@pnp/cli-microsoft365 7.5.0 → 7.6.0-beta.443bfd8

package/dist/m365/spo/commands/user/user-remove.js

@@ -5,11 +5,14 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
 };
 var _SpoUserRemoveCommand_instances, _SpoUserRemoveCommand_initTelemetry, _SpoUserRemoveCommand_initOptions, _SpoUserRemoveCommand_initValidators, _SpoUserRemoveCommand_initOptionSets;
 import { cli } from '../../../../cli/cli.js';
+import { spo } from '../../../../utils/spo.js';
 import request from '../../../../request.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
 import { formatting } from '../../../../utils/formatting.js';
 import { validation } from '../../../../utils/validation.js';
 import SpoCommand from '../../../base/SpoCommand.js';
 import commands from '../../commands.js';
+;
 class SpoUserRemoveCommand extends SpoCommand {
     get name() {
         return commands.USER_REMOVE;
@@ -40,13 +43,58 @@ class SpoUserRemoveCommand extends SpoCommand {
         if (this.verbose) {
             await logger.logToStderr(`Removing user from  subsite ${options.webUrl} ...`);
         }
-        let requestUrl = `${encodeURI(options.webUrl)}/_api/web/siteusers/`;
-        if (options.id) {
-            requestUrl += `removebyid(${options.id})`;
+        try {
+            let requestUrl = `${encodeURI(options.webUrl)}/_api/web/siteusers/`;
+            if (options.id) {
+                requestUrl += `removebyid(${options.id})`;
+            }
+            else if (options.loginName) {
+                requestUrl += `removeByLoginName('${formatting.encodeQueryParameter(options.loginName)}')`;
+            }
+            else if (options.email) {
+                const user = await spo.getUserByEmail(options.webUrl, options.email, logger, this.verbose);
+                requestUrl += `removebyid(${user.Id})`;
+            }
+            else if (options.userName) {
+                const user = await this.getUser(options);
+                if (!user) {
+                    throw new Error(`User not found: ${options.userName}`);
+                }
+                if (this.verbose) {
+                    await logger.logToStderr(`Removing user ${user.Title} ...`);
+                }
+                requestUrl += `removebyid(${user.Id})`;
+            }
+            else if (options.entraGroupId || options.entraGroupName) {
+                const entraGroup = await this.getEntraGroup(options);
+                if (this.verbose) {
+                    await logger.logToStderr(`Removing entra group ${entraGroup?.displayName} ...`);
+                }
+                //for entra groups, M365 groups have an associated email and security groups don't
+                if (entraGroup?.mail) {
+                    //M365 group is prefixed with c:0o.c|federateddirectoryclaimprovider
+                    requestUrl += `removeByLoginName('c:0o.c|federateddirectoryclaimprovider|${entraGroup.id}')`;
+                }
+                else {
+                    //security group is prefixed with c:0t.c|tenant
+                    requestUrl += `removeByLoginName('c:0t.c|tenant|${entraGroup?.id}')`;
+                }
+            }
+            const requestOptions = {
+                url: requestUrl,
+                headers: {
+                    accept: 'application/json;odata=nometadata'
+                },
+                responseType: 'json'
+            };
+            await request.post(requestOptions);
         }
-        else if (options.loginName) {
-            requestUrl += `removeByLoginName('${formatting.encodeQueryParameter(options.loginName)}')`;
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
         }
+    }
+    async getUser(options) {
