@pnp/cli-microsoft365 5.7.0-beta.6df5c92 → 5.7.0-beta.9e8cf99

package/.devcontainer/Dockerfile

@@ -27,7 +27,9 @@ RUN apt-get update && apt-get install -y \
   && apt-get install nodejs -y \
   && rm -rf /var/lib/apt/lists/*
 
-RUN pip3 install mkdocs-material==7.1.7 pymdown-extensions==9.0 pygments==2.11
+COPY ../docs/pip_requirements.txt .
+
+RUN pip install -r pip_requirements.txt
 
 RUN useradd \
   --user-group \

package/.devcontainer/devcontainer.json

@@ -1,6 +1,7 @@
 {
   "name": "CLI for Microsoft 365",
   "dockerFile": "Dockerfile",
+  "context": "..",
   "settings": {
     "terminal.integrated.profiles.linux": {
       "zsh": {

package/dist/m365/aad/commands/app/app-add.js

@@ -27,6 +27,7 @@ class AadAppAddCommand extends GraphCommand_1.default {
         super();
         _AadAppAddCommand_instances.add(this);
         this.appName = '';
+        this.appPermissions = [];
         __classPrivateFieldGet(this, _AadAppAddCommand_instances, "m", _AadAppAddCommand_initTelemetry).call(this);
         __classPrivateFieldGet(this, _AadAppAddCommand_instances, "m", _AadAppAddCommand_initOptions).call(this);
         __classPrivateFieldGet(this, _AadAppAddCommand_instances, "m", _AadAppAddCommand_initValidators).call(this);
@@ -50,6 +51,7 @@ class AadAppAddCommand extends GraphCommand_1.default {
             return Promise.resolve(appInfo);
         })
             .then(appInfo => this.updateAppFromManifest(args, appInfo))
+            .then(appInfo => this.grantAdminConsent(appInfo, args.options.grantAdminConsent, logger))
             .then(appInfo => this.configureUri(args, appInfo, logger))
             .then(appInfo => this.configureSecret(args, appInfo, logger))
             .then(appInfo => this.saveAppInfo(args, appInfo, logger))
@@ -120,6 +122,81 @@ class AadAppAddCommand extends GraphCommand_1.default {
             return request_1.default.post(createApplicationRequestOptions);
         });
     }
+    grantAdminConsent(appInfo, adminConsent, logger) {
+        if (!adminConsent || this.appPermissions.length === 0) {
+            return Promise.resolve(appInfo);
+        }
+        return this.createServicePrincipal(appInfo.appId)
+            .then((sp) => {
+            if (this.debug) {
+                logger.logToStderr("Service principal created, returned object id: " + sp.id);
+            }
+            const tasks = [];
+            this.appPermissions.forEach(permission => {
+                if (permission.scope.length > 0) {
+                    tasks.push(this.grantOAuth2Permission(sp.id, permission.resourceId, permission.scope.join(' ')));
+                    if (this.debug) {
+                        logger.logToStderr(`Admin consent granted for following resource ${permission.resourceId}, with delegated permissions: ${permission.scope.join(',')}`);
+                    }
+                }
+                permission.resourceAccess.filter(access => access.type === "Role").forEach((access) => {
+                    tasks.push(this.addRoleToServicePrincipal(sp.id, permission.resourceId, access.id));
+                    if (this.debug) {
+                        logger.logToStderr(`Admin consent granted for following resource ${permission.resourceId}, with application permission: ${access.id}`);
+                    }
+                });
+            });
+            return Promise.all(tasks)
+                .then(_ => {
+                return appInfo;
+            });
+        });
+    }
+    addRoleToServicePrincipal(objectId, resourceId, appRoleId) {
+        const requestOptions = {
+            url: `${this.resource}/v1.0/myorganization/servicePrincipals/${objectId}/appRoleAssignments`,
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            responseType: 'json',
+            data: {
+                appRoleId: appRoleId,
+                principalId: objectId,
+                resourceId: resourceId
+            }
+        };
+        return request_1.default.post(requestOptions);
+    }
+    grantOAuth2Permission(appId, resourceId, scopeName) {
+        const grantAdminConsentApplicationRequestOptions = {
+            url: `${this.resource}/v1.0/myorganization/oauth2PermissionGrants`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                clientId: appId,
+                consentType: "AllPrincipals",
+                principalId: null,
+                resourceId: resourceId,
+                scope: scopeName
+            }
+        };
+        return request_1.default.post(grantAdminConsentApplicationRequestOptions);
+    }
+    createServicePrincipal(appId) {
+        const requestOptions = {
+            url: `${this.resource}/v1.0/myorganization/servicePrincipals`,
+            headers: {
+                'content-type': 'application/json'
+            },
+            data: {
+                appId: appId
+            },
+            responseType: 'json'
+        };
+        return request_1.default.post(requestOptions);
+    }
     updateAppFromManifest(args, appInfo) {
         if (!args.options.manifest) {
             return Promise.resolve(appInfo);
@@ -135,6 +212,11 @@ class AadAppAddCommand extends GraphCommand_1.default {
         // separately
         const secrets = this.getSecretsFromManifest(v2Manifest);
         // Azure Portal returns v2 manifest whereas the Graph API expects a v1.6
+        if (args.options.apisApplication || args.options.apisDelegated) {
+            // take submitted delegated / application permissions as options
+            // otherwise, they will be skipped in the app update
+            v2Manifest.requiredResourceAccess = appInfo.requiredResourceAccess;
+        }
         const graphManifest = this.transformManifest(v2Manifest);
         const updateAppRequestOptions = {
             url: `${this.resource}/v1.0/myorganization/applications/${appInfo.id}`,
@@ -334,36 +416,69 @@ class AadAppAddCommand extends GraphCommand_1.default {
             .then(_ => appInfo);
     }
     resolveApis(args, logger) {
-        if (!args.options.apisDelegated && !args.options.apisApplication) {
+        var _a;
+        if (!args.options.apisDelegated && !args.options.apisApplication
+            && (typeof ((_a = this.manifest) === null || _a === void 0 ? void 0 : _a.requiredResourceAccess) === 'undefined' || this.manifest.requiredResourceAccess.length === 0)) {
             return Promise.resolve([]);
         }
         if (this.verbose) {
             logger.logToStderr('Resolving requested APIs...');
         }
         return utils_1.odata
-            .getAllItems(`${this.resource}/v1.0/myorganization/servicePrincipals?$select=servicePrincipalNames,appId,oauth2PermissionScopes,appRoles`)
+            .getAllItems(`${this.resource}/v1.0/myorganization/servicePrincipals?$select=appId,appRoles,id,oauth2PermissionScopes,servicePrincipalNames`)
             .then(servicePrincipals => {
+            var _a;
+            let resolvedApis = [];
             try {
-                const resolvedApis = this.getRequiredResourceAccessForApis(servicePrincipals, args.options.apisDelegated, 'Scope', logger);
-                if (this.debug) {
-                    logger.logToStderr(`Resolved delegated permissions: ${JSON.stringify(resolvedApis, null, 2)}`);
-                }
-                const resolvedApplicationApis = this.getRequiredResourceAccessForApis(servicePrincipals, args.options.apisApplication, 'Role', logger);
-                if (this.debug) {
