Reorg some of the scope code, and add a few more helper methods.

mhoc · Apr 29, 2018 · c43b488 · c43b488
1 parent 71c4f2b
commit c43b488
Show file tree

Hide file tree

Showing 9 changed files with 165 additions and 52 deletions.
diff --git a/scopes/calendars.go b/scopes/calendars.go
@@ -4,45 +4,45 @@ var (
 	// ApplicationCalendarsRead Read calendars in all mailboxes
 	ApplicationCalendarsRead = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		Description:          "Allows the app to read events of all calendars without a signed-in user.",
 		DisplayString:        "Read calendars in all mailboxes",
 		Permission:           "Calendars.Read",
+		Type:                 PermissionTypeApplication,
 	}
 	// ApplicationCalendarsReadWrite Read and write calendars in all mailboxes
 	ApplicationCalendarsReadWrite = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		Description:          "Allows the app to create, read, update, and delete events of all calendars without a signed-in user.",
 		DisplayString:        "Read and write calendars in all mailboxes",
 		Permission:           "Calendars.ReadWrite",
+		Type:                 PermissionTypeApplication,
 	}
 	// DelegatedCalendarsRead Read user calendars
 	DelegatedCalendarsRead = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read events in user calendars.",
 		DisplayString: "Read user calendars",
 		Permission:    "Calendars.Read",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedCalendarsReadShared Read user and shared calendars
 	DelegatedCalendarsReadShared = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read events in all calendars that the user can access, including delegate and shared calendars.",
 		DisplayString: "Read user and shared calendars",
 		Permission:    "Calendars.Read.Shared",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedCalendarsReadWrite Have full access to user calendars
 	DelegatedCalendarsReadWrite = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to create, read, update, and delete events in user calendars.",
 		DisplayString: "Have full access to user calendars",
 		Permission:    "Calendars.ReadWrite",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedCalendarsReadWriteShared Read and write user and shared calendars
 	DelegatedCalendarsReadWriteShared = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to create, read, update and delete events in all calendars the user has permissions to access. This includes delegate and shared calendars.",
 		DisplayString: "Read and write user and shared calendars",
 		Permission:    "Calendars.ReadWrite.Shared",
+		Type:          PermissionTypeDelegated,
 	}
 )
diff --git a/scopes/contacts.go b/scopes/contacts.go
@@ -4,45 +4,45 @@ var (
 	// ApplicationContactsRead Read contacts in all mailboxes
 	ApplicationContactsRead = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		Description:          "Allows the app to read all contacts in all mailboxes without a signed-in user.",
 		DisplayString:        "Read contacts in all mailboxes",
 		Permission:           "Contacts.Read",
+		Type:                 PermissionTypeApplication,
 	}
 	// ApplicationContactsReadWrite Read and write contacts in all mailboxes
 	ApplicationContactsReadWrite = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		Description:          "Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user.",
 		DisplayString:        "Read and write contacts in all mailboxes",
 		Permission:           "Contacts.ReadWrite",
+		Type:                 PermissionTypeApplication,
 	}
 	// DelegatedContactsRead Read user contacts
 	DelegatedContactsRead = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read user contacts.",
 		DisplayString: "Read user contacts",
 		Permission:    "Contacts.Read",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedContactsReadShared Read user and shared contacts
 	DelegatedContactsReadShared = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read contacts that the user has permissions to access, including the user's own and shared contacts.",
 		DisplayString: "Read user and shared contacts",
 		Permission:    "Contacts.Read.Shared",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedContactsReadWrite Have full access to user contacts
 	DelegatedContactsReadWrite = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to create, read, update, and delete user contacts.",
 		DisplayString: "Have full access to user contacts",
 		Permission:    "Contacts.ReadWrite",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedContactsReadWriteShared Read and write user and shared contacts
 	DelegatedContactsReadWriteShared = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to create, read, update and delete contacts that the user has permissions to, including the user's own and shared contacts.",
 		DisplayString: "Read and write user and shared contacts",
 		Permission:    "Contacts.ReadWrite.Shared",
+		Type:          PermissionTypeDelegated,
 	}
 )
diff --git a/scopes/device.go b/scopes/device.go
@@ -4,23 +4,23 @@ var (
 	// ApplicationDeviceReadWriteAll Read and write devices
