add sharepoint tests, redoc

2021-01-23 03:25:01 +11:00 · 2021-01-23 03:25:01 +11:00 · 1f44da6d4b
--- a/R/client.R
+++ b/R/client.R
@ -17,9 +17,7 @@
 #'
 #' The default when authenticating to these services is for Microsoft365R to use its own internal app ID. Depending on your organisation's security policy, you may have to get an admin to grant it access to your tenant. As an alternative to the default app ID, you (or your admin) can create your own app registration: it should have a native redirect URI of `http://localhost:1410`, and the "public client" option should be enabled if you want to use the device code authentication flow. You can supply your app ID either via the `app` argument, or in the environment variable `CLIMICROSOFT365_AADAPPID`.
 #'
-#' If creating your own app registration is impractical, there are a couple of ways to work around access issues by piggybacking on other well-known apps. Be warned that these solutions may draw the attention of your admin!
-#' - If the R option `microsoft365r_use_cli_app_id` is set to a non-NULL value, authentication will be done using the app ID for the CLI for Microsoft 365. Technically this app still requires admin approval, but it is in widespread use and so may already be allowed in your organisation.
-#' - For SharePoint (only) it's possible to use the Azure CLI app ID to access document libraries and lists. As a first-party Microsoft app the Azure CLI is available in every AAD tenant, but is not intended for working with Microsoft 365.
+#' If creating your own app registration is impractical, it's possible to work around access issues by piggybacking on the CLI for Microsoft365. By setting the R option `microsoft365r_use_cli_app_id` to a non-NULL value, authentication will be done using the CLI's app ID. Technically this app still requires admin approval, but it is in widespread use and so may already be allowed in your organisation. Be warned that this solution may draw the attention of your admin!
 #'
 #' @return
 #' For `personal_onedrive` and `business_onedrive`, an object of class `ms_drive`. For `sharepoint_site`, an object of class `ms_site`.
@ -27,7 +25,6 @@
 #' [ms_drive], [ms_site], [AzureGraph::create_graph_login], [AzureAuth::get_azure_token]
 #'
 #' [CLI for Microsoft 365](https://pnp.github.io/cli-microsoft365/) -- a commandline tool for managing Microsoft 365
-#' [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli)
 #' @examples
 #' \dontrun{
 #'
@ -52,10 +49,6 @@
 #' business_onedrive()
 #' sharepoint_site("https://mycompany.sharepoint.com/sites/my-site-name")
 #'
-#' # for SharePoint, it's possible to use the Azure CLI app ID:
-#' sharepoint_site("https://mycompany.sharepoint.com/sites/my-site-name",
-#'     app=AzureGraph:::.az_cli_app_id)
-#'
 #' }
 #' @rdname client
 #' @export
--- a/R/ms_sharepoint_list.R
+++ b/R/ms_sharepoint_list.R
@ -27,7 +27,7 @@
 #' - `all_metadata`: If TRUE, the returned data frame will contain extended metadata as separate columns, while the data fields will be in a nested data frame named `fields`.
 #' - `pagesize`: The number of results to return for each call to the REST endpoint. You can try reducing this argument below the default of 5000 if you are experiencing timeouts.
 #'
-#' For more information, see [Use query parameters](https://docs.microsoft.com/en-us/graph/query-parameters?view=graph-rest-1.0) at the Graph API reference. Due to current limitations in the Microsoft Graph REST API version 1.0, you can only read data from lists, not write to them.
+#' For more information, see [Use query parameters](https://docs.microsoft.com/en-us/graph/query-parameters?view=graph-rest-1.0) at the Graph API reference.
 #'
 #' @seealso
 #' [sharepoint_site], [ms_site]
--- a/README.md
+++ b/README.md
@ -12,16 +12,7 @@ The primary repo for this package is at https://github.com/Azure/Microsoft365R;

 The first time you call one of the Microsoft365R functions (see below), it will use your Internet browser to authenticate you with Azure Active Directory, in a similar manner to other web apps. You will get a dialog box asking for permission to access your information.