-                    logger.logToStderr(`Resolved application permissions: ${JSON.stringify(resolvedApplicationApis, null, 2)}`);
-                }
-                // merge resolved application APIs onto resolved delegated APIs
-                resolvedApplicationApis.forEach(resolvedRequiredResource => {
-                    const requiredResource = resolvedApis.find(api => api.resourceAppId === resolvedRequiredResource.resourceAppId);
-                    if (requiredResource) {
-                        requiredResource.resourceAccess.push(...resolvedRequiredResource.resourceAccess);
+                if (args.options.apisDelegated || args.options.apisApplication) {
+                    resolvedApis = this.getRequiredResourceAccessForApis(servicePrincipals, args.options.apisDelegated, 'Scope', logger);
+                    if (this.verbose) {
+                        logger.logToStderr(`Resolved delegated permissions: ${JSON.stringify(resolvedApis, null, 2)}`);
                     }
-                    else {
-                        resolvedApis.push(resolvedRequiredResource);
+                    const resolvedApplicationApis = this.getRequiredResourceAccessForApis(servicePrincipals, args.options.apisApplication, 'Role', logger);
+                    if (this.verbose) {
+                        logger.logToStderr(`Resolved application permissions: ${JSON.stringify(resolvedApplicationApis, null, 2)}`);
                     }
-                });
-                if (this.debug) {
+                    // merge resolved application APIs onto resolved delegated APIs
+                    resolvedApplicationApis.forEach(resolvedRequiredResource => {
+                        const requiredResource = resolvedApis.find(api => api.resourceAppId === resolvedRequiredResource.resourceAppId);
+                        if (requiredResource) {
+                            requiredResource.resourceAccess.push(...resolvedRequiredResource.resourceAccess);
+                        }
+                        else {
+                            resolvedApis.push(resolvedRequiredResource);
+                        }
+                    });
+                }
+                if (typeof ((_a = this.manifest) === null || _a === void 0 ? void 0 : _a.requiredResourceAccess) !== 'undefined' && this.manifest.requiredResourceAccess.length > 0) {
+                    const manifestApis = this.manifest.requiredResourceAccess;
+                    manifestApis.forEach(manifestApi => {
+                        const requiredResource = resolvedApis.find(api => api.resourceAppId === manifestApi.resourceAppId);
+                        if (requiredResource) {
+                            // exclude if any duplicate required resources in both manifest and submitted options
+                            requiredResource.resourceAccess.push(...manifestApi.resourceAccess.filter(manRes => !requiredResource.resourceAccess.some(res => res.id === manRes.id)));
+                        }
+                        else {
+                            resolvedApis.push(manifestApi);
+                        }
+                        const app = servicePrincipals.find(servicePrincipals => servicePrincipals.appId === manifestApi.resourceAppId);
+                        if (app) {
+                            manifestApi.resourceAccess.forEach((res => {
+                                var _a;
+                                const resourceAccessPermission = {
+                                    id: res.id,
+                                    type: res.type
+                                };
+                                const oAuthValue = (_a = app.oauth2PermissionScopes.find(scp => scp.id === res.id)) === null || _a === void 0 ? void 0 : _a.value;
+                                this.updateAppPermissions(app.id, resourceAccessPermission, oAuthValue);
+                            }));
+                        }
+                    });
+                }
+                if (this.verbose) {
                     logger.logToStderr(`Merged delegated and application permissions: ${JSON.stringify(resolvedApis, null, 2)}`);
+                    logger.logToStderr(`App role assignments: ${JSON.stringify(this.appPermissions.flatMap(permission => permission.resourceAccess.filter(access => access.type === "Role")), null, 2)}`);
+                    logger.logToStderr(`OAuth2 permissions: ${JSON.stringify(this.appPermissions.flatMap(permission => permission.scope), null, 2)}`);
                 }
                 return Promise.resolve(resolvedApis);
             }
@@ -405,13 +520,34 @@ class AadAppAddCommand extends GraphCommand_1.default {
                 };
                 resolvedApis.push(resolvedApi);
             }
-            resolvedApi.resourceAccess.push({
+            const resourceAccessPermission = {
                 id: permission.id,
                 type: scopeType
-            });
+            };
+            resolvedApi.resourceAccess.push(resourceAccessPermission);
+            this.updateAppPermissions(servicePrincipal.id, resourceAccessPermission, permission.value);
         });
         return resolvedApis;
     }
+    updateAppPermissions(spId, resourceAccessPermission, oAuth2PermissionValue) {
+        // During API resolution, we store globally both app role assignments and oauth2permissions
+        // So that we'll be able to parse them during the admin consent process
+        let existingPermission = this.appPermissions.find(oauth => oauth.resourceId === spId);
+        if (!existingPermission) {
+            existingPermission = {
+                resourceId: spId,
+                resourceAccess: [],
+                scope: []
+            };
+            this.appPermissions.push(existingPermission);
+        }
+        if (resourceAccessPermission.type === 'Scope' && oAuth2PermissionValue && !existingPermission.scope.find(scp => scp === oAuth2PermissionValue)) {
+            existingPermission.scope.push(oAuth2PermissionValue);
+        }
+        if (!existingPermission.resourceAccess.find(res => res.id === resourceAccessPermission.id)) {
+            existingPermission.resourceAccess.push(resourceAccessPermission);
+        }
+    }
     configureSecret(args, appInfo, logger) {
         if (!args.options.withSecret) {
             return Promise.resolve(appInfo);
@@ -523,7 +659,8 @@ _AadAppAddCommand_instances = new WeakSet(), _AadAppAddCommand_initTelemetry = f
             withSecret: args.options.withSecret,
             certificateFile: typeof args.options.certificateFile !== 'undefined',
             certificateBase64Encoded: typeof args.options.certificateBase64Encoded !== 'undefined',
-            certificateDisplayName: typeof args.options.certificateDisplayName !== 'undefined'
+            certificateDisplayName: typeof args.options.certificateDisplayName !== 'undefined',
+            grantAdminConsent: typeof args.options.grantAdminConsent !== 'undefined'
         });
     });
 }, _AadAppAddCommand_initOptions = function _AadAppAddCommand_initOptions() {
@@ -565,6 +702,8 @@ _AadAppAddCommand_instances = new WeakSet(), _AadAppAddCommand_initTelemetry = f
         option: '--manifest [manifest]'
     }, {
         option: '--save'
+    }, {
+        option: '--grantAdminConsent'
     });
 }, _AadAppAddCommand_initValidators = function _AadAppAddCommand_initValidators() {
     this.validators.push((args) => __awaiter(this, void 0, void 0, function* () {