+        const requestUrl = `${options.webUrl}/_api/web/siteusers?$filter=UserPrincipalName eq ('${formatting.encodeQueryParameter(options.userName)}')`;
         const requestOptions = {
             url: requestUrl,
             headers: {
@@ -54,20 +102,23 @@ class SpoUserRemoveCommand extends SpoCommand {
             },
             responseType: 'json'
         };
-        try {
-            await request.post(requestOptions);
-        }
-        catch (err) {
-            this.handleRejectedODataJsonPromise(err);
-        }
+        const userInstance = await request.get(requestOptions);
+        return userInstance.value[0];
+    }
+    async getEntraGroup(options) {
+        return options.entraGroupId ? await entraGroup.getGroupById(options.entraGroupId) : await entraGroup.getGroupByDisplayName(options.entraGroupName);
     }
 }
 _SpoUserRemoveCommand_instances = new WeakSet(), _SpoUserRemoveCommand_initTelemetry = function _SpoUserRemoveCommand_initTelemetry() {
     this.telemetry.push((args) => {
         Object.assign(this.telemetryProperties, {
-            id: (!(!args.options.id)).toString(),
-            loginName: (!(!args.options.loginName)).toString(),
-            force: (!(!args.options.force)).toString()
+            id: typeof args.options.id !== 'undefined',
+            loginName: typeof args.options.loginName !== 'undefined',
+            email: typeof args.options.email !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined',
+            entraGroupId: typeof args.options.entraGroupId !== 'undefined',
+            entraGroupName: typeof args.options.entraGroupName !== 'undefined',
+            force: !!args.options.force
         });
     });
 }, _SpoUserRemoveCommand_initOptions = function _SpoUserRemoveCommand_initOptions() {
@@ -77,15 +128,41 @@ _SpoUserRemoveCommand_instances = new WeakSet(), _SpoUserRemoveCommand_initTelem
         option: '-i, --id [id]'
     }, {
         option: '--loginName [loginName]'
+    }, {
+        option: '--email [email]'
+    }, {
+        option: '--userName [userName]'
+    }, {
+        option: '--entraGroupId [entraGroupId]'
+    }, {
+        option: '--entraGroupName [entraGroupName]'
     }, {
         option: '-f, --force'
     });
 }, _SpoUserRemoveCommand_initValidators = function _SpoUserRemoveCommand_initValidators() {
     this.validators.push(async (args) => {
-        return validation.isValidSharePointUrl(args.options.webUrl);
+        const isValidSharePointUrl = validation.isValidSharePointUrl(args.options.webUrl);
+        if (isValidSharePointUrl !== true) {
+            return isValidSharePointUrl;
+        }
+        if (args.options.id && isNaN(parseInt(args.options.id))) {
+            return `Specified id ${args.options.id} is not a number`;
+        }
+        if (args.options.entraGroupId && !validation.isValidGuid(args.options.entraGroupId)) {
+            return `${args.options.entraId} is not a valid GUID.`;
+        }
+        if (args.options.userName && !validation.isValidUserPrincipalName(args.options.userName)) {
+            return `${args.options.userName} is not a valid userName.`;
+        }
+        if (args.options.email && !validation.isValidUserPrincipalName(args.options.email)) {
+            return `${args.options.email} is not a valid email.`;
+        }
+        return true;
     });
 }, _SpoUserRemoveCommand_initOptionSets = function _SpoUserRemoveCommand_initOptionSets() {
-    this.optionSets.push({ options: ['id', 'loginName'] });
+    this.optionSets.push({
+        options: ['id', 'loginName', 'email', 'userName', 'entraGroupId', 'entraGroupName']
+    });
 };
 export default new SpoUserRemoveCommand();
 //# sourceMappingURL=user-remove.js.map

