cli-microsoft365
cli-microsoft365 copied to clipboard
pnp
Enhancement: add optional parameter to specify a folder in the app catalog for `m365 spo app add`
Currently, SPFx solutions are deployed at the root of an app catalog, whether it's a tenant or a site collection one.
The idea is to add a new command option to specify a folder because in some organizations, there's only one tenant for the whole company, including the subsidiaries. In that case, permissions can be setup to not expose an app to everyone but only one subsidiary.
Property description idea:
| Option | Description |
|---|---|
--catalogFolderPath [catalogFolderPath] |
Relative path in the tenant or site collection app catalog to add the package file. If not provided, the package file will be added to the root folder of the app catalog. |
That's a great feature request. Thanks for submitting this @michaelmaillot!
Looks good to go for me. @pnp/cli-for-microsoft-365-maintainers any further remarks before opening it up?
Nice suggestion. Maybe for consistency, we should call it appCatalogFolderUrl.
Let's also check if we need something similar for other app commands like spo app get.
Before we do, let's double check if using folders in the app catalog is a supported scenario and we're not trying to promote something that's officially shouldn't be done (even though it's working).
@VesaJuvonen do we officially support creating folders and uploading solutions to folders in the app catalog?
@waldekmastykarz - that's a really good question. We have not really considered the scenario at this level, but technically that should work as file is still in the catalog and this will provide proper level of grouping between the solutions if there are a lot of solutions. Let me run this through with few people internally to avoid surprises.
Thanks for your feedback @VesaJuvonen & @waldekmastykarz.
TBH I actually met this scenario and I was the first surprised that it was actually possible. And the only thing that changes from "regular" usage of tenant app catalog is that if you set specific permissions on a folder, only people that have (read) access will be able to see apps inside, when they will browse through the org app store. But this won't impact installed ones (since compiled files are located in the clientSideAssets library).
@VesaJuvonen (@waldekmastykarz), have you checked whether we can support adding folders in an app catalog? This will unblock the issue.
Vesa is out for 2 months or so. @AJIXuMuK I was wondering if maybe you could share some feed if using folders in app catalogs to trim available apps by permissions is kind of supported behavior?
@Adam-it @michaelmaillot so. The question here is what the final goal is. Folders and permissions in the app catalog can be used to control who can ADD apps to the catalog. However, it does not affect who can USE the installed apps. All the assets are stored in a separate list and we don't sync permissions between the app catalog and the assents list.
Hey @AJIXuMuK,
Agree on that, as I said here. However, it does control who can also SEE / INSTALL apps on a site. In the original request, I mentioned that it was because of a use case I met for one of my customers: a single tenant for a whole company which has subsidiaries. Let's say that one asked (and "paid" a subcontractor) for an app. They won't allow it to be available to others subsidiaries than its own one.
The final goal is to keep boundaries for subsidiaries, not only when it's about to add apps on the catalog, but also to see them when you want to install one on a site.
thanks @michaelmaillot for the double confirmation. I think it is a really nice use case and till now I did not know something like this was possible 🙂 @AJIXuMuK what do you think?
I think we're good to open it up since @AJIXuMuK comments are in line with what @michaelmaillot wants to use this for.