Merge pull request #4554 from gautamdsheth/fix/4203-allow-scripts

Fix #4203:  Add -Force parameter to Add-PnPApp, Publish-PnPApp, Remove-PnPApp, and Unpublish-PnPApp to allow temporary script enabling on no-script sites

Author: erwinvanhunen

CHANGELOG.md

@@ -34,7 +34,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Added `-AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled` to `Set-PnPTenant` which allows for updating of web property bag when DenyAddAndCustomizePages is enabled [#4508](https://github.com/pnp/powershell/pull/4508)
 - Added `SiteId` to the output of `Get-PnPTenantSite` [#4527](https://github.com/pnp/powershell/pull/4527)
 - Added `Add-PnPFileSensitivityLabel` which allows for assigning sensitivity labels to SharePoint files [#4538](https://github.com/pnp/powershell/pull/4538)
-- Added `-CanSyncHubSitePermissions` parameter to `Set-PnPSite` cmdlet to set value of allowing syncing hub site permissions to this associated site.
+- `Add-PnPApp` , `Publish-PnPApp` , `Remove-PnPApp` and `Unpublish-PnPApp` now have `-Force` parameter to change the site to allow scripts to be temporarily enabled. [#4554](https://github.com/pnp/powershell/pull/4554)
+- Added `-CanSyncHubSitePermissions` parameter to `Set-PnPSite` cmdlet to set value of allowing syncing hub site permissions to this associated site. [#4555](https://github.com/pnp/powershell/pull/4555)
 - Added `Get-PnPProfileCardProperty`, `New-PnPProfileCardProperty` and `Remove-PnPProfileCardProperty` cmdlets to manage showing additional properties on the Microsoft 365 user profile [#4548](https://github.com/pnp/powershell/pull/4548)
 - Added `Get-PnPCopilotAdminLimitedMode` and `Set-PnPCopilotAdminLimitedMode` which allows for managing the setting that controls whether Microsoft 365 Copilot in Teams Meetings users can receive responses to sentiment-related prompts [#4562](https://github.com/pnp/powershell/pull/4562)
 - Added `-Contributors` and `-Managers` parameters to `New-PnPTermGroup` and `Set-PnPTermGroup` cmdlets.
@@ -64,9 +65,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - When passing in an existing connection using `-Connection` on `Connect-PnPOnline`, the clientid from the passed in connection will be used for the new connection [#4425](https://github.com/pnp/powershell/pull/4425)
 - Removed `-Confirm` parameter from `Remove-PnPUser` and `Remove-PnPAvailableSiteClassification` cmdlets. Use `-Force` instead. [#4455](https://github.com/pnp/powershell/pull/4455)
 - `Get-PnPFile` now also supports passing in a full SharePoint Online URL [#4480](https://github.com/pnp/powershell/pull/4480)
+- `Add-PnPApp` , `Publish-PnPApp` , `Remove-PnPApp` and `Unpublish-PnPApp` now support disabling script settings if tenant app catalog is a no-script site.
 - `Send-PnPMail` now throws a warning about the retirement of the SharePoint SendEmail API.
 - `Get-PnPCustomAction` now supports a completer for `-Identity` and uses the PnP Core SDK to return custom actions.
 
+
 ### Fixed
 
 - Fixed issue with `Set-PnPSearchExternalSchema` cmdlet when used with the `-Wait` parameter throwing a warning [#4253](https://github.com/pnp/powershell/pull/4253)

documentation/Add-PnPApp.md

@@ -15,8 +15,7 @@ Add/uploads an available app to the app catalog
 ## SYNTAX
 
 ```powershell
-Add-PnPApp [-Path] <String> [-Scope <AppCatalogScope>] [-Overwrite] [-Timeout <Int32>] [-Publish [-SkipFeatureDeployment]]
- [-Connection <PnPConnection>] 
+Add-PnPApp [-Path] <String> [-Scope <AppCatalogScope>] [-Overwrite] [-Timeout <Int32>] [-Publish [-SkipFeatureDeployment]] [-Connection <PnPConnection>] [-Force <SwitchParameter>]
 ```
 