package/dist/m365/spo/commands/list/list-roleassignment-add.js

@@ -0,0 +1,208 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _SpoListRoleAssignmentAddCommand_instances, _SpoListRoleAssignmentAddCommand_initTelemetry, _SpoListRoleAssignmentAddCommand_initOptions, _SpoListRoleAssignmentAddCommand_initValidators;
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
+const request_1 = require("../../../../request");
+const utils_1 = require("../../../../utils");
+const SpoCommand_1 = require("../../../base/SpoCommand");
+const commands_1 = require("../../commands");
+const SpoUserGetCommand = require("../user/user-get");
+const SpoGroupGetCommand = require("../group/group-get");
+const SpoRoleDefinitionListCommand = require("../roledefinition/roledefinition-list");
+class SpoListRoleAssignmentAddCommand extends SpoCommand_1.default {
+    constructor() {
+        super();
+        _SpoListRoleAssignmentAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _SpoListRoleAssignmentAddCommand_instances, "m", _SpoListRoleAssignmentAddCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _SpoListRoleAssignmentAddCommand_instances, "m", _SpoListRoleAssignmentAddCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _SpoListRoleAssignmentAddCommand_instances, "m", _SpoListRoleAssignmentAddCommand_initValidators).call(this);
+    }
+    get name() {
+        return commands_1.default.LIST_ROLEASSIGNMENT_ADD;
+    }
+    get description() {
+        return 'Adds a role assignment to list permissions';
+    }
+    commandAction(logger, args, cb) {
+        if (this.verbose) {
+            logger.logToStderr(`Adding role assignment to list in site at ${args.options.webUrl}...`);
+        }
+        let requestUrl = `${args.options.webUrl}/_api/web/`;
+        if (args.options.listId) {
+            requestUrl += `lists(guid'${utils_1.formatting.encodeQueryParameter(args.options.listId)}')/`;
+        }
+        else if (args.options.listTitle) {
+            requestUrl += `lists/getByTitle('${utils_1.formatting.encodeQueryParameter(args.options.listTitle)}')/`;
+        }
+        else if (args.options.listUrl) {
+            const listServerRelativeUrl = utils_1.urlUtil.getServerRelativePath(args.options.webUrl, args.options.listUrl);
+            requestUrl += `GetList('${utils_1.formatting.encodeQueryParameter(listServerRelativeUrl)}')/`;
+        }
+        this.GetRoleDefinitionId(args.options)
+            .then((roleDefinitionId) => {
+            args.options.roleDefinitionId = roleDefinitionId;
+            if (args.options.upn) {
+                this.GetUserPrincipalId(args.options)
+                    .then((userPrincipalId) => {
+                    args.options.principalId = userPrincipalId;
+                    this.AddRoleAssignment(requestUrl, logger, args.options, cb);
+                }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+            }
+            else if (args.options.groupName) {
+                this.GetGroupPrincipalId(args.options)
+                    .then((groupPrincipalId) => {
+                    args.options.principalId = groupPrincipalId;
+                    this.AddRoleAssignment(requestUrl, logger, args.options, cb);
+                }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+            }
+            else {
+                this.AddRoleAssignment(requestUrl, logger, args.options, cb);
+            }
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    AddRoleAssignment(requestUrl, logger, options, cb) {
+        const requestOptions = {
+            url: `${requestUrl}roleassignments/addroleassignment(principalid='${options.principalId}',roledefid='${options.roleDefinitionId}')`,
+            method: 'POST',
+            headers: {
+                'accept': 'application/json;odata=nometadata',
+                'content-type': 'application/json'
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .post(requestOptions)
+            .then(_ => cb(), (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    GetRoleDefinitionId(options) {
+        if (!options.roleDefinitionName) {
+            return Promise.resolve(options.roleDefinitionId);
+        }
+        const roleDefinitionListCommandOptions = {
+            webUrl: options.webUrl,
+            output: 'json',
+            debug: this.debug,
+            verbose: this.verbose
+        };
+        return cli_1.Cli.executeCommandWithOutput(SpoRoleDefinitionListCommand, { options: Object.assign(Object.assign({}, roleDefinitionListCommandOptions), { _: [] }) })
+            .then((output) => {
+            const getRoleDefinitionListOutput = JSON.parse(output.stdout);
+            const roleDefinitionId = getRoleDefinitionListOutput.find((role) => role.Name === options.roleDefinitionName).Id;
+            return Promise.resolve(roleDefinitionId);
