From 9625fdb3dd102230682ef52a21d1955318201ece Mon Sep 17 00:00:00 2001
From: Koen Zomers <koen@zomers.eu>
Date: Fri, 11 Oct 2024 17:38:44 +0200
Subject: [PATCH 1/2] Bugfix

---
 CHANGELOG.md                                        | 3 ++-
 src/Commands/Apps/GetAzureADAppSitePermission.cs    | 4 ++--
 src/Commands/Apps/GrantAzureADAppSitePermission.cs  | 4 ++--
 src/Commands/Apps/RevokeAzureADAppSitePermission.cs | 6 +++---
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 51c7d4626..26f7d94f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -56,7 +56,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Fix `Add-PnPDataRowsToSiteTemplate` setting keyColumn to null when not passed. [#4325](https://github.com/pnp/powershell/pull/4325)
 - Fix `Connect-PnPOnline` not working correctly when `-DeviceLogin` and `-LaunchBrowser` both are specified. It used to open it in a popup. Now it correctly launches the browser. [#4325](https://github.com/pnp/powershell/pull/4345)
 - `Export-PnPUserInfo`, `Export-PnPUserProfile` and `Remove-PnPUserProfile` cmdlets now work properly with proper `-Connection` parameter if specified. [#4389](https://github.com/pnp/powershell/pull/4389)
- 
+- Fixed `Get-PnPAzureADAppSitePermission`, `Grant-PnPAzureADAppSitePermission` and `Revoke-PnPAzureADAppSitePermission` cmdlets throwing an error when the site URL is not specified and the app registration used only having Graph permissions
+
 ### Removed
 
 - Removed `Publish-PnPCompanyApp` cmdlet as it was not supported anymore. [#4387](https://github.com/pnp/powershell/pull/4387)
diff --git a/src/Commands/Apps/GetAzureADAppSitePermission.cs b/src/Commands/Apps/GetAzureADAppSitePermission.cs
index b0154c0eb..cb6003174 100644
--- a/src/Commands/Apps/GetAzureADAppSitePermission.cs
+++ b/src/Commands/Apps/GetAzureADAppSitePermission.cs
@@ -11,7 +11,7 @@
 namespace PnP.PowerShell.Commands.Apps
 {
     [Cmdlet(VerbsCommon.Get, "PnPAzureADAppSitePermission", DefaultParameterSetName = ParameterSet_ALL)]
-    [RequiredApiApplicationPermissions("graph/Sites.FullControl.All")]
+    [RequiredApiDelegatedOrApplicationPermissions("graph/Sites.FullControl.All")]
     [Alias("Get-PnPEntraIDAppSitePermission")]
     public class GetPnPAzureADAppSitePermission : PnPGraphCmdlet
     {
@@ -41,7 +41,7 @@ protected override void ExecuteCmdlet()
             }
             else
             {
-                siteId = PnPContext.Site.Id;
+                siteId = new SitePipeBind(Connection.Url).GetSiteIdThroughGraph(Connection, AccessToken);
             }
 
             if (siteId != Guid.Empty)
diff --git a/src/Commands/Apps/GrantAzureADAppSitePermission.cs b/src/Commands/Apps/GrantAzureADAppSitePermission.cs
index 4e42d0a8f..c5aeabb27 100644
--- a/src/Commands/Apps/GrantAzureADAppSitePermission.cs
+++ b/src/Commands/Apps/GrantAzureADAppSitePermission.cs
@@ -12,7 +12,7 @@
 namespace PnP.PowerShell.Commands.Apps
 {
     [Cmdlet(VerbsSecurity.Grant, "PnPAzureADAppSitePermission")]
-    [RequiredApiApplicationPermissions("graph/Sites.FullControl.All")]
+    [RequiredApiDelegatedOrApplicationPermissions("graph/Sites.FullControl.All")]
     [Alias("Grant-PnPEntraIDAppSitePermission")]
     [OutputType(typeof(AzureADAppPermissionInternal))]
     public class GrantPnPAzureADAppSitePermission : PnPGraphCmdlet
@@ -44,7 +44,7 @@ protected override void ExecuteCmdlet()
             else
             {
                 WriteVerbose($"No specific site passed in through -{nameof(Site)}, taking the currently connected to site");
-                siteId = PnPContext.Site.Id;
+                siteId = new SitePipeBind(Connection.Url).GetSiteIdThroughGraph(Connection, AccessToken);
                 WriteVerbose($"Currently connected to site has Id {siteId}");
             }
 