 ## DESCRIPTION
@@ -147,6 +146,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Force
+If provided, no confirmation will be asked to change no-script setting.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

documentation/Publish-PnPApp.md

@@ -15,8 +15,7 @@ Publishes/Deploys/Trusts an available app in the app catalog
 ## SYNTAX
 
 ```powershell
-Publish-PnPApp [-Identity] <AppMetadataPipeBind> [-SkipFeatureDeployment] [-Scope <AppCatalogScope>]
- [-Connection <PnPConnection>] 
+Publish-PnPApp [-Identity] <AppMetadataPipeBind> [-SkipFeatureDeployment] [-Scope <AppCatalogScope>] [-Connection <PnPConnection>] [-Force <SwitchParameter>]
 ```
 
 ## DESCRIPTION
@@ -97,6 +96,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Force
+If provided, no confirmation will be asked to change no-script setting.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

documentation/Remove-PnPApp.md

@@ -15,7 +15,7 @@ Removes an app from the app catalog.
 ## SYNTAX
 
 ```powershell
-Remove-PnPApp [-Identity] <AppMetadataPipeBind> [-Scope <AppCatalogScope>] [-Connection <PnPConnection>]
+Remove-PnPApp [-Identity] <AppMetadataPipeBind> [-Scope <AppCatalogScope>] [-Connection <PnPConnection>] [-Force <SwitchParameter>]
 ```
 
 ## DESCRIPTION
@@ -83,6 +83,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Force
+If provided, no confirmation will be asked to change no-script setting.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

documentation/Unpublish-PnPApp.md

@@ -15,7 +15,7 @@ Unpublishes/retracts an available add-in from the app catalog.
 ## SYNTAX
 
 ```powershell
-Unpublish-PnPApp [-Identity] <AppMetadataPipeBind> [-Scope <AppCatalogScope>] [-Connection <PnPConnection>]
+Unpublish-PnPApp [-Identity] <AppMetadataPipeBind> [-Scope <AppCatalogScope>] [-Connection <PnPConnection>] [-Force <SwitchParameter>]
  
 ```
 
@@ -84,6 +84,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Force
+If provided, no confirmation will be asked to change no-script setting.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

src/Commands/Apps/AddApp.cs

@@ -1,11 +1,14 @@
-using PnP.Framework.ALM;
+using Microsoft.Online.SharePoint.TenantAdministration;
+using Microsoft.SharePoint.Client;
+using PnP.Framework.ALM;
 using PnP.Framework.Enums;
+using PnP.PowerShell.Commands.Base;
 using System.Management.Automation;
 
 namespace PnP.PowerShell.Commands.Apps
 {
     [Cmdlet(VerbsCommon.Add, "PnPApp")]
-    public class AddApp : PnPSharePointCmdlet
+    public class AddApp : PnPAdminCmdlet
     {
         [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true)]
         public string Path;
@@ -25,8 +28,35 @@ public class AddApp : PnPSharePointCmdlet
         [Parameter(Mandatory = false)]
         public int Timeout = 200;
 
+        [Parameter(Mandatory = false)]
+        public SwitchParameter Force;
+
         protected override void ExecuteCmdlet()
         {
+            bool isScriptSettingUpdated = false;
+
+            if (Scope == AppCatalogScope.Tenant)
+            {
+                var appcatalogUri = ClientContext.Web.GetAppCatalog();
+                var ctx = ClientContext.Clone(appcatalogUri);
+                WriteVerbose("Checking if the tenant app catalog is a no-script site");
+                if (ctx.Site.IsNoScriptSite())
+                {
+                    if (Force || ShouldContinue("The tenant appcatalog is a no-script site. Do you want to temporarily enable scripting on it?", Properties.Resources.Confirm))
+                    {
+                        WriteVerbose("Temporarily enabling scripting on the tenant app catalog site");
+                        var tenant = new Tenant(AdminContext);
+                        tenant.SetSiteProperties(appcatalogUri.AbsoluteUri, noScriptSite: false);
+                        isScriptSettingUpdated = true;
+                    }
+                    else
+                    {
+                        WriteWarning("Scripting is disabled on the tenant app catalog site. This command cannot proceed without allowing scripts.");
+                        return;
+                    }
+                }
+            }
+
             if (!System.IO.Path.IsPathRooted(Path))
             {
                 Path = System.IO.Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, Path);
@@ -42,7 +72,6 @@ protected override void ExecuteCmdlet()
 