-For authentication purposes, the package is registered as an app in the 'aicatr' AAD tenant; depending on your organisation's security policy, you may have to get an admin to grant it access to your tenant. The default permissions requested are:
-
- User.Read
- Files.ReadWrite.All
- Group.ReadWrite.All
- profile
- email
- openid
-
-If the environment variable `CLIMICROSOFT365_AADAPPID` is set, Microsoft365R will use its value as the app ID for authenticating instead. You can also specify the app ID as an argument when calling the functions.
+For authentication purposes, the package is registered as an app in the 'aicatr' AAD tenant; depending on your organisation's security policy, you may have to get an admin to grant it access to your tenant. Alternatively, if the environment variable `CLIMICROSOFT365_AADAPPID` is set, Microsoft365R will use its value as the app ID for authenticating to the Microsoft 365 Business services (SharePoint and OneDrive for Business). You can also specify the app ID as an argument when calling the functions below.

 ## OneDrive

@ -67,7 +58,7 @@ od$set_item_properties("Documents/myfile.docx", name="myfile version 2.docx")
 file_props$update(name="myfile version 2.docx")
 ```

-To access OneDrive for Business call `business_onedrive()`. This also returns an object of class `ms_drive`, so the exact same methods are available as for personal OneDrive. Note that OneDrive for Business is technically part of SharePoint and requires a Microsoft 365 Business license.
+To access OneDrive for Business call `business_onedrive()`. This also returns an object of class `ms_drive`, so the exact same methods are available as for personal OneDrive.

 ```r
 odb <- business_onedrive()
--- a/man/client.Rd
+++ b/man/client.Rd
@ -46,11 +46,7 @@ The default "common" tenant for \code{business_onedrive} and \code{sharepoint_si

 The default when authenticating to these services is for Microsoft365R to use its own internal app ID. Depending on your organisation's security policy, you may have to get an admin to grant it access to your tenant. As an alternative to the default app ID, you (or your admin) can create your own app registration: it should have a native redirect URI of \verb{http://localhost:1410}, and the "public client" option should be enabled if you want to use the device code authentication flow. You can supply your app ID either via the \code{app} argument, or in the environment variable \code{CLIMICROSOFT365_AADAPPID}.

-If creating your own app registration is impractical, there are a couple of ways to work around access issues by piggybacking on other well-known apps. Be warned that these solutions may draw the attention of your admin!
-\itemize{
-\item If the R option \code{microsoft365r_use_cli_app_id} is set to a non-NULL value, authentication will be done using the app ID for the CLI for Microsoft 365. Technically this app still requires admin approval, but it is in widespread use and so may already be allowed in your organisation.
-\item For SharePoint (only) it's possible to use the Azure CLI app ID to access document libraries and lists. As a first-party Microsoft app the Azure CLI is available in every AAD tenant, but is not intended for working with Microsoft 365.
-}
+If creating your own app registration is impractical, it's possible to work around access issues by piggybacking on the CLI for Microsoft365. By setting the R option \code{microsoft365r_use_cli_app_id} to a non-NULL value, authentication will be done using the CLI's app ID. Technically this app still requires admin approval, but it is in widespread use and so may already be allowed in your organisation. Be warned that this solution may draw the attention of your admin!
 }

 \examples{
@ -77,15 +73,10 @@ options(microsoft365r_use_cli_app_id=TRUE)
 business_onedrive()
 sharepoint_site("https://mycompany.sharepoint.com/sites/my-site-name")

-# for SharePoint, it's possible to use the Azure CLI app ID:
-sharepoint_site("https://mycompany.sharepoint.com/sites/my-site-name",
-    app=AzureGraph:::.az_cli_app_id)
-
 }
 }
 \seealso{
 \link{ms_drive}, \link{ms_site}, \link[AzureGraph:graph_login]{AzureGraph::create_graph_login}, \link[AzureAuth:get_azure_token]{AzureAuth::get_azure_token}