+        }, (err) => {
+            return Promise.reject(err);
+        });
+    }
+    GetGroupPrincipalId(options) {
+        const groupGetCommandOptions = {
+            webUrl: options.webUrl,
+            name: options.groupName,
+            output: 'json',
+            debug: this.debug,
+            verbose: this.verbose
+        };
+        return cli_1.Cli.executeCommandWithOutput(SpoGroupGetCommand, { options: Object.assign(Object.assign({}, groupGetCommandOptions), { _: [] }) })
+            .then((output) => {
+            const getGroupOutput = JSON.parse(output.stdout);
+            return Promise.resolve(getGroupOutput.Id);
+        }, (err) => {
+            return Promise.reject(err);
+        });
+    }
+    GetUserPrincipalId(options) {
+        const userGetCommandOptions = {
+            webUrl: options.webUrl,
+            email: options.upn,
+            id: undefined,
+            output: 'json',
+            debug: this.debug,
+            verbose: this.verbose
+        };
+        return cli_1.Cli.executeCommandWithOutput(SpoUserGetCommand, { options: Object.assign(Object.assign({}, userGetCommandOptions), { _: [] }) })
+            .then((output) => {
+            const getUserOutput = JSON.parse(output.stdout);
+            return Promise.resolve(getUserOutput.Id);
+        }, (err) => {
+            return Promise.reject(err);
+        });
+    }
+}
+_SpoListRoleAssignmentAddCommand_instances = new WeakSet(), _SpoListRoleAssignmentAddCommand_initTelemetry = function _SpoListRoleAssignmentAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            listId: typeof args.options.listId !== 'undefined',
+            listTitle: typeof args.options.listTitle !== 'undefined',
+            listUrl: typeof args.options.listUrl !== 'undefined',
+            principalId: typeof args.options.principalId !== 'undefined',
+            upn: typeof args.options.upn !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined',
+            roleDefinitionId: typeof args.options.roleDefinitionId !== 'undefined',
+            roleDefinitionName: typeof args.options.roleDefinitionName !== 'undefined'
+        });
+    });
+}, _SpoListRoleAssignmentAddCommand_initOptions = function _SpoListRoleAssignmentAddCommand_initOptions() {
+    this.options.unshift({
+        option: '-u, --webUrl <webUrl>'
+    }, {
+        option: '-i, --listId [listId]'
+    }, {
+        option: '-t, --listTitle [listTitle]'
+    }, {
+        option: '--listUrl [listUrl]'
+    }, {
+        option: '--principalId [principalId]'
+    }, {
+        option: '--upn [upn]'
+    }, {
+        option: '--groupName [groupName]'
+    }, {
+        option: '--roleDefinitionId [roleDefinitionId]'
+    }, {
+        option: '--roleDefinitionName [roleDefinitionName]'
+    });
+}, _SpoListRoleAssignmentAddCommand_initValidators = function _SpoListRoleAssignmentAddCommand_initValidators() {
+    this.validators.push((args) => __awaiter(this, void 0, void 0, function* () {
+        const isValidSharePointUrl = utils_1.validation.isValidSharePointUrl(args.options.webUrl);
+        if (isValidSharePointUrl !== true) {
+            return isValidSharePointUrl;
+        }
+        if (args.options.listId && !utils_1.validation.isValidGuid(args.options.listId)) {
+            return `${args.options.listId} is not a valid GUID`;
+        }
+        if (args.options.principalId && isNaN(args.options.principalId)) {
+            return `Specified principalId ${args.options.principalId} is not a number`;
+        }
+        if (args.options.roleDefinitionId && isNaN(args.options.roleDefinitionId)) {
+            return `Specified roleDefinitionId ${args.options.roleDefinitionId} is not a number`;
+        }
+        const listOptions = [args.options.listId, args.options.listTitle, args.options.listUrl];
+        if (listOptions.some(item => item !== undefined) && listOptions.filter(item => item !== undefined).length > 1) {
+            return `Specify either list id or title or list url`;
+        }
+        const principalOptions = [args.options.principalId, args.options.upn, args.options.groupName];
+        if (principalOptions.some(item => item !== undefined) && principalOptions.filter(item => item !== undefined).length > 1) {
+            return `Specify either principalId id or upn or groupName`;
+        }
+        const roleDefinitionOptions = [args.options.roleDefinitionId, args.options.roleDefinitionName];
+        if (roleDefinitionOptions.some(item => item !== undefined) && roleDefinitionOptions.filter(item => item !== undefined).length > 1) {
+            return `Specify either roleDefinitionId id or roleDefinitionName`;
+        }
+        return true;
+    }));
+};
+module.exports = new SpoListRoleAssignmentAddCommand();
+//# sourceMappingURL=list-roleassignment-add.js.map

