Add warning to Get-PnPFlow command about required permissions (#4474)

NishkalankBezawada · gautamdsheth · web-flow · commit 65f61bb50f57 · 2024-10-28T20:53:29.000+02:00
* Add warning to Get-PnPFlow command about required permissions

* Added requiredApiDelegatedPermissions

---------

Co-authored-by: Gautam Sheth &lt;gautamdsheth@outlook.com&gt;
diff --git a/documentation/Get-PnPFlow.md b/documentation/Get-PnPFlow.md
@@ -14,6 +14,10 @@ title: Get-PnPFlow
 **Required Permissions**
 
 * Azure: management.azure.com
+* Azure Service Management : user_impersonation
+* Dynamics CRM : user_impersonation
+* PowerApps Service : User
+* Link to Required permissions reference : https://pnp.github.io/powershell/articles/determinepermissions.html#help-i-cant-figure-out-which-permissions-i-need
 
 Returns Power Automate Flows
 
diff --git a/src/Commands/PowerPlatform/PowerAutomate/GetFlow.cs b/src/Commands/PowerPlatform/PowerAutomate/GetFlow.cs
@@ -4,10 +4,14 @@
 using System.Management.Automation;
 using PnP.PowerShell.Commands.Enums;
 using PnP.PowerShell.Commands.Utilities;
+using PnP.PowerShell.Commands.Attributes;
+using System;
 
 namespace PnP.PowerShell.Commands.PowerPlatform.PowerAutomate
 {
     [Cmdlet(VerbsCommon.Get, "PnPFlow", DefaultParameterSetName = ParameterSet_ALL)]
+    [ApiNotAvailableUnderApplicationPermissions]
+    [RequiredApiDelegatedPermissions("azure/user_impersonation")]
     public class GetFlow : PnPAzureManagementApiCmdlet
     {
         private const string ParameterSet_BYIDENTITY = "By Identity";
@@ -29,43 +33,50 @@ public class GetFlow : PnPAzureManagementApiCmdlet
 
         protected override void ExecuteCmdlet()
         {
-            var environmentName = ParameterSpecified(nameof(Environment)) ? Environment.GetName() : PowerPlatformUtility.GetDefaultEnvironment(this, Connection, Connection.AzureEnvironment, AccessToken)?.Name;
-            string baseUrl = PowerPlatformUtility.GetPowerAutomateEndpoint(Connection.AzureEnvironment);
-
-            if (ParameterSpecified(nameof(Identity)))
+            try
             {
-                var flowName = Identity.GetName();
-
-                WriteVerbose($"Retrieving specific Power Automate Flow with the provided name '{flowName}' within the environment '{environmentName}'");
+                var environmentName = ParameterSpecified(nameof(Environment)) ? Environment.GetName() : PowerPlatformUtility.GetDefaultEnvironment(this, Connection, Connection.AzureEnvironment, AccessToken)?.Name;
+                string baseUrl = PowerPlatformUtility.GetPowerAutomateEndpoint(Connection.AzureEnvironment);
 
-                var result = GraphHelper.Get<Model.PowerPlatform.PowerAutomate.Flow>(this, Connection, baseUrl + $"/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/flows/{flowName}?api-version=2016-11-01", AccessToken);
-                WriteObject(result, false);
-            }
-            else
-            {
-                string filter = null;
-                switch (SharingStatus)
+                if (ParameterSpecified(nameof(Identity)))
                 {
-                    case FlowSharingStatus.SharedWithMe:
-                        filter = "search('team')";
-                        break;
+                    var flowName = Identity.GetName();
 
-                    case FlowSharingStatus.Personal:
-                        filter = "search('personal')";
-                        break;
+                    WriteVerbose($"Retrieving specific Power Automate Flow with the provided name '{flowName}' within the environment '{environmentName}'");
 
-                    case FlowSharingStatus.All:
-                        filter = "search('team AND personal')";
-                        break;
+                    var result = GraphHelper.Get<Model.PowerPlatform.PowerAutomate.Flow>(this, Connection, baseUrl + $"/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/flows/{flowName}?api-version=2016-11-01", AccessToken);
+                    WriteObject(result, false);
                 }
+                else
+                {
+                    string filter = null;
+                    switch (SharingStatus)
+                    {
+                        case FlowSharingStatus.SharedWithMe:
+                            filter = "search('team')";
+                            break;
+
+                        case FlowSharingStatus.Personal:
+                            filter = "search('personal')";
+                            break;
 
-                WriteVerbose($"Retrieving all Power Automate Flows within environment '{environmentName}'{(filter != null ? $" with filter '{filter}'" : "")}");
+                        case FlowSharingStatus.All:
+                            filter = "search('team AND personal')";
+                            break;
+                    }
 
-                var flowUrl = $"{baseUrl}/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/{(AsAdmin ? "v2" : "")}/flows?api-version=2016-11-01{(filter != null ? $"&$filter={filter}" : "")}";
-                var flows = GraphHelper.GetResultCollection<Model.PowerPlatform.PowerAutomate.Flow>(this, Connection, flowUrl, AccessToken);
-                
-                WriteObject(flows, true);
+                    WriteVerbose($"Retrieving all Power Automate Flows within environment '{environmentName}'{(filter != null ? $" with filter '{filter}'" : "")}");
 
+                    var flowUrl = $"{baseUrl}/providers/Microsoft.ProcessSimple{(AsAdmin ? "/scopes/admin" : "")}/environments/{environmentName}/{(AsAdmin ? "v2" : "")}/flows?api-version=2016-11-01{(filter != null ? $"&$filter={filter}" : "")}";
+                    var flows = GraphHelper.GetResultCollection<Model.PowerPlatform.PowerAutomate.Flow>(this, Connection, flowUrl, AccessToken);
+
+                    WriteObject(flows, true);
+
+                }
+            }
+            catch (Exception e)
+            {
+                WriteError(new ErrorRecord(new Exception("Make sure you have granted access to Azure AD App to Interact with Power Platform, To help understand the required permissions visit https://pnp.github.io/powershell/articles/determinepermissions.html#help-i-cant-figure-out-which-permissions-i-need"), e.Message, ErrorCategory.AuthenticationError, null));
             }
         }
     }
