Fix missing Messaging Bot API permissions and incorrect permission inheritance by sellakumaran · Pull Request #68 · microsoft/Agent365-devTools

sellakumaran · 2025-12-04T01:28:24Z

This change fixes two major issues in the setup flow:

Messaging Bot API permissions were not being added due to a regression. This PR corrects that and ensures the required scopes are consistently applied.

Permission inheritance was not being set correctly across all resources. Updated the logic to properly apply inheritable permissions without gaps.

The rest of the refactor is implementation cleanup — moved to a unified permissions model, introduced the new ResourceConsent class, and consolidated all permission handling into EnsureResourcePermissionsAsync with better retries, verification, and logging. Updated related commands, tests, and docs to match the new model while keeping backward compatibility.

Fixes #55

…heritance This change fixes two major issues in the permissions setup flow: Messaging Bot API permissions were not being added due to a regression. This PR corrects that and ensures the required scopes are consistently applied. Permission inheritance was not being set correctly across all resources. Updated the logic to properly apply inheritable permissions without gaps. The rest of the refactor is implementation cleanup — moved to a unified permissions model, introduced the new ResourceConsent class, and consolidated all permission handling into EnsureResourcePermissionsAsync with better retries, verification, and logging. Updated related commands, tests, and docs to match the new model while keeping backward compatibility.

Copilot

Pull request overview

This PR refactors the permission configuration system to use a unified model and fixes two critical issues: missing Messaging Bot API permissions and incorrect permission inheritance setup. The changes introduce a new ResourceConsent class to track per-resource consent state and consolidate all permission handling into EnsureResourcePermissionsAsync with built-in verification and retry logic.

Key Changes:

Introduced ResourceConsent model to replace scattered consent properties with structured per-resource tracking
Created unified EnsureResourcePermissionsAsync method that handles OAuth2 grants, required resource access, and inheritable permissions in one flow with verification
Fixed Messaging Bot API permissions regression by ensuring proper configuration through the unified method

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 15 comments.

Show a summary per file

File	Description
`src/Microsoft.Agents.A365.DevTools.Cli/Models/ResourceConsent.cs`	New model class to track consent state, scopes, and inheritable permissions per resource
`src/Microsoft.Agents.A365.DevTools.Cli/Models/Agent365Config.cs`	Replaced individual consent properties with `ResourceConsents` collection and added `IsInheritanceConfigured()` helper
`src/Microsoft.Agents.A365.DevTools.Cli/Services/GraphApiService.cs`	Added `VerifyInheritablePermissionsAsync` and `AddRequiredResourceAccessAsync` methods; renamed method for clarity
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/SetupHelpers.cs`	Replaced separate permission methods with unified `EnsureResourcePermissionsAsync` including verification with retry logic
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/PermissionsSubcommand.cs`	Updated to use unified permission configuration method for both MCP and Bot API permissions
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/BlueprintSubcommand.cs`	Removed Connectivity consent flow; updated to use `ResourceConsents` collection
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/AllSubcommand.cs`	Updated to pass `setupResults` to permission methods and use new `IsInheritanceConfigured()`
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/ConfigCommand.cs`	Added resource consents table display; removed specific exception handlers
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/CleanupCommand.cs`	Updated to clear `ResourceConsents` collection instead of individual properties
`src/Microsoft.Agents.A365.DevTools.Cli/Commands/DeployCommand.cs`	Removed direct property updates for inheritance state (now tracked in ResourceConsents)
`src/Microsoft.Agents.A365.DevTools.Cli/Services/A365CreateInstanceRunner.cs`	Added helper to check inheritance from `ResourceConsents` collection
`src/Tests/Microsoft.Agents.A365.DevTools.Cli.Tests/Services/GraphApiServiceVerifyInheritablePermissionsTests.cs`	New test file with comprehensive coverage for inheritable permissions verification
`src/Tests/Microsoft.Agents.A365.DevTools.Cli.Tests/Services/Agent365ConfigServiceTests.cs`	Updated tests to use `ResourceConsents` instead of deprecated consent properties
`src/Tests/Microsoft.Agents.A365.DevTools.Cli.Tests/Models/Agent365ConfigTests.cs`	Updated tests to validate `ResourceConsents` collection behavior
`src/Tests/Microsoft.Agents.A365.DevTools.Cli.Tests/Commands/ConfigCommandStaticDynamicSeparationTests.cs`	Updated tests to verify `resourceConsents` is treated as dynamic property
`src/DEVELOPER.md`	Updated documentation to describe three-layer permissions architecture and unified configuration approach