 	ApplicationDeviceReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		Description:          "Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion, or update of device alternative security identifiers.",
 		DisplayString:        "Read and write devices",
 		Permission:           "Device.ReadWrite.All",
+		Type:                 PermissionTypeApplication,
 	}
 	// DelegatedDeviceRead Read user devices
 	DelegatedDeviceRead = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read a user's list of devices on behalf of the signed-in user.",
 		DisplayString: "Read user devices",
 		Permission:    "Device.Read",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedDeviceCommand Communicate with user devices
 	DelegatedDeviceCommand = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to launch another app or communicate with another app on a user's device on behalf of the signed-in user.",
 		DisplayString: "Communicate with user devices",
 		Permission:    "Device.Command",
+		Type:          PermissionTypeDelegated,
 	}
 )
diff --git a/scopes/directory.go b/scopes/directory.go
@@ -4,41 +4,41 @@ var (
 	// ApplicationDirectoryReadAll Read directory data
 	ApplicationDirectoryReadAll = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		DisplayString:        "Read directory data",
 		Description:          "Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.",
 		Permission:           "Directory.Read.All",
+		Type:                 PermissionTypeApplication,
 	}
 	// ApplicationDirectoryReadWriteAll Read and write directory data
 	ApplicationDirectoryReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		DisplayString:        "Read and write directory data",
 		Description:          "Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.",
 		Permission:           "Directory.ReadWrite.All",
+		Type:                 PermissionTypeApplication,
 	}
 	// DelegatedDirectoryReadAll Read directory data
 	DelegatedDirectoryReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		DisplayString:        "Read directory data",
 		Description:          "Allows the app to read data in your organization's directory, such as users, groups and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant.",
 		Permission:           "Directory.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDirectoryReadWriteAll Read and write directory data
 	DelegatedDirectoryReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		DisplayString:        "Read and write directory data",
 		Description:          "Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords.",
 		Permission:           "Directory.ReadWrite.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDirectoryAccessAsUser Access directory as the signed-in user
 	DelegatedDirectoryAccessAsUser = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		DisplayString:        "Access directory as the signed-in user",
 		Description:          "Allows the app to have the same access to information in the directory as the signed-in user.",
 		Permission:           "Directory.AccessAsUser.All",
+		Type:                 PermissionTypeDelegated,
 	}
 )
diff --git a/scopes/intune_device_management.go b/scopes/intune_device_management.go
@@ -4,89 +4,89 @@ var (
 	// DelegatedDeviceManagementAppsReadAll Read Microsoft Intune apps
 	DelegatedDeviceManagementAppsReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.",
 		DisplayString:        "Read Microsoft Intune apps",
 		Permission:           "DeviceManagementApps.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementAppsReadWriteAll Read and write Microsoft Intune apps
 	DelegatedDeviceManagementAppsReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.",
 		DisplayString:        "Read and write Microsoft Intune apps",
 		Permission:           "DeviceManagementApps.ReadWrite.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementConfigurationReadAll Read Microsoft Intune device configuration and policies
 	DelegatedDeviceManagementConfigurationReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.",
 		DisplayString:        "Read Microsoft Intune device configuration and policies",
 		Permission:           "DeviceManagementConfiguration.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementConfigurationReadWriteAll "Read and write Microsoft Intune device configuration and policies"
 	DelegatedDeviceManagementConfigurationReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.",
 		DisplayString:        "Read and write Microsoft Intune device configuration and policies",
 		Permission:           "DeviceManagementConfiguration.ReadWrite.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementManagedDevicesPrivilegedOperationsAll Perform user-impacting remote actions on Microsoft Intune devices
 	DelegatedDeviceManagementManagedDevicesPrivilegedOperationsAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.",
 		DisplayString:        "Perform user-impacting remote actions on Microsoft Intune devices",
 		Permission:           "DeviceManagementManagedDevices.PrivilegedOperations.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementManagedDevicesReadAll Read Microsoft Intune devices
 	DelegatedDeviceManagementManagedDevicesReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read the properties of devices managed by Microsoft Intune.",
 		DisplayString:        "Read Microsoft Intune devices",
 		Permission:           "DeviceManagementManagedDevices.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementManagedDevicesReadWriteAll Read and write Microsoft Intune devices
 	DelegatedDeviceManagementManagedDevicesReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device’s owner.",
 		DisplayString:        "Read and write Microsoft Intune devices",
 		Permission:           "DeviceManagementManagedDevices.ReadWrite.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementRBACReadAll Read Microsoft Intune RBAC settings
 	DelegatedDeviceManagementRBACReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.",
 		DisplayString:        "Read Microsoft Intune RBAC settings",
 		Permission:           "DeviceManagementRBAC.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementRBACReadWriteAll Read and write Microsoft Intune RBAC settings
 	DelegatedDeviceManagementRBACReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.",
 		DisplayString:        "Read and write Microsoft Intune RBAC settings",
 		Permission:           "DeviceManagementRBAC.ReadWrite.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementServiceConfigReadAll Read Microsoft Intune configuration
 	DelegatedDeviceManagementServiceConfigReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read Intune service properties including device enrollment and third party service connection configuration.",
 		DisplayString:        "Read Microsoft Intune configuration",
 		Permission:           "DeviceManagementServiceConfig.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 	// DelegatedDeviceManagementServiceConfigReadWriteAll Read and write Microsoft Intune configuration
 	DelegatedDeviceManagementServiceConfigReadWriteAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration.",
 		DisplayString:        "Read and write Microsoft Intune configuration",
 		Permission:           "DeviceManagementServiceConfig.ReadWrite.All",
+		Type:                 PermissionTypeDelegated,
 	}
 )
diff --git a/scopes/open_id.go b/scopes/open_id.go
@@ -3,30 +3,30 @@ package scopes
 var (
 	// DelegatedEmail View users' email address
 	DelegatedEmail = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read your users' primary email address.",
 		DisplayString: "View users' email address",
 		Permission:    "email",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedOfflineAccess Access user's data anytime
 	DelegatedOfflineAccess = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read and update user data, even when they are not currently using the app.",
 		DisplayString: "Access user's data anytime",
 		Permission:    "offline_access",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedOpenID Sign users in
 	DelegatedOpenID = Scope{
-		Delegated:     true,
 		Description:   "Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.",
 		DisplayString: "Sign users in",
 		Permission:    "openid",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedProfile View users' basic profile
 	DelegatedProfile = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to see your users' basic profile (name, picture, user name).",
 		DisplayString: "View users' basic profile",
 		Permission:    "profile",
+		Type:          PermissionTypeDelegated,
 	}
 )
diff --git a/scopes/people.go b/scopes/people.go
@@ -4,24 +4,24 @@ var (
 	// ApplicationPeopleReadAll Read all users' relevant people lists
 	ApplicationPeopleReadAll = Scope{
 		AdminConsentRequired: true,
-		Application:          true,
 		Description:          "Allows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user's organization. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). Also allows the app to search the entire directory of the signed-in user's organization.",
 		DisplayString:        "Read all users' relevant people lists",
 		Permission:           "People.Read.All",
+		Type:                 PermissionTypeApplication,
 	}
 	// DelegatedPeopleRead Read users' relevant people lists
 	DelegatedPeopleRead = Scope{
-		Delegated:     true,
 		Description:   "Allows the app to read a scored list of people relevant to the signed-in user. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype).",
 		DisplayString: "Read users' relevant people lists",
 		Permission:    "People.Read",
+		Type:          PermissionTypeDelegated,
 	}
 	// DelegatedPeopleReadAll Read all users' relevant people lists
 	DelegatedPeopleReadAll = Scope{
 		AdminConsentRequired: true,
-		Delegated:            true,
 		Description:          "Allows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user's organization. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). Also allows the app to search the entire directory of the signed-in user's organization.",
 		DisplayString:        "Read all users' relevant people lists",
 		Permission:           "People.Read.All",
+		Type:                 PermissionTypeDelegated,
 	}
 )