Object>) {
+function processReturnedAdmins(workspace: Workspace, ii: InitInfo, returnedAdmins: Array<Object>, adminSelectedId: string) {
     returnedAdmins.map((item) => {
         // are we already tracking this user?
         let user: User | null = null;
@@ -1876,6 +1888,8 @@ function processReturnedAdmins(workspace: Workspace, ii: InitInfo, returnedAdmin
             // already tracking this user
             user = ii.us.at(usIndex);
         }
+        // restore selection
+        user.sel = (adminSelectedId === item.userId);
         // refresh all the data available from the server
         user.oid = item.userId ? item.userId : item.email;
         user.name = item.firstName ?? user.name;
@@ -1900,7 +1914,7 @@ function processReturnedAdmins(workspace: Workspace, ii: InitInfo, returnedAdmin
     });
     ii.save();
 }
-function processReturnedTenants(workspace: Workspace, ii: InitInfo, returnedTenants: Array<Object>) {
+function processReturnedTenants(workspace: Workspace, ii: InitInfo, returnedTenants: Array<Object>, tenantSelectedId: string) {
     returnedTenants.map((item) => {
         // are we already tracking this tenant?
         let tenant: Tenant | null = null;
@@ -1926,12 +1940,13 @@ function processReturnedTenants(workspace: Workspace, ii: InitInfo, returnedTena
             // already tracking this tenant
             tenant = ii.ts.at(tsIndex);
         }
+        // restore selection
+        tenant.sel = (tenantSelectedId === item.tenantId);
+        // refresh all the data available from the server
         tenant.tid = item.tenantId;
         tenant.name = item.name;
         tenant.domain = item.domain;
         tenant.tenantType = item.type.toLowerCase(); // should now be strings
-        tenant.permissionType = item.permissionType.toLowerCase(); // should now be strings
-        tenant.onboarded = item.isOnboarded ? "true" : "false";
 