 \href{https://pnp.github.io/cli-microsoft365/}{CLI for Microsoft 365} -- a commandline tool for managing Microsoft 365
-\href{https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli}{Azure CLI}
 }
--- a/man/ms_sharepoint_list.Rd
+++ b/man/ms_sharepoint_list.Rd
@ -48,7 +48,7 @@ Creating new objects of this class should be done via the \code{get_list} method
 \item \code{pagesize}: The number of results to return for each call to the REST endpoint. You can try reducing this argument below the default of 5000 if you are experiencing timeouts.
 }

-For more information, see \href{https://docs.microsoft.com/en-us/graph/query-parameters?view=graph-rest-1.0}{Use query parameters} at the Graph API reference. Due to current limitations in the Microsoft Graph REST API version 1.0, you can only read data from lists, not write to them.
+For more information, see \href{https://docs.microsoft.com/en-us/graph/query-parameters?view=graph-rest-1.0}{Use query parameters} at the Graph API reference.
 }

 \examples{
--- a/tests/testthat/test01_onedrive.R
+++ b/tests/testthat/test01_onedrive.R
@ -7,7 +7,7 @@ if(!interactive())
    skip("OneDrive tests skipped: must be in interactive session")

 tok <- try(AzureAuth::get_azure_token(c("openid", "offline_access"),
-    tenant="9188040d-6c67-4c5b-b112-36a304b66dad", app=.microsoft365r_app_id, version=2, use_cache=FALSE),
+    tenant="9188040d-6c67-4c5b-b112-36a304b66dad", app=.microsoft365r_app_id, version=2),
    silent=TRUE)
 if(inherits(tok, "try-error"))
    skip("OneDrive tests skipped: unable to login to consumers tenant")
--- a/tests/testthat/test02_business_onedrive.R
+++ b/tests/testthat/test02_business_onedrive.R
@ -11,7 +11,7 @@ tok <- try(AzureAuth::get_azure_token(
    c("https://graph.microsoft.com/.default",
      "openid",
      "offline_access"),
-    tenant=tenant, app=app, version=2, use_cache=FALSE),
+    tenant=tenant, app=app, version=2),
    silent=TRUE)
 if(inherits(tok, "try-error"))
    skip("OneDrive for Business tests skipped: no access to tenant")
--- a/tests/testthat/test03_sharepoint.R
+++ b/tests/testthat/test03_sharepoint.R
@ -0,0 +1,65 @@
+tenant <- Sys.getenv("AZ_TEST_TENANT_ID")
+app <- Sys.getenv("AZ_TEST_NATIVE_APP_ID")
+site_url <- Sys.getenv("AZ_TEST_SHAREPOINT_SITE_URL")
+site_id <- Sys.getenv("AZ_TEST_SHAREPOINT_SITE_ID")
+list_name <- Sys.getenv("AZ_TEST_SHAREPOINT_LIST_NAME")
+list_id <- Sys.getenv("AZ_TEST_SHAREPOINT_LIST_ID")
+
+if(tenant == "" || app == "" || site_url == "" || site_id == "" || list_name == "" || list_id == "")
+    skip("SharePoint tests skipped: Microsoft Graph credentials not set")
+
+if(!interactive())
+    skip("OneDrive for Business tests skipped: must be in interactive session")
+
+tok <- try(AzureAuth::get_azure_token(
+    c("https://graph.microsoft.com/.default",
+      "openid",
+      "offline_access"),
+    tenant=tenant, app=app, version=2),
+    silent=TRUE)
+if(inherits(tok, "try-error"))
+    skip("SharePoint tests skipped: no access to tenant")
+
+test_that("SharePoint client works",
+{
+    gr <- AzureGraph::ms_graph$new(token=tok)
+    testsite <- try(gr$call_graph_endpoint(file.path("sites", site_id)), silent=TRUE)
+    if(inherits(testsite, "try-error"))
+        skip("SharePoint tests skipped: service not available")
+
+    site <- sharepoint_site(site_url, tenant=tenant, app=app)
+    expect_is(site, "ms_site")
+
+    site2 <- sharepoint_site(site_id=site_id, tenant=tenant, app=app)
+    expect_is(site2, "ms_site")
+    expect_identical(site$properties, site2$properties)
+
+    # drive -- functionality tested in test02
+    drives <- site$list_drives()
+    expect_is(drives, "list")
+    expect_true(all(sapply(drives, inherits, "ms_drive")))
+
+    drv <- site$get_drive()
+    expect_is(drv, "ms_drive")
+
+    # list
+    lists <- site$get_lists()
+    expect_is(lists, "list")
+    expect_true(all(sapply(lists, inherits, "ms_sharepoint_list")))
+
+    lst <- site$get_list(list_name=list_name)
+    lst2 <- site$get_list(list_id=list_id)
+    expect_is(lst, "ms_sharepoint_list")
+    expect_is(lst2, "ms_sharepoint_list")
+    expect_identical(lst$properties, lst2$properties)
+
+    cols <- lst$get_column_info()
+    expect_is(cols, "data.frame")
+
+    items <- lst$list_items()
+    expect_is(items, "data.frame")
+
+    items2 <- lst$list_items(all_metadata=TRUE)
+    expect_is(items2, "data.frame")
+    expect_identical(items, items2$fields)
+})
--- a/vignettes/Microsoft365R.Rmd
+++ b/vignettes/Microsoft365R.Rmd
@ -14,16 +14,9 @@ Microsoft365R is intended to be a simple yet powerful R interface to [Microsoft