package/docs/docs/cmd/purview/threatassessment/threatassessment-add.mdx

@@ -0,0 +1,131 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# purview threatassessment add
+
+Create a threat assessment
+
+## Usage
+
+```sh
+m365 purview threatassessment add [options]
+```
+
+## Options
+
+```md definition-list
+`-t, --type <type>`
+: The type of threat assessment to retrieve. Supports `file` and `url`.
+
+`-e, --expectedAssessment <expectedAssessment>`
+: The expected assessment from submitter. Possible values are: `block` and `unblock`.
+
+`-c, --category <category>`
+: The threat category. Possible values are: `spam`, `phishing`, `malware`.
+
+`-p, --path [path]`
+: Local path to the file to upload. Can only be used for threat assessment with type `file`.
+
+`-u, --url [url]`
+: The URL string. Can only be used for threat assessment with type `url`.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+    This command currently only supports delegated permissions.
+
+:::
+
+## Examples
+
+Create a file threat assessment
+
+```sh
+m365 purview threatassessment add --type file --expectedAssessment block --category malware --fileName 'test.txt' --path 'C:\Path\To\File.txt'
+```
+
+Create a url threat assessment
+
+```sh
+m365 purview threatassessment add --type url --expectedAssessment block --category phishing --url 'http://contoso.com'
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+    {
+      "id": "b0e69f1c-adda-4df2-2906-08dc2caa6b3f",
+      "createdDateTime": "2024-02-13T15:42:43.5131654Z",
+      "contentType": "file",
+      "expectedAssessment": "block",
+      "category": "malware",
+      "status": "pending",
+      "requestSource": "administrator",
+      "fileName": "test.txt",
+      "contentData": "dGVzdC50eHQ=",
+      "createdBy": {
+        "user": {
+          "id": "fe36f75e-c103-410b-a18a-2bf6df06ac3a",
+          "displayName": "John Doe"
+        }
+      }
+    }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  category          : malware
+  contentData       : dGVzdC50eHQ=
+  contentType       : file
+  createdBy         : {"user":{"id":"fe36f75e-c103-410b-a18a-2bf6df06ac3a","displayName":"John Doe"}}
+  createdDateTime   : 2024-02-13T16:15:00.4125206Z
+  expectedAssessment: block
+  fileName          : test.txt
+  id                : be1223c4-4e92-4a4c-8c16-08dc2caeedba
+  requestSource     : administrator
+  status            : pending
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,createdDateTime,contentType,expectedAssessment,category,status,requestSource,fileName,contentData
+  d31eb5f5-ecd5-4a8e-fb2a-08dc2caf00a8,2024-02-13T16:15:32.1741098Z,file,block,malware,pending,administrator,test.txt,dGVzdC50eHQ=
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # purview threatassessment add --type "file" --expectedAssessment "block" --category "malware" --path "C:\temp\test.txt"
+
+  Date: 13/02/2024
+
+  ## e3524baf-6ea6-4fab-68af-08dc2caf0ae3
+
+  Property | Value
+  ---------|-------
+  id | e3524baf-6ea6-4fab-68af-08dc2caf0ae3
+  createdDateTime | 2024-02-13T16:15:49.3342383Z
+  contentType | file
+  expectedAssessment | block
+  category | malware
+  status | pending
+  requestSource | administrator
+  fileName | test.txt
+  contentData | dGVzdC50eHQ=
+  ```
+
+  </TabItem>
+</Tabs>

package/docs/docs/cmd/purview/threatassessment/threatassessment-list.mdx

@@ -0,0 +1,110 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# purview threatassessment list
+
+Get a list of threat assessments
+
+## Usage
+
+```sh
+m365 purview threatassessment list [options]
+```
+
+## Options
+
+```md definition-list
+`-t, --type [type]`
+: The type of threat assessment to retrieve. Allowed values are `mail`, `file`, `emailFile` and `url`.
+```
+
+<Global />
+
+## Examples
+
+Get a list of threat assessments
+
+```sh
+m365 purview threatassessment list
+```
+
+Get a list of threat assessments of type _mail_
+
+```sh
+m365 purview threatassessment list --type mail
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  [
+    {
+      "type": "mail",
+      "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",
+      "createdDateTime": "2019-11-27T03:30:18.6890937Z",
+      "contentType": "mail",
+      "expectedAssessment": "block",
+      "category": "spam",
+      "status": "pending",
+      "requestSource": "administrator",
+      "recipientEmail": "john@contoso.onmicrosoft.com",
+      "destinationRoutingReason": "notJunk",
+      "messageUri": "https://graph.microsoft.com/v1.0/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt=",
+      "createdBy": {
+        "user": {
+          "id": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",
+          "displayName": "John Doe"
+        }
+      }
+    }
+  ];
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  id                                    type  category
+  ------------------------------------  -----------  --------
+  49c5ef5b-1f65-444a-e6b9-08d772ea2059  mail         spam
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,type,category
+  49c5ef5b-1f65-444a-e6b9-08d772ea2059,mail,spam
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # purview threatassessment list
+
+  Date: 16/2/2023
+
+  ## a47e428c-a7bd-4cf2-f061-08db0f58b736
+
+  Property | Value
+  ---------|-------
+  type | mail
+  id | 49c5ef5b-1f65-444a-e6b9-08d772ea2059
+  createdDateTime | 2019-11-27T03:30:18.6890937Z
+  contentType | mail
+  expectedAssessment | block
+  category | spam
+  status | pending
+  recipientEmail | john@contoso.onmicrosoft.com
+  destinationRoutingReason | notJunk
+  messageUri | https://graph.microsoft.com/v1.0/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt=
+  createdBy | {"user":{"id":"c52ce8db-3e4b-4181-93c4-7d6b6bffaf60","displayName":"John Doe"}}
+  ```
+
+  </TabItem>
+</Tabs>