         // canonicalize authority when getting it from config backend
         const regex = /^(https:\/\/login.microsoftonline.(?:us|com)\/)organizations\/v2.0$/;
@@ -1944,7 +1959,7 @@ function processReturnedTenants(workspace: Workspace, ii: InitInfo, returnedTena
     });
     ii.save();
 }
-function processReturnedConfigs(workspace: Workspace, ii: InitInfo, returnedConfigs: Array<Object>) {
+function processReturnedConfigs(workspace: Workspace, ii: InitInfo, returnedConfigs: Array<Object>, configSelectedId: string) {
     // process returned configs
     returnedConfigs.map((item) => {
         // are we already tracking this config?
@@ -1971,6 +1986,9 @@ function processReturnedConfigs(workspace: Workspace, ii: InitInfo, returnedConf
             // already tracking this config
             config = ii.cs.at(csIndex);
         }
+        // restore selection
+        config.sel = (configSelectedId === item.id);
+        // refresh all the data available from the server
         config!.id = item.id;
         config!.workspaceId = item.workspaceId;
         config!.name = item.name;
@@ -1989,6 +2007,8 @@ function processReturnedConfigs(workspace: Workspace, ii: InitInfo, returnedConf
             tenantConfigInfo.deltaToken = tci.deltaToken ?? "";
             tenantConfigInfo.configId = config!.id;
             tenantConfigInfo.batchId = tci.batchId ?? "";
+            tenantConfigInfo.isReadPermissionConsented = tci.isReadPermissionConsented;
+            tenantConfigInfo.isWritePermissionConsented = tci.isWritePermissionConsented;
             config!.tenants.push(tenantConfigInfo);
         });
         // ensure this workspace tracks this config
@@ -2023,11 +2043,32 @@ async function workspaceInfoGet(instance: IPublicClientApplication, authorizedUs
                     // already tracking this workspace
                     workspace = ii.ws.at(wsIndex);
                 }
+                // preserve selected admin, tenant, and config
+                let adminSelectedId: string = "";
+                for (let oid of workspace.associatedUsers) {
+                    let user = ii.us.find((u: User) => u.oid === oid);
+                    if (user != null && user.sel) {
+                        adminSelectedId = user.oid;
+                    }
+                }
+                let tenantSelectedId: string = "";
+                for (let tid of workspace.associatedTenants) {
+                    let tenant = ii.ts.find((t: Tenant) => t.tid === tid);
+                    if (tenant != null && tenant.sel) {
+                        tenantSelectedId = tenant.tid;
+                    }
+                }
+                let configSelectedId: string = "";
+                for (let cid of workspace.associatedConfigs) {
+                    let config = ii.cs.find((c: Config) => c.id === cid);
+                    if (config != null && config.sel) {
+                        configSelectedId = config.id;
+                    }
+                }
                 // clear associations as we are about to reset
-                // IN PROGRESS: do not clear so we can retain selection state
-                //workspace.associatedUsers.length = 0;
-                //workspace.associatedTenants.length = 0;
-                //workspace.associatedConfigs.length = 0;
+                workspace.associatedUsers.length = 0;
+                workspace.associatedTenants.length = 0;
+                workspace.associatedConfigs.length = 0;
                 // set id and name based on returned data
                 workspace.id = o.id;
                 workspace.name = o.name;
@@ -2042,9 +2083,9 @@ async function workspaceInfoGet(instance: IPublicClientApplication, authorizedUs
                 if (!tenantsResult.result) return tenantsResult;
                 if (!configsResult.result) return configsResult;
                 // process returned workspace components (tenants first as they have the authorities that admins depend on)
-                processReturnedTenants(workspace, ii, tenantsResult.array!);
-                processReturnedAdmins(workspace, ii, adminsResult.array!);
-                processReturnedConfigs(workspace, ii, configsResult.array!);
+                processReturnedTenants(workspace, ii, tenantsResult.array!, tenantSelectedId);
+                processReturnedAdmins(workspace, ii, adminsResult.array!, adminSelectedId);
+                processReturnedConfigs(workspace, ii, configsResult.array!, configSelectedId);
                 // tag components with workspaceIDs
                 ii.tagWithWorkspaces();
             }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mindline/sync",
   "type": "module",
-  "version": "1.0.68",
+  "version": "1.0.70",
   "types": "index.d.ts",
   "exports": "./index.ts",
   "description": "sync is a node.js package encapsulating javscript classes required for configuring Mindline sync service.",

package/tasks.ts

@@ -49,46 +49,6 @@ const data: any[] = [
                 status: "not started"
             }
         ]
-    },
-    {
-        id: 8,
-        task: "onboard tenant",
-        start: "1970-01-01T00:00:00",
-        end: "1970-01-01T00:00:00",
-        expected: "0:05",
-        status: "not started"
-    },
-    {
-        id: 9,
-        task: "create 2nd tenant",
-        start: "1970-01-01T00:00:00",
-        end: "1970-01-01T00:00:00",
-        expected: "0:01",
-        status: "not started"
-    },
-    {
-        id: 10,
-        task: "invite 2nd admin",
-        start: "1970-01-01T00:00:00",
-        end: "1970-01-01T00:00:00",
-        expected: "0:01",
-        status: "not started"
-    },
-    {
-        id: 11,
-        task: "onboard 2nd tenant",
-        start: "1970-01-01T00:00:00",
-        end: "1970-01-01T00:00:00",
-        expected: "0:05",
-        status: "not started"
-    },
-    {
-        id: 12,
-        task: "create config",
-        start: "1970-01-01T00:00:00",
-        end: "1970-01-01T00:00:00",
-        expected: "0:01",
-        status: "not started"
     }
 ];
 

package/tenants.json

@@ -4,8 +4,6 @@
     "name": "",
     "domain": "",
     "tenantType": "",
-    "permissionType": "",
-    "onboarded": false,
     "authority": "",
     "sel": true,
     "graphSP": ""