|
7 | 7 | Gets Azure DevOps security permissions. |
8 | 8 | .Example |
9 | 9 | Get-ADOPermission -Organization MyOrganization -Project MyProject -PersonalAccessToken $pat |
| 10 | + .Example |
| 11 | + Get-ADOProject -Organization MyOrganization -Project MyProject | # Get the project |
| 12 | + Get-ADOTeam | # get the teams within the project |
| 13 | + Get-ADOPermission -Dashboard # get the dashboard permissions of each team within the project. |
10 | 14 | .Link |
11 | 15 | https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20lists/query |
12 | 16 | .Link |
|
44 | 48 | $SecurityToken, |
45 | 49 |
|
46 | 50 | # The Project ID. |
47 | | - # If this is provided without anything else, will get permissions for the projectID |
| 51 | + # If this is provided without anything else, will get permissions for the projectID |
48 | 52 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Project')] |
| 53 | + [Parameter(ValueFromPipelineByPropertyName,ParameterSetName='Analytics')] |
| 54 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='AreaPath')] |
| 55 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Dashboard')] |
49 | 56 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Tagging')] |
50 | 57 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ManageTFVC')] |
51 | 58 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildDefinition')] |
52 | 59 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildPermission')] |
53 | | - [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')] |
| 60 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='IterationPath')] |
| 61 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')] |
54 | 62 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ProjectRepository')] |
55 | | - [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ProjectOverview')] |
| 63 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ProjectOverview')] |
56 | 64 | [Alias('Project')] |
57 | 65 | [string] |
58 | 66 | $ProjectID, |
59 | 67 |
|
| 68 | + # If provided, will get permissions related to a given teamID. ( see Get-ADOTeam) |
| 69 | + [Parameter(ValueFromPipelineByPropertyName,ParameterSetName='Dashboard')] |
| 70 | + [string] |
| 71 | + $TeamID, |
| 72 | + |
| 73 | + # If provided, will get permissions related to an Area Path. ( see Get-ADOAreaPath ) |
| 74 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='AreaPath')] |
| 75 | + [string] |
| 76 | + $AreaPath, |
| 77 | + |
| 78 | + # If provided, will get permissions related to an Iteration Path. ( see Get-ADOIterationPath ) |
| 79 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='IterationPath')] |
| 80 | + [string] |
| 81 | + $IterationPath, |
| 82 | + |
60 | 83 | # If set, will get common permissions related to a project. |
61 | 84 | # These are: |
62 | 85 | # * Builds |
|
77 | 100 | [switch] |
78 | 101 | $Tagging, |
79 | 102 |
|
| 103 | + # If set, will get permissions for analytics related to the current project. |
| 104 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Analytics')] |
| 105 | + [switch] |
| 106 | + $Analytics, |
| 107 | + |
80 | 108 | # If set, will get permissions for Team Foundation Version Control related to the current project. |
81 | 109 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ManageTFVC')] |
82 | 110 | [switch] |
83 | 111 | $ManageTFVC, |
84 | 112 |
|
| 113 | + # If set, will get permissions for Delivery Plans. |
| 114 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Plan')] |
| 115 | + [switch] |
| 116 | + $Plan, |
| 117 | + |
| 118 | + # If set, will get dashboard permissions related to the current project. |
| 119 | + [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Dashboard')] |
| 120 | + [Alias('Dashboards')] |
| 121 | + [switch] |
| 122 | + $Dashboard, |
| 123 | + |
85 | 