Enhance mailbox permission report

Added multi-strategy lookup for user mailbox type in Get-CIPPMailboxPermissionReport, returning 'UserMailboxType' in the report. Updated Invoke-ListmailboxPermissions to support UseReportDB and ByUser query parameters, enabling report-based retrieval without a specific user ID.

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListmailboxPermissions.ps1

@@ -1,4 +1,4 @@
-Function Invoke-ListmailboxPermissions {
+function Invoke-ListmailboxPermissions {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -10,8 +10,31 @@ Function Invoke-ListmailboxPermissions {
     # Interact with query parameters or the body of the request.
     $TenantFilter = $Request.Query.tenantFilter
     $UserID = $Request.Query.userId
+    $UseReportDB = $Request.Query.UseReportDB
+    $ByUser = $Request.Query.ByUser
 
     try {
+        # If UseReportDB is specified and no specific UserID, retrieve from report database
+        if ($UseReportDB -eq 'true' -and -not $UserID) {
+
+            # Call the report function with proper parameters
+            $ReportParams = @{
+                TenantFilter = $TenantFilter
+            }
+            if ($ByUser -eq 'true') {
+                $ReportParams.ByUser = $true
+            }
+
+            $GraphRequest = Get-CIPPMailboxPermissionReport @ReportParams
+            $StatusCode = [HttpStatusCode]::OK
+
+            return ([HttpResponseContext]@{
+                    StatusCode = $StatusCode
+                    Body       = @($GraphRequest)
+                })
+        }
+
+        # Original live query logic for specific user
         $Requests = @(
             @{
                 CmdletInput = @{

Modules/CIPPCore/Public/Get-CIPPMailboxPermissionReport.ps1

@@ -130,18 +130,36 @@ function Get-CIPPMailboxPermissionReport {
                 $UserKey = $_.Name
                 $UserDisplay = $_.Group[0].User # Use original User value for display
 
-                # Build detailed permissions list with mailbox and access rights
-                $PermissionDetails = $_.Group | ForEach-Object {
-                    [PSCustomObject]@{
-                        Mailbox      = $_.MailboxDisplayName
-                        MailboxUPN   = $_.MailboxUPN
-                        AccessRights = $_.AccessRights
+                # Look up the user's mailbox type using multi-strategy approach
+                $UserMailbox = $null
+                if ($UserDisplay) {
+                    # Try UPN/primarySmtpAddress lookup (case-insensitive)
+                    $UserMailbox = $MailboxLookup[$UserDisplay.ToLower()]
+
+                    # If not found, try ExternalDirectoryObjectId lookup
+                    if (-not $UserMailbox) {
+                        $UserMailbox = $MailboxByExternalIdLookup[$UserDisplay]
+                    }
+
+                    # If not found, try ID lookup
+                    if (-not $UserMailbox) {
+                        $UserMailbox = $MailboxByIdLookup[$UserDisplay]
                     }
                 }
+                $UserMailboxType = if ($UserMailbox) { $UserMailbox.recipientTypeDetails } else { 'Unknown' }
+
+                # Build detailed permissions list with mailbox and access rights
+                $PermissionDetails = @($_.Group | ForEach-Object {
+                        [PSCustomObject]@{
+                            Mailbox      = $_.MailboxDisplayName
+                            MailboxUPN   = $_.MailboxUPN
+                            AccessRights = $_.AccessRights
+                        }
+                    })
 
                 [PSCustomObject]@{
                     User                     = $UserDisplay
-                    UserType                 = if ($UserDisplay -match '@') { 'Email/UPN' } else { 'Display Name' }
+                    UserMailboxType          = $UserMailboxType
                     MailboxCount             = $_.Count
                     Permissions              = $PermissionDetails
                     MailboxCacheTimestamp    = $MailboxCacheTimestamp
@@ -154,13 +172,20 @@ function Get-CIPPMailboxPermissionReport {
                 $MailboxUPN = $_.Name
                 $MailboxInfo = $_.Group[0]
 
+                # Build detailed permissions list with user and access rights
+                $PermissionDetails = @($_.Group | ForEach-Object {
+                        [PSCustomObject]@{
+                            User         = $_.User
+                            AccessRights = $_.AccessRights
+                        }
+                    })
+
                 [PSCustomObject]@{
                     MailboxUPN               = $MailboxUPN
                     MailboxDisplayName       = $MailboxInfo.MailboxDisplayName
                     MailboxType              = $MailboxInfo.MailboxType
                     PermissionCount          = $_.Count
-                    Users                    = ($_.Group | Select-Object -ExpandProperty User | Sort-Object -Unique) -join '; '
-                    Permissions              = ($_.Group | ForEach-Object { "$($_.User) ($($_.AccessRights))" }) -join '; '
+                    Permissions              = $PermissionDetails
                     MailboxCacheTimestamp    = $MailboxCacheTimestamp
                     PermissionCacheTimestamp = $PermissionCacheTimestamp
                 }