package/dist/m365/spo/commands/list/list-roleassignment-remove.js

@@ -0,0 +1,171 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _SpoListRoleAssignmentRemoveCommand_instances, _SpoListRoleAssignmentRemoveCommand_initTelemetry, _SpoListRoleAssignmentRemoveCommand_initOptions, _SpoListRoleAssignmentRemoveCommand_initValidators;
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
+const request_1 = require("../../../../request");
+const utils_1 = require("../../../../utils");
+const SpoCommand_1 = require("../../../base/SpoCommand");
+const commands_1 = require("../../commands");
+const SpoUserGetCommand = require("../user/user-get");
+const SpoGroupGetCommand = require("../group/group-get");
+class SpoListRoleAssignmentRemoveCommand extends SpoCommand_1.default {
+    constructor() {
+        super();
+        _SpoListRoleAssignmentRemoveCommand_instances.add(this);
+        __classPrivateFieldGet(this, _SpoListRoleAssignmentRemoveCommand_instances, "m", _SpoListRoleAssignmentRemoveCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _SpoListRoleAssignmentRemoveCommand_instances, "m", _SpoListRoleAssignmentRemoveCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _SpoListRoleAssignmentRemoveCommand_instances, "m", _SpoListRoleAssignmentRemoveCommand_initValidators).call(this);
+    }
+    get name() {
+        return commands_1.default.LIST_ROLEASSIGNMENT_REMOVE;
+    }
+    get description() {
+        return 'Removes a role assignment from list permissions';
+    }
+    commandAction(logger, args, cb) {
+        if (this.verbose) {
+            logger.logToStderr(`Removing role assignment frm list in site at ${args.options.webUrl}...`);
+        }
+        let requestUrl = `${args.options.webUrl}/_api/web/`;
+        if (args.options.listId) {
+            requestUrl += `lists(guid'${utils_1.formatting.encodeQueryParameter(args.options.listId)}')/`;
+        }
+        else if (args.options.listTitle) {
+            requestUrl += `lists/getByTitle('${utils_1.formatting.encodeQueryParameter(args.options.listTitle)}')/`;
+        }
+        else if (args.options.listUrl) {
+            const listServerRelativeUrl = utils_1.urlUtil.getServerRelativePath(args.options.webUrl, args.options.listUrl);
+            requestUrl += `GetList('${utils_1.formatting.encodeQueryParameter(listServerRelativeUrl)}')/`;
+        }
+        if (args.options.upn) {
+            this.GetUserPrincipalId(args.options)
+                .then((userPrincipalId) => {
+                args.options.principalId = userPrincipalId;
+                this.RemoveRoleAssignment(requestUrl, logger, args.options, cb);
+            }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+        }
+        else if (args.options.groupName) {
+            this.GetGroupPrincipalId(args.options)
+                .then((groupPrincipalId) => {
+                args.options.principalId = groupPrincipalId;
+                this.RemoveRoleAssignment(requestUrl, logger, args.options, cb);
+            }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+        }
+        else {
+            this.RemoveRoleAssignment(requestUrl, logger, args.options, cb);
+        }
+    }
+    RemoveRoleAssignment(requestUrl, logger, options, cb) {
+        const requestOptions = {
+            url: `${requestUrl}roleassignments/removeroleassignment(principalid='${options.principalId}')`,
+            method: 'POST',
+            headers: {
+                'accept': 'application/json;odata=nometadata',
+                'content-type': 'application/json'
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .post(requestOptions)
+            .then(_ => cb(), (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    GetGroupPrincipalId(options) {
+        const groupGetCommandOptions = {
+            webUrl: options.webUrl,
+            name: options.groupName,
+            output: 'json',
+            debug: this.debug,
+            verbose: this.verbose
+        };
+        return cli_1.Cli.executeCommandWithOutput(SpoGroupGetCommand, { options: Object.assign(Object.assign({}, groupGetCommandOptions), { _: [] }) })
+            .then((output) => {
+            const getGroupOutput = JSON.parse(output.stdout);
+            return Promise.resolve(getGroupOutput.Id);
+        }, (err) => {
+            return Promise.reject(err);
+        });
+    }
+    GetUserPrincipalId(options) {
+        const userGetCommandOptions = {
+            webUrl: options.webUrl,
+            email: options.upn,
+            id: undefined,
+            output: 'json',
+            debug: this.debug,
+            verbose: this.verbose
+        };
+        return cli_1.Cli.executeCommandWithOutput(SpoUserGetCommand, { options: Object.assign(Object.assign({}, userGetCommandOptions), { _: [] }) })
+            .then((output) => {
+            const getUserOutput = JSON.parse(output.stdout);
+            return Promise.resolve(getUserOutput.Id);
+        }, (err) => {
+            return Promise.reject(err);
+        });
+    }
+}
+_SpoListRoleAssignmentRemoveCommand_instances = new WeakSet(), _SpoListRoleAssignmentRemoveCommand_initTelemetry = function _SpoListRoleAssignmentRemoveCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            listId: typeof args.options.listId !== 'undefined',
+            listTitle: typeof args.options.listTitle !== 'undefined',
+            listUrl: typeof args.options.listUrl !== 'undefined',
+            principalId: typeof args.options.principalId !== 'undefined',
+            upn: typeof args.options.upn !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined'
+        });
+    });
+}, _SpoListRoleAssignmentRemoveCommand_initOptions = function _SpoListRoleAssignmentRemoveCommand_initOptions() {
+    this.options.unshift({
+        option: '-u, --webUrl <webUrl>'
+    }, {
+        option: '-i, --listId [listId]'
+    }, {
+        option: '-t, --listTitle [listTitle]'
+    }, {
+        option: '--listUrl [listUrl]'
+    }, {
+        option: '--principalId [principalId]'
+    }, {
+        option: '--upn [upn]'
+    }, {
+        option: '--groupName [groupName]'
+    });
+}, _SpoListRoleAssignmentRemoveCommand_initValidators = function _SpoListRoleAssignmentRemoveCommand_initValidators() {
+    this.validators.push((args) => __awaiter(this, void 0, void 0, function* () {
+        const isValidSharePointUrl = utils_1.validation.isValidSharePointUrl(args.options.webUrl);
+        if (isValidSharePointUrl !== true) {
+            return isValidSharePointUrl;
+        }
+        if (args.options.listId && !utils_1.validation.isValidGuid(args.options.listId)) {
+            return `${args.options.listId} is not a valid GUID`;
+        }
+        if (args.options.principalId && isNaN(args.options.principalId)) {
+            return `Specified principalId ${args.options.principalId} is not a number`;
+        }
+        const listOptions = [args.options.listId, args.options.listTitle, args.options.listUrl];
+        if (listOptions.some(item => item !== undefined) && listOptions.filter(item => item !== undefined).length > 1) {
+            return `Specify either list id or title or list url`;
+        }
+        const principalOptions = [args.options.principalId, args.options.upn, args.options.groupName];
+        if (principalOptions.some(item => item !== undefined) && principalOptions.filter(item => item !== undefined).length > 1) {
+            return `Specify either principalId id or upn or groupName`;
+        }
+        return true;
+    }));
+};
+module.exports = new SpoListRoleAssignmentRemoveCommand();
+//# sourceMappingURL=list-roleassignment-remove.js.map