Updated `ConfigCommand` to refine resource consents table display logic based on flags. Simplified `SetupHelpers` by removing redundant error handling and fixing typographical errors. Refactored `GraphApiService` to improve null safety, streamline JSON processing with LINQ, and enhance permission validation. Added robust error handling for missing or invalid application properties. Introduced `GraphApiServiceAddRequiredResourceAccessTests` with comprehensive test coverage for various scenarios, including null safety, invalid scopes, and permission merging. Improved code readability, maintainability, and logging for better diagnostics. Added new unit tests to ensure robustness and prevent regressions.

…heritance (#68) * Fix missing Messaging Bot API permissions and incorrect permission inheritance This change fixes two major issues in the permissions setup flow: Messaging Bot API permissions were not being added due to a regression. This PR corrects that and ensures the required scopes are consistently applied. Permission inheritance was not being set correctly across all resources. Updated the logic to properly apply inheritable permissions without gaps. The rest of the refactor is implementation cleanup — moved to a unified permissions model, introduced the new ResourceConsent class, and consolidated all permission handling into EnsureResourcePermissionsAsync with better retries, verification, and logging. Updated related commands, tests, and docs to match the new model while keeping backward compatibility. * Refactor and enhance permission handling logic Updated `ConfigCommand` to refine resource consents table display logic based on flags. Simplified `SetupHelpers` by removing redundant error handling and fixing typographical errors. Refactored `GraphApiService` to improve null safety, streamline JSON processing with LINQ, and enhance permission validation. Added robust error handling for missing or invalid application properties. Introduced `GraphApiServiceAddRequiredResourceAccessTests` with comprehensive test coverage for various scenarios, including null safety, invalid scopes, and permission merging. Improved code readability, maintainability, and logging for better diagnostics. Added new unit tests to ensure robustness and prevent regressions.

Copilot AI review requested due to automatic review settings December 4, 2025 01:28

sellakumaran requested review from a team as code owners December 4, 2025 01:28

Copilot started reviewing on behalf of sellakumaran December 4, 2025 01:28 View session

Copilot finished reviewing on behalf of sellakumaran December 4, 2025 01:32

Copilot AI reviewed Dec 4, 2025

View reviewed changes

mengyimicro previously approved these changes Dec 4, 2025

View reviewed changes

Comment thread src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/SetupHelpers.cs Outdated

Comment thread src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/SetupHelpers.cs Outdated

sellakumaran dismissed mengyimicro’s stale review via 7d8cfbe December 4, 2025 18:32

mengyimicro approved these changes Dec 4, 2025

View reviewed changes

sellakumaran enabled auto-merge (squash) December 4, 2025 18:51

rahuldevikar761 approved these changes Dec 4, 2025

View reviewed changes

sellakumaran merged commit 4f60361 into main Dec 4, 2025
5 checks passed

sellakumaran deleted the users/sellak/botPermissions branch December 4, 2025 19:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix missing Messaging Bot API permissions and incorrect permission inheritance#68

Fix missing Messaging Bot API permissions and incorrect permission inheritance#68
sellakumaran merged 2 commits into
mainfrom
users/sellak/botPermissions

sellakumaran commented Dec 4, 2025 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

sellakumaran commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

sellakumaran commented Dec 4, 2025 •

edited

Loading