package/docs/docs/cmd/spfx/project/project-azuredevops-pipeline-add.mdx

@@ -0,0 +1,87 @@
+import Global from '/docs/cmd/_global.mdx';
+
+# spfx project azuredevops pipeline add
+
+Adds a Azure DevOps Pipeline for a SharePoint Framework project
+
+## Usage
+
+```sh
+m365 spfx project azuredevops pipeline add [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --name [name]`
+: Name of the pipeline run that will be created. If none is specified a default name generated by Azure DevOps will be used
+
+`-b, --branchName [branchName]`
+: Specify the branch name which should trigger the workflow on push. If none is specified a default will be used which is 'main'
+
+`-l, --loginMethod [loginMethod]`
+: Specify the login method used for the login action. Possible options are: `user`, `application`. Default `application`
+
+`-s, --scope [scope]`
+: Scope of the app catalog: `tenant`, `sitecollection`. Default is `tenant`
+
+`-u, --siteUrl [siteUrl]`
+: The URL of the site collection where the solution package will be added. Required if scope is set to `sitecollection`
+
+`--skipFeatureDeployment`
+: When specified the app will be added to all sites. When deployed to the site app catalog it will be added to all sub-sites of that site.
+```
+
+<Global />
+
+## Remarks
+
+The `spfx project azuredevops pipeline add` will create a workflow .yml file in the `.azuredevops/pipelines` directory in your project. If such directory does not exist the command will automatically create it.
+
+The command will not create the Azure DevOps pipeline. You will need to manually create it in Azure DevOps. The command will only create the workflow file which you can then push to your repo and create a new yaml pipline based on it.
+
+For the `application` login method the command does not register an Entra application nor does it create the required certificate. In order to proceed, obtain (create) a self-signed certificate and register a new Entra application with certificate authentication. After that you will need to fill the following variables, or what is more preferable, create a dedicated variable group to store those properties:
+
+- `CertificateBase64Encoded` - base 64 encoded certificate. Use either `CertificateBase64Encoded` or `CertificateSecureFileId` but not both
+- `CertificateSecureFileId` - id of a certificate file in the secure files section of the DevOps library. `.pfx` file. Use either `CertificateBase64Encoded` or `CertificateSecureFileId` but not both
+- `CertificatePassword` - certificate password. This applies only if the certificate is encoded which is the recommended approach
+- `EntraAppId` - client id of the registered Entra application
+
+This use case is perfect in a production context as it does not create any dependencies on an account
+
+For the `user` login method you will need to fill the following variables, or what is more preferable, create a dedicated variable group to store those properties:
+
+- `UserName` - user email
+- `Password` - password
+
+This method is perfect to test your workflow, in a dev context, for personal usage. It will not work for accounts with MFA.
+
+:::info
+
+Run this command in the SPFx solution folder.
+
+:::
+    
+## Examples
+
+Adds an Azure DevOps Pipeline for a SharePoint Framework project triggered on push to main
+
+```sh
+m365 spfx project azuredevops pipeline add
+```
+
+Adds an Azure DevOps Pipeline for a SharePoint Framework project with `user` login method triggered on push to main
+
+```sh
+m365 spfx project azuredevops pipeline add --loginMethod "user"
+```
+
+Adds an Azure DevOps Pipeline for a SharePoint Framework project with deployment to a site collection app catalog
+
+```sh
+m365 spfx project azuredevops pipeline add --scope "sitecollection" --siteUrl "https://some.sharepoint.com/sites/someSite"
+```
+
+## Response
+
+The command won't return a response on success.