package/dist/m365/spo/commands/web/web-roleinheritance-reset.js

@@ -0,0 +1,63 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _SpoWebRoleInheritanceResetCommand_instances, _SpoWebRoleInheritanceResetCommand_initOptions, _SpoWebRoleInheritanceResetCommand_initValidators;
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = require("../../../../request");
+const utils_1 = require("../../../../utils");
+const SpoCommand_1 = require("../../../base/SpoCommand");
+const commands_1 = require("../../commands");
+class SpoWebRoleInheritanceResetCommand extends SpoCommand_1.default {
+    constructor() {
+        super();
+        _SpoWebRoleInheritanceResetCommand_instances.add(this);
+        __classPrivateFieldGet(this, _SpoWebRoleInheritanceResetCommand_instances, "m", _SpoWebRoleInheritanceResetCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _SpoWebRoleInheritanceResetCommand_instances, "m", _SpoWebRoleInheritanceResetCommand_initValidators).call(this);
+    }
+    get name() {
+        return commands_1.default.WEB_ROLEINHERITANCE_RESET;
+    }
+    get description() {
+        return 'Restores role inheritance of subsite';
+    }
+    commandAction(logger, args, cb) {
+        if (this.verbose) {
+            logger.logToStderr(`Restore role inheritance of subsite at ${args.options.webUrl}...`);
+        }
+        const requestOptions = {
+            url: `${args.options.webUrl}/_api/web/resetroleinheritance`,
+            method: 'POST',
+            headers: {
+                'accept': 'application/json;odata=nometadata',
+                'content-type': 'application/json'
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .post(requestOptions)
+            .then(_ => cb(), (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+}
+_SpoWebRoleInheritanceResetCommand_instances = new WeakSet(), _SpoWebRoleInheritanceResetCommand_initOptions = function _SpoWebRoleInheritanceResetCommand_initOptions() {
+    this.options.unshift({
+        option: '-u, --webUrl <webUrl>'
+    });
+}, _SpoWebRoleInheritanceResetCommand_initValidators = function _SpoWebRoleInheritanceResetCommand_initValidators() {
+    this.validators.push((args) => __awaiter(this, void 0, void 0, function* () {
+        return utils_1.validation.isValidSharePointUrl(args.options.webUrl);
+    }));
+};
+module.exports = new SpoWebRoleInheritanceResetCommand();
+//# sourceMappingURL=web-roleinheritance-reset.js.map

package/dist/m365/spo/commands.js

@@ -101,6 +101,8 @@ exports.default = {
     LIST_LABEL_SET: `${prefix} list label set`,
     LIST_LIST: `${prefix} list list`,
     LIST_REMOVE: `${prefix} list remove`,
+    LIST_ROLEASSIGNMENT_REMOVE: `${prefix} list roleassignment remove`,
+    LIST_ROLEASSIGNMENT_ADD: `${prefix} list roleassignment add`,
     LIST_ROLEINHERITANCE_BREAK: `${prefix} list roleinheritance break`,
     LIST_ROLEINHERITANCE_RESET: `${prefix} list roleinheritance reset`,
     LIST_SET: `${prefix} list set`,
@@ -268,6 +270,7 @@ exports.default = {
     WEB_LIST: `${prefix} web list`,
     WEB_REINDEX: `${prefix} web reindex`,
     WEB_REMOVE: `${prefix} web remove`,
+    WEB_ROLEINHERITANCE_RESET: `${prefix} web roleinheritance reset`,
     WEB_SET: `${prefix} web set`
 };
 //# sourceMappingURL=commands.js.map

package/dist/m365/teams/commands/chat/chat-get.js

@@ -70,7 +70,7 @@ class TeamsChatGetCommand extends GraphCommand_1.default {
     }
     getChatIdByParticipants(participantsString) {
         return __awaiter(this, void 0, void 0, function* () {
-            const participants = chatUtil_1.chatUtil.convertParticipantStringToArray(participantsString);
+            const participants = participantsString.trim().toLowerCase().split(',').filter(e => e && e !== '');
             const currentUserEmail = accessToken_1.accessToken.getUserNameFromAccessToken(Auth_1.default.service.accessTokens[this.resource].accessToken).toLowerCase();
             const existingChats = yield chatUtil_1.chatUtil.findExistingChatsByParticipants([currentUserEmail, ...participants]);
             if (!existingChats || existingChats.length === 0) {
@@ -140,7 +140,7 @@ _TeamsChatGetCommand_instances = new WeakSet(), _TeamsChatGetCommand_initTelemet
             return `${args.options.id} is not a valid Teams ChatId.`;
         }
         if (args.options.participants) {
-            const participants = chatUtil_1.chatUtil.convertParticipantStringToArray(args.options.participants);
+            const participants = args.options.participants.trim().toLowerCase().split(',').filter(e => e && e !== '');
             if (!participants || participants.length === 0 || participants.some(e => !validation_1.validation.isValidUserPrincipalName(e))) {
                 return `${args.options.participants} contains one or more invalid email addresses.`;
             }