 The first time you call one of the Microsoft365R functions (see below), it will use your Internet browser to authenticate you with Azure Active Directory, in a similar manner to other web apps. You will get a dialog box asking for permission to access your information.

-For authentication purposes, the package is registered as an app in the 'aicatr' AAD tenant; depending on your organisation's security policy, you may have to get an admin to grant it access to your tenant. The default permissions requested are:
+For authentication purposes, the package is registered as an app in the 'aicatr' AAD tenant; depending on your organisation's security policy, you may have to get an admin to grant it access to your tenant. Alternatively, if the environment variable `CLIMICROSOFT365_AADAPPID` is set, Microsoft365R will use its value as the app ID for authenticating to the Microsoft 365 Business services (SharePoint and OneDrive for Business). You can also specify the app ID as an argument when calling the functions below.

- User.Read
- Files.ReadWrite.All
- Group.ReadWrite.All
- profile
- email
- openid
-
-If the environment variable `CLIMICROSOFT365_AADAPPID` is set, Microsoft365R will use its value as the app ID for authenticating instead. You can also specify the app ID as an argument when calling the functions.
+If creating your own app registration is impractical, it's possible to work around access issues by piggybacking on the [CLI for Microsoft365](https://pnp.github.io/cli-microsoft365/). By setting the R option `microsoft365r_use_cli_app_id` to a non-NULL value, authentication will be done using the CLI's app ID. Technically this app still requires admin approval, but it is in widespread use and so may already be allowed in your organisation. Be warned that this solution may draw the attention of your admin!

 ## OneDrive

@ -88,9 +81,14 @@ od$set_item_properties("Documents/myfile.docx", name="myfile version 2.docx")
 file_props$update(name="myfile version 2.docx")
 ```

-To access OneDrive for Business call `business_onedrive()`. This also returns an object of class `ms_drive`, so the exact same methods are available as for personal OneDrive. Note that OneDrive for Business is technically part of SharePoint and requires a Microsoft 365 Business license.
+To access OneDrive for Business call `business_onedrive()`. This also returns an object of class `ms_drive`, so the exact same methods are available as for personal OneDrive.

 ```r
+# by default, authenticate with the Microsoft365R internal app ID
+odb <- business_onedrive()
+
+# authenticating with the CLI for Microsoft 365 app ID: set a global option
+options(microsoft365r_use_cli_app_id=TRUE)
 odb <- business_onedrive()

 odb$list_items()