Get-AADExportRequiredScopes.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
<#
.Synopsis Gets the required scopes for schema .Description Gets the require scopes for schema .Example Get-AADExportRequiredScopes #> function Get-AADExportRequiredScopes { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateSet('Delegated','Application')] [string]$PermissionType, [Parameter(Mandatory = $false)] [object]$ExportSchema ) if (!$ExportSchema) { $ExportSchema = Get-AADExportDefaultSchema } $scopeProperty = "DelegatedPermission" if ($PermissionType -eq "Application") { $scopeProperty = "ApplicationPermission" } $scopes = @() foreach($entry in $ExportSchema) { $entryScopes = Get-ObjectProperty $entry $scopeProperty $command = Get-ObjectProperty $entry 'Command' $graphUri = Get-ObjectProperty $entry 'GraphUri' $entryType = "graphuri" $tocall = $graphUri if ($command) { $entryType = "command" $tocall = $command } if (!$entryScopes) { write-warning "call to $entryType '$tocall' doesn't provide $PermissionType permissions" } foreach ($entryScope in $entryScopes) { if ($entryScope -notin $scopes) { $scopes += $entryScope } } if ($entry.ContainsKey('Children')) { $childScopes = Get-AADExportRequiredScopes -PermissionType $PermissionType -ExportSchema $entry.Children foreach ($entryScope in $childScopes) { if ($entryScope -notin $scopes) { $scopes += $entryScope } } } } $scopes | sort-object } |