diff --git a/src/Commands/Apps/RevokeAzureADAppSitePermission.cs b/src/Commands/Apps/RevokeAzureADAppSitePermission.cs
index bca1ef0ad..53c9fd568 100644
--- a/src/Commands/Apps/RevokeAzureADAppSitePermission.cs
+++ b/src/Commands/Apps/RevokeAzureADAppSitePermission.cs
@@ -7,7 +7,7 @@
 namespace PnP.PowerShell.Commands.Apps
 {
     [Cmdlet(VerbsSecurity.Revoke, "PnPAzureADAppSitePermission")]
-    [RequiredApiApplicationPermissions("graph/Sites.FullControl.All")]
+    [RequiredApiDelegatedOrApplicationPermissions("graph/Sites.FullControl.All")]
     [Alias("Revoke-PnPEntraIDAppSitePermission")]
     public class RevokePnPAzureADAppSitePermission : PnPGraphCmdlet
     {
@@ -31,14 +31,14 @@ protected override void ExecuteCmdlet()
             }
             else
             {
-                siteId = PnPContext.Site.Id;
+                siteId = new SitePipeBind(Connection.Url).GetSiteIdThroughGraph(Connection, AccessToken);
             }
 
             if (siteId != Guid.Empty)
             {
                 if (Force || ShouldContinue("Are you sure you want to revoke the permissions?", string.Empty))
                 {
-                    var results = PnP.PowerShell.Commands.Utilities.REST.RestHelper.Delete(Connection.HttpClient, $"https://{Connection.GraphEndPoint}/v1.0/sites/{siteId}/permissions/{PermissionId}", AccessToken);
+                    var results = Utilities.REST.RestHelper.Delete(Connection.HttpClient, $"https://{Connection.GraphEndPoint}/v1.0/sites/{siteId}/permissions/{PermissionId}", AccessToken);
                 }
             }
         }

From 0b15fcb3388f8859ad0629347ccf6496f4149aa9 Mon Sep 17 00:00:00 2001
From: Koen Zomers <koen@zomers.eu>
Date: Fri, 11 Oct 2024 17:40:57 +0200
Subject: [PATCH 2/2] Added PR reference

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26f7d94f5..feead18e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -56,7 +56,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Fix `Add-PnPDataRowsToSiteTemplate` setting keyColumn to null when not passed. [#4325](https://github.com/pnp/powershell/pull/4325)
 - Fix `Connect-PnPOnline` not working correctly when `-DeviceLogin` and `-LaunchBrowser` both are specified. It used to open it in a popup. Now it correctly launches the browser. [#4325](https://github.com/pnp/powershell/pull/4345)
 - `Export-PnPUserInfo`, `Export-PnPUserProfile` and `Remove-PnPUserProfile` cmdlets now work properly with proper `-Connection` parameter if specified. [#4389](https://github.com/pnp/powershell/pull/4389)
-- Fixed `Get-PnPAzureADAppSitePermission`, `Grant-PnPAzureADAppSitePermission` and `Revoke-PnPAzureADAppSitePermission` cmdlets throwing an error when the site URL is not specified and the app registration used only having Graph permissions
+- Fixed `Get-PnPAzureADAppSitePermission`, `Grant-PnPAzureADAppSitePermission` and `Revoke-PnPAzureADAppSitePermission` cmdlets throwing an error when the site URL is not specified and the app registration used only having Graph permissions [#4421](https://github.com/pnp/powershell/pull/4421)
 
 ### Removed