package/dist/m365/teams/commands/chat/chat-message-send.js

@@ -56,7 +56,7 @@ class TeamsChatMessageSendCommand extends GraphCommand_1.default {
     }
     ensureChatIdByUserEmails(userEmailsOption) {
         return __awaiter(this, void 0, void 0, function* () {
-            const userEmails = chatUtil_1.chatUtil.convertParticipantStringToArray(userEmailsOption);
+            const userEmails = userEmailsOption.trim().toLowerCase().split(',').filter(e => e && e !== '');
             const currentUserEmail = utils_1.accessToken.getUserNameFromAccessToken(Auth_1.default.service.accessTokens[this.resource].accessToken).toLowerCase();
             const existingChats = yield chatUtil_1.chatUtil.findExistingChatsByParticipants([currentUserEmail, ...userEmails]);
             if (!existingChats || existingChats.length === 0) {
@@ -185,7 +185,7 @@ _TeamsChatMessageSendCommand_instances = new WeakSet(), _TeamsChatMessageSendCom
             return `${args.options.chatId} is not a valid Teams ChatId.`;
         }
         if (args.options.userEmails) {
-            const userEmails = chatUtil_1.chatUtil.convertParticipantStringToArray(args.options.userEmails);
+            const userEmails = args.options.userEmails.trim().toLowerCase().split(',').filter(e => e && e !== '');
             if (!userEmails || userEmails.length === 0 || userEmails.some(e => !utils_1.validation.isValidUserPrincipalName(e))) {
                 return `${args.options.userEmails} contains one or more invalid email addresses.`;
             }

package/dist/m365/teams/commands/chat/chatUtil.js

@@ -45,18 +45,6 @@ exports.chatUtil = {
             const endpoint = `https://graph.microsoft.com/v1.0/chats?$filter=topic eq '${encodeURIComponent(name).replace("'", "''")}'&$expand=members&$select=id,topic,createdDateTime,chatType`;
             return odata_1.odata.getAllItems(endpoint);
         });
-    },
-    /**
-     * Converts a comma or space separated string into an array.
-     * @param value the string to convert
-     */
-    convertParticipantStringToArray(value) {
-        if (value.indexOf(',') === -1) {
-            return value.trim().toLowerCase().split(' ').filter(e => e && e !== '');
-        }
-        else {
-            return value.trim().toLowerCase().split(',').filter(e => e && e !== '');
-        }
     }
 };
 //# sourceMappingURL=chatUtil.js.map

package/docs/docs/cmd/aad/app/app-add.md

@@ -58,6 +58,9 @@ m365 aad app add [options]
 `--certificateDisplayName [certificateDisplayName]`
 : Display name for the certificate. If not given, the displayName will be set to the certificate subject. When specified, also specify either `certificateFile` or `certificateBase64Encoded`
 
+`--grantAdminConsent`
+: When specified, grants application & delegated permissions through admin consent
+
 `--manifest [manifest]`
 : Azure AD app manifest as retrieved from the Azure Portal to create the app registration from
 
@@ -94,6 +97,8 @@ After creating the Azure AD app registration, this command returns the app ID an
 
 If you want to store the information about the created Azure AD app registration, use the `--save` option. This is useful when you build solutions connected to Microsoft 365 and want to easily manage app registrations used with your solution. When you use the `--save` option, after you create the app registration, the command will write its ID and name to the `.m365rc.json` file in the current directory. If the file already exists, it will add the information about the to it, allowing you to track multiple apps. If the file doesn't exist, the command will create it.
 
+When specifying `--grantAdminConsent` option, a service principal will be created for the app registration.
+
 ## Examples
 
 Create new Azure AD app registration with the specified name
@@ -156,6 +161,12 @@ Create new Azure AD app registration with Application ID URI set to a value that
 m365 aad app add --name 'My AAD app' --uri api://caf406b91cd4.ngrok.io/_appId_ --scopeName access_as_user --scopeAdminConsentDescription 'Access as a user' --scopeAdminConsentDisplayName 'Access as a user' --scopeConsentBy adminsAndUsers
 ```
 
+Create new Azure AD app registration for a deamon app with specified Microsoft Graph application permissions, including admin consent
+
+```sh
+ m365 aad app add --name 'My AAD app' --apisApplication 'https://graph.microsoft.com/Group.ReadWrite.All' --grantAdminConsent
+```
+
 Create new Azure AD app registration with the specified name. Store information about the created app registration in the _.m365rc.json_ file in the current directory.
 
