Enhancement: extend spo list get with --withPermissions

[Adam-it]

We need to extend the command spo list get with additional option --withPermissions. When the option is passed, the result would include permission information along with other details.

Specs are updated based on this conversation.

Additional Info

I came across this when I wanted to add a CLI equivalent of and existing PnP PowerShell script pnp/script-samples#110
I was able to retrieve all list information similar to PnP PowerShell except permission info 🤔. I wonder maybe I did something wrong 😅 or maybe there is no such functionality so we could ad one 🤔?
please let me know what do you think

[waldekmastykarz]

Thanks for the suggestion, @Adam-it. If I look at the sample you linked, there is an equivalent version based on the CLI. Are we still missing something or has the gap been filled already?

[Adam-it]

@waldekmastykarz yes we are missing some information which I could not retrieve (this is the unique permissions and members info -what group and what permission). I already added and example as 80% of the list info is the same as PnP Powershell and it got approved, but this info is missing.
Please check this screen

I marked the columns which were present using PnPPowershell and which we don't have when I did the same using CLI

[waldekmastykarz]

Ah, understood. Have you checked how we currently handle that for webs, which also are securable objects? It would be good to build it in a consistent way across the different spo commands.

[Adam-it]

not yet.. but I will do so in the coming weekend and let you know 👍

[Adam-it]

ok so I checked and for example in web in CLI we have an argument --withGroups when this is used we add and expand option to the rest call to get the additional info

if (args.options.withGroups) {
      url += '?$expand=AssociatedMemberGroup,AssociatedOwnerGroup,AssociatedVisitorGroup';
}

we could do similar thing for the list command 🤔. So we could add and additional argument option --withGroups or other like --permissionInfoOne (😉😋) and when this is used we may add
.../roleassignments?$expand=Member/users,RoleDefinitionBindings
for example like
https://tenanttocheck.sharepoint.com/sites/demomarketing/_api/web/lists/GetByTitle('sampleList')/roleassignments?$expand=Member/users,RoleDefinitionBindings

also we could use this rest call to check the additional info if the permission inheritance is broken or not
...(ListRestApiCall)/HasUniqueRoleAssignments

[waldekmastykarz]

Thanks for the research @Adam-it. What if we extended the existing spo list get command with a new option named --withPermissions that would include the additional information you mentioned? @pnp/cli-for-microsoft-365-maintainers any opinions about this approach?

[arjunumenon]

I am with the idea of adding the param --withPermissions which will give the permission details only as and when needed. I am with that.

If that is the case, do you think it make sense to update the specs @waldekmastykarz so that it would be clearer?

[waldekmastykarz]

Yes, good idea @arjunumenon 👍

[arjunumenon]

Hello @Adam-it - Thanks for all the suggestion and all findings which you have made. We have updated the specs based on the conversations.
Do you want to take a stab in updating the command?

[Adam-it]

@arjunumenon wow that's cool 👍 thanks a lot for the help and fast changes 👍 you're awesome 🤩
TBH I would really love to be assigned to it but currently I have different issue assigned in this repo and also a list of issues in script-samples repo were I also try to increase number of samples with CLI version... and some other as well 🙄😋... so all in all I will leave this open for any other candidate which would be willing to contribute 👍. If in some time I will be free for anything new, and this still will be open, I will let you know to get assigned 😉

[arjunumenon]

Thanks for the kind words @Adam-it ❤.

Totally understand your schedule and appreciate all the help in script-sample areas as well. You have already done a great job in identifying endpoints needed for enhancing the command.

Based on your suggestion, We will keep the issue open to others so that they can contribute it. Appreciate your help 👍.

[Abderahman88]

Volunteer for this one ✋

Do we want to show all the information for the roles and permissions?

if (args.options.withPermissions) {
      requestUrl += '?$expand=HasUniqueRoleAssignments,RoleAssignments/Member,RoleAssignments/RoleDefinitionBindings';
    }

[Adam-it]

@Abderahman88 this is way cool 😎. I think I am not in any position to make any kind of final decision here 😋 but yes I would suggest to include both (HasUniqueRoleAssignments and RoleAssignments) information in the json response 👍.
TBH I was thinking that this parameter --withPermissions would return similar information to PnP Powershell Get-PnPList -Includes HasUniqueRoleAssignments,RoleAssignments
🤔 What do you think/suggest? Also @waldekmastykarz, @arjunumenon do you agree?

[arjunumenon]

Thanks @Abderahman88 for looking into that and volunteering. It is all yours.

I would also second @Adam-it recommendation to add HasUniqueRoleAssignments,RoleAssignments as a staring point.
Then in future, if needed, let us enhance it further.

[waldekmastykarz]

+1 on the suggestion from @Abderahman88 and @Adam-it 👏