Microsoft Exchange Grant a Mailbox Folder Permission

arazzo: 1.0.1
info:
  title: Microsoft Exchange Grant a Mailbox Folder Permission
  summary: Read current folder permissions, then add a permission for a user.
  description: >-
    An administrative folder-sharing pattern on the Exchange Online Admin API.
    The workflow first runs Get-MailboxFolderPermission to read the current
    permissions on a mailbox folder, and then runs Add-MailboxFolderPermission
    to grant a user a specific access right. Both cmdlet requests are routed
    with the X-AnchorMailbox header and use the same manageMailboxFolderPermission
    operation with different cmdlet inputs. Each step inlines its request so the
    flow can be executed without consulting the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: exchangeAdminApi
  url: ../openapi/microsoft-exchange-admin-api-openapi.yml
  type: openapi
workflows:
- workflowId: grant-folder-permission
  summary: Inspect folder permissions and add an access right for a user.
  description: >-
    Executes Get-MailboxFolderPermission to read existing permissions, then
    Add-MailboxFolderPermission to grant the supplied access right.
  inputs:
    type: object
    required:
    - anchorMailbox
    - folderIdentity
    - userIdentity
    - accessRights
    properties:
      anchorMailbox:
        type: string
        description: >-
          The UPN or primary SMTP address used as the X-AnchorMailbox routing
          hint for the target tenant.
      folderIdentity:
        type: string
        description: >-
          The folder identity in mailbox:\folder form (e.g. [email protected]:\Calendar).
      userIdentity:
        type: string
        description: The user to grant the folder permission to.
      accessRights:
        type: string
        description: The access right to grant (e.g. Reviewer or Editor).
  steps:
  - stepId: getPermissions
    description: >-
      Run Get-MailboxFolderPermission to read the current permissions on the
      target folder.
    operationId: manageMailboxFolderPermission
    parameters:
    - name: X-AnchorMailbox
      in: header
      value: $inputs.anchorMailbox
    requestBody:
      contentType: application/json
      payload:
        CmdletInput:
          CmdletName: Get-MailboxFolderPermission
          Parameters:
            Identity: $inputs.folderIdentity
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      currentPermissions: $response.body#/value
  - stepId: addPermission
    description: >-
      Run Add-MailboxFolderPermission to grant the supplied user the specified
      access right on the folder.
    operationId: manageMailboxFolderPermission
    parameters:
    - name: X-AnchorMailbox
      in: header
      value: $inputs.anchorMailbox
    requestBody:
      contentType: application/json
      payload:
        CmdletInput:
          CmdletName: Add-MailboxFolderPermission
          Parameters:
            Identity: $inputs.folderIdentity
            User: $inputs.userIdentity
            AccessRights: $inputs.accessRights
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      result: $response.body#/value
  outputs:
    currentPermissions: $steps.getPermissions.outputs.currentPermissions
    result: $steps.addPermission.outputs.result