             try
             {
-
                 if (Publish)
                 {
                     if (manager.Deploy(result, SkipFeatureDeployment, Scope))
@@ -58,6 +87,18 @@ protected override void ExecuteCmdlet()
                 manager.Remove(result, Scope);
                 throw;
             }
+            finally
+            {
+                if (isScriptSettingUpdated)
+                {
+                    WriteVerbose("Disabling scripting on the tenant app catalog site");
+                    var appcatalogUri = ClientContext.Web.GetAppCatalog();
+                    var ctx = ClientContext.Clone(appcatalogUri);
+
+                    var tenant = new Tenant(AdminContext);
+                    tenant.SetSiteProperties(appcatalogUri.AbsoluteUri, noScriptSite: true);
+                }
+            }
         }
     }
 }

src/Commands/Apps/PublishApp.cs

@@ -1,13 +1,15 @@
-using PnP.Framework.Enums;
-
+using Microsoft.Online.SharePoint.TenantAdministration;
+using Microsoft.SharePoint.Client;
+using PnP.Framework.Enums;
+using PnP.PowerShell.Commands.Base;
 using PnP.PowerShell.Commands.Base.PipeBinds;
 using System;
 using System.Management.Automation;
 
 namespace PnP.PowerShell.Commands.Apps
 {
     [Cmdlet(VerbsData.Publish, "PnPApp")]
-    public class PublishApp : PnPSharePointCmdlet
+    public class PublishApp : PnPAdminCmdlet
     {
         [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true)]
         public AppMetadataPipeBind Identity;
@@ -18,17 +20,64 @@ public class PublishApp : PnPSharePointCmdlet
         [Parameter(Mandatory = false, ValueFromPipeline = true)]
         public AppCatalogScope Scope = AppCatalogScope.Tenant;
 
+        [Parameter(Mandatory = false)]
+        public SwitchParameter Force;
+
         protected override void ExecuteCmdlet()
         {
-            var manager = new PnP.Framework.ALM.AppManager(ClientContext);
+            bool isScriptSettingUpdated = false;
 
-            var app = Identity.GetAppMetadata(ClientContext, Scope);
-            if (app != null)
+            if (Scope == AppCatalogScope.Tenant)
             {
-                manager.Deploy(app, SkipFeatureDeployment, Scope);
-            } else
+                var appcatalogUri = ClientContext.Web.GetAppCatalog();
+                var ctx = ClientContext.Clone(appcatalogUri);
+                WriteVerbose("Checking if the tenant app catalog is a no-script site");
+                if (ctx.Site.IsNoScriptSite())
+                {
+                    if (Force || ShouldContinue("The tenant appcatalog is a no-script site. Do you want to temporarily enable scripting on it?", Properties.Resources.Confirm))
+                    {
+                        WriteVerbose("Temporarily enabling scripting on the tenant app catalog site");
+                        var tenant = new Tenant(AdminContext);
+                        tenant.SetSiteProperties(appcatalogUri.AbsoluteUri, noScriptSite: false);
+                        isScriptSettingUpdated = true;
+                    }
+                    else
+                    {
+                        WriteWarning("Scripting is disabled on the tenant app catalog site. This command cannot proceed without allowing scripts.");
+                        return;
+                    }
+                }
+            }
+
+            try
             {
-                throw new Exception("Cannot find app");
+                var manager = new PnP.Framework.ALM.AppManager(ClientContext);
+
+                var app = Identity.GetAppMetadata(ClientContext, Scope);
+                if (app != null)
+                {
+                    manager.Deploy(app, SkipFeatureDeployment, Scope);
+                }
+                else
+                {
+                    throw new Exception("Cannot find app");
+                }
+            }
+            catch
+            {
+                throw;
+            }
+            finally
+            {
+                if (isScriptSettingUpdated)
+                {
+                    WriteVerbose("Disabling scripting on the tenant app catalog site");
+                    var appcatalogUri = ClientContext.Web.GetAppCatalog();
+                    var ctx = ClientContext.Clone(appcatalogUri);
+
+                    var tenant = new Tenant(AdminContext);
+                    tenant.SetSiteProperties(appcatalogUri.AbsoluteUri, noScriptSite: true);
+                }
             }
         }
     }