 ```sh

package/docs/docs/cmd/spo/list/list-roleassignment-add.md

@@ -0,0 +1,78 @@
+# spo list roleassignment add
+
+Adds a role assignment to list permissions
+
+## Usage
+
+```sh
+m365 spo list roleassignment add [options]
+```
+
+## Options
+
+`-u, --webUrl <webUrl>`
+: URL of the site where the list is located
+
+`-i, --listId [listId]`
+: ID of the list. Specify either listId, listTitle or listUrl but not multiple.
+
+`-t, --listTitle [listTitle]`
+: Title of the list. Specify either listId, listTitle or listUrl but not multiple.
+
+`--listUrl [listUrl]`
+: Relative URL of the list. Specify either listId, listTitle or listUrl but not multiple.
+
+`--principalId [principalId]`
+: SharePoint ID of principal it may be either user id or group id we want to add permissions to. Specify principalId only when upn or groupName are not used.
+
+`--upn [upn]`
+: Upn/email of user to assign role to. Specify either upn or princpialId
+
+`--groupName [groupName]`
+: Enter group name of Azure AD or SharePoint group.. Specify either groupName or princpialId
+
+`--roleDefinitionId [roleDefinitionId]`
+: ID of role definition. Specify either roleDefinitionId or roleDefinitionName but not both
+
+`--roleDefinitionName [roleDefinitionName]`
+: Enter the name of a role definition, like 'Contribute', 'Read', etc. Specify either roleDefinitionId or roleDefinitionName but not both
+
+--8<-- "docs/cmd/_global.md"
+
+## Examples
+
+add role assignment to list _someList_ located in site _https://contoso.sharepoint.com/sites/project-x_for principal id _11_ and role definition id _1073741829_
+
+```sh
+m365 spo list roleassignment add --webUrl "https://contoso.sharepoint.com/sites/project-x" --listTitle "someList" --principalId 11 --roleDefinitionId 1073741829
+```
+
+add role assignment to list _0CD891EF-AFCE-4E55-B836-FCE03286CCCF_ located in site _https://contoso.sharepoint.com/sites/project-x_for principal id _11_ and role definition id _1073741829_
+
+```sh
+m365 spo list roleassignment add --webUrl "https://contoso.sharepoint.com/sites/project-x" --listId "0CD891EF-AFCE-4E55-B836-FCE03286CCCF" --principalId 11 --roleDefinitionId 1073741829
+```
+
+add role assignment to list _sites/documents_ located in site _https://contoso.sharepoint.com/sites/project-x_for principal id _11_ and role definition id _1073741829_
+
+```sh
+m365 spo list roleassignment add --webUrl "https://contoso.sharepoint.com/sites/project-x" --listUrl "sites/documents" --principalId 11 --roleDefinitionId 1073741829
+```
+
+add role assignment to list _someList_ located in site _https://contoso.sharepoint.com/sites/project-x_for upn _someaccount@tenant.onmicrosoft.com_ and role definition id _1073741829_
+
+```sh
+m365 spo list roleassignment add --webUrl "https://contoso.sharepoint.com/sites/project-x" --listTitle "someList" --upn "someaccount@tenant.onmicrosoft.com" --roleDefinitionId 1073741829
+```
+
+add role assignment to list _someList_ located in site _https://contoso.sharepoint.com/sites/project-x_for group _someGroup_ and role definition id _1073741829_
+
+```sh
+m365 spo list roleassignment add --webUrl "https://contoso.sharepoint.com/sites/project-x" --listTitle "someList" --groupName "someGroup" --roleDefinitionId 1073741829
+```
+
+add role assignment to list _someList_ located in site _https://contoso.sharepoint.com/sites/project-x_for principal id _11_ and role definition name _Full Control_
+
+```sh
+m365 spo list roleassignment add --webUrl "https://contoso.sharepoint.com/sites/project-x" --listTitle "someList" --principalId 11 --roleDefinitionName "Full Control"
+```

package/docs/docs/cmd/spo/list/list-roleassignment-remove.md

@@ -0,0 +1,54 @@
+# spo list roleassignment remove
+
+Removes a role assignment from list permissions
+
+## Usage
+
+```sh
+m365 spo list roleassignment remove [options]
+```
+
+## Options
+
+`-u, --webUrl <webUrl>`
+: URL of the site where the list is located
+
+`-i, --listId [listId]`
+: ID of the list. Specify either listId, listTitle or listUrl but not multiple.
+
+`-t, --listTitle [listTitle]`
+: Title of the list. Specify either listId, listTitle or listUrl but not multiple.
+
+`--listUrl [listUrl]`
+: Relative URL of the list. Specify either listId, listTitle or listUrl but not multiple.
+
+`--principalId [principalId]`
+: SharePoint ID of principal it may be either user id or group id we want to remove permissions Specify principalId only when upn or groupName are not used.
+
+`--upn [upn]`
+: upn/email of user. Specify either upn or princpialId.
+
+`--groupName [groupName]`
+: enter group name of Azure AD or SharePoint group. Specify either groupName or princpialId.
+
+--8<-- "docs/cmd/_global.md"
+
+## Examples
+
+Remove roleassignment from list by title based on group name
+
+```sh
+m365 spo list roleassignment remove --webUrl "https://contoso.sharepoint.com/sites/contoso-sales" --listTitle "someList" --groupName "saleGroup"
+```
+
+Remove roleassignment from list by title based on principal Id
+
+```sh
+m365 spo list roleassignment remove --webUrl "https://contoso.sharepoint.com/sites/contoso-sales" --listTitle "Events" --principalId 2
+```
+
+Remove roleassignment from list by url based on principal Id
+
+```sh
+m365 spo list roleassignment remove --webUrl "https://contoso.sharepoint.com/sites/contoso-sales" --listUrl '/sites/contoso-sales/lists/Events' --principalId 2
+```

package/docs/docs/cmd/spo/web/web-roleinheritance-reset.md

@@ -0,0 +1,24 @@
+# spo web roleinheritance reset
+
+Restores role inheritance of subsite.
+
+## Usage
+
+```sh
+m365 spo web roleinheritance reset [options]
+```
+
+## Options
+
+`-u, --webUrl <webUrl>`
+: URL of the site
+
+--8<-- "docs/cmd/_global.md"
+
+## Examples
+
+Restore role inheritance of subsite _https://contoso.sharepoint.com/sites/project-x_
+
+```sh
+m365 spo web roleinheritance reset --webUrl https://contoso.sharepoint.com/sites/project-x
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "5.7.0-beta.6df5c92",
+  "version": "5.7.0-beta.9e8cf99",
   "description": "Manage Microsoft 365 and SharePoint Framework projects on any platform",
   "license": "MIT",
   "main": "./dist/api.js",