Extend MinimalPermissionsGuidancePlugin with scopes to ignore #1365

bartizan · 2025-08-14T14:59:31Z

…nitializeApiSpecsFolderPath

…Utils

…chema

waldekmastykarz

Thanks for the PR. Let's do some changes before we proceed. Since quite a few things changed, I'll have a more thorough look at it in the week of Aug 25. For the future, let's keep PRs focused on the issue at hand and avoid unrelated refactorings. If you see room for improvement, please raise an issue so that we can discuss it first 🙂

waldekmastykarz · 2025-08-15T07:13:07Z

schemas/v0.26.0/minimalpermissionsguidanceplugin.schema.json

@@ -8,6 +8,14 @@
    },
    "apiSpecsFolderPath": {
      "type": "string"
+    },
+    "permissionsToExclude": {


Since we're just adding this property, we can't update previous versions schemas because the property isn't available there. Let's only add it to the latest version

waldekmastykarz · 2025-08-15T07:18:01Z

DevProxy.Plugins/Utils/GraphUtils.cs

@@ -96,4 +101,57 @@ internal async Task<IEnumerable<string>> UpdateUserScopesAsync(IEnumerable<strin

        return newMinimalScopes;
    }
+
+    public static MethodAndUrl GetMethodAndUrl(string methodAndUrlString)


This method doesn't need to be public. Let's make it internal instead

waldekmastykarz · 2025-08-15T07:18:07Z

DevProxy.Plugins/Utils/GraphUtils.cs

+        return new(Method: info[0], Url: info[1]);
+    }
+
+    public static string GetTokenizedUrl(string absoluteUrl)


This method doesn't need to be public. Let's make it internal instead

waldekmastykarz · 2025-08-15T07:18:12Z

DevProxy.Plugins/Utils/GraphUtils.cs

+        return "/" + string.Concat(new Uri(sanitizedUrl).Segments.Skip(2).Select(Uri.UnescapeDataString));
+    }
+
+    public static MethodAndUrl[] GetRequestsFromBatch(string batchBody, string graphVersion, string graphHostName)


This method doesn't need to be public. Let's make it internal instead

waldekmastykarz · 2025-08-15T07:19:49Z

DevProxy.Plugins/Utils/GraphUtils.cs

@@ -96,4 +101,57 @@ internal async Task<IEnumerable<string>> UpdateUserScopesAsync(IEnumerable<strin

        return newMinimalScopes;
    }
+
+    public static MethodAndUrl GetMethodAndUrl(string methodAndUrlString)


This method isn't related to Graph so let's find a better place for it

Moved to MethodAndUrlUtils.
(the method is consumed by graph plugings)

…edUrl, GetRequestsFromBatch

bartizan · 2025-08-15T07:58:54Z

For the future, let's keep PRs focused on the issue at hand and avoid unrelated refactorings. If you see room for improvement, please raise an issue so that we can discuss it first 🙂

At the beginning it seemed like we needed those changes for Graph-related classes.
But I am okay to cut the unrelated refactorings off the PR to keep it clear.

…ermissions

bartizan added 11 commits August 14, 2025 14:54

Add PermissionsToExclude property and initialization

d24955b

Move ApiSpecsFolderPath property initialization to dedicated method I…

d3c3948

…nitializeApiSpecsFolderPath

Small code adjustments

3ffb3ba

Move GetMethodAndUrl to common convert method ToMethodAndUrl

1cda8dd

Add MethodAndUrl record instead of tuple and MethodAndUrlComparer

826d644

Move MethodAndUrlUtils to GraphUtils unit

ea0c49b

Move common GetRequestsFromBatch and GetTokenizedUrl methods to Graph…

1905de1

…Utils

Exclude permissions from excessive list

87f2048

Add ExcludedPermissions property to report class

b8442f4

Add logging of what permissions are excluded

f0698ce

Add permissionsToExclude to MinimalPermissionsGuidancePlugin config s…

7517090

…chema

bartizan marked this pull request as ready for review August 14, 2025 15:36

bartizan requested a review from a team as a code owner August 14, 2025 15:36

waldekmastykarz requested changes Aug 15, 2025

View reviewed changes

waldekmastykarz reviewed Aug 15, 2025

View reviewed changes

bartizan added 3 commits August 15, 2025 10:30

Update schema only for v1.1.0

02eba7f

Lower accessibility level to internal for GetMethodAndUrl, GetTokeniz…

65e8cf7

…edUrl, GetRequestsFromBatch

Move GetMethodAndUrl func out to MethodAndUrlUtils unit

7555b0c

bartizan requested a review from waldekmastykarz August 15, 2025 08:02

Evaluate excessivePermissions and properly initiate flag UsesMinimalP…

63291d9

…ermissions

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Extend MinimalPermissionsGuidancePlugin with scopes to ignore #1365

Extend MinimalPermissionsGuidancePlugin with scopes to ignore #1365

Uh oh!

bartizan commented Aug 14, 2025

Uh oh!

waldekmastykarz left a comment

Uh oh!

waldekmastykarz Aug 15, 2025

Uh oh!

bartizan Aug 15, 2025

Uh oh!

waldekmastykarz Aug 15, 2025

Uh oh!

bartizan Aug 15, 2025

Uh oh!

waldekmastykarz Aug 15, 2025

Uh oh!

bartizan Aug 15, 2025

Uh oh!

waldekmastykarz Aug 15, 2025

Uh oh!

bartizan Aug 15, 2025

Uh oh!

waldekmastykarz Aug 15, 2025

Uh oh!

bartizan Aug 15, 2025

Uh oh!

bartizan commented Aug 15, 2025

Uh oh!

Uh oh!

Extend MinimalPermissionsGuidancePlugin with scopes to ignore #1365

Are you sure you want to change the base?

Extend MinimalPermissionsGuidancePlugin with scopes to ignore #1365

Uh oh!

Conversation

bartizan commented Aug 14, 2025

Uh oh!

waldekmastykarz left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

bartizan commented Aug 15, 2025

Uh oh!

Uh oh!