package/docs/docs/cmd/spo/user/user-remove.mdx

@@ -14,13 +14,25 @@ m365 spo user remove [options]
 
 ```md definition-list
 `-u, --webUrl <webUrl>`
-: URL of the web to remove user
+: URL of the web to remove user.
 
 `--id [id]`
-: ID of the user to remove from web
+: ID of the user to remove from web. Use either `id` or `loginName` or `email`, `userName`, `entraGroupId`, or `entraGroupName`, but not all.
 
 `--loginName [loginName]`
-: Login name of the site user to remove
+: Login name of the user to remove from web. Use either `id` or `loginName` or `email`, `userName`, `entraGroupId`, or `entraGroupName`, but not all.
+
+`--userName [userName]`
+: User name of the user to remove from web. Use either `id` or `loginName` or `email`, `userName`, `entraGroupId`, or `entraGroupName`, but not all.
+
+`--email [email]`
+: Email of the user to remove from web. Use either `id` or `loginName` or `email`, `userName`, `entraGroupId`, or `entraGroupName`, but not all.
+
+`--entraGroupId [entraGroupId]`
+: Object ID of the Entra group ID to remove. Use either `id` or `loginName` or `email`, `userName`, `entraGroupId`, or `entraGroupName`, but not all.
+
+`--entraGroupName [entraGroupName]`
+: Name of the Entra group to remove. Use either `id` or `loginName` or `email`, `userName`, `entraGroupId`, or `entraGroupName`, but not all.
 
 `-f, --force`
 : Do not prompt for confirmation before removing user from web
@@ -28,24 +40,43 @@ m365 spo user remove [options]
 
 <Global />
 
-## Remarks
-
-Use either `id` or `loginName`, but not both
-
 ## Examples
 
-Removes user with id _10_ from a web without prompting for confirmation
+Removes user by id from a web without prompting for confirmation
 
 ```sh
 m365 spo user remove --webUrl "https://contoso.sharepoint.com/sites/HR" --id 10 --force
 ```
 
-Removes user with login name _i:0#.f|membership|john.doe@mytenant.onmicrosoft.com_ from a web
+Removes user by loginName from a web
 
 ```sh
 m365 spo user remove --webUrl "https://contoso.sharepoint.com/sites/HR" --loginName "i:0#.f|membership|john.doe@mytenant.onmicrosoft.com"
 ```
 
+Removes user by userName from a web
+
+```sh
+m365 spo user remove --webUrl "https://contoso.sharepoint.com/sites/HR" --userName "john.doe_hotmail.com#ext#@mytenant.onmicrosoft.com"
+```
+
+Removes user by email from a web
+
+```sh
+m365 spo user remove --webUrl "https://contoso.sharepoint.com/sites/HR" --email "john.doe@mytenant.onmicrosoft.com"
+```
+
+Removes user by entraGroupId from a web
+
+```sh
+m365 spo user remove --webUrl "https://contoso.sharepoint.com/sites/HR" --entraGroupId f832a493-de73-4fef-87ed-8c6fffd91be6
+```
+
+Removes user by entraGroupName from a web
+
+```sh
+m365 spo user remove --webUrl _https://contoso.sharepoint.com/sites/HR_ --entraGroupName "Test Members"
+```
 ## Response
 
 The command won't return a response on success.

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "7.5.0",
+  "version": "7.6.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@pnp/cli-microsoft365",
-      "version": "7.5.0",
+      "version": "7.6.0",
       "license": "MIT",
       "dependencies": {
         "@azure/msal-common": "^14.7.0",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "7.5.0",
+  "version": "7.6.0-beta.443bfd8",
   "description": "Manage Microsoft 365 and SharePoint Framework projects on any platform",
   "license": "MIT",
   "main": "./dist/api.js",
@@ -302,4 +302,4 @@
     "sinon": "^17.0.0",
     "source-map-support": "^0.5.21"
   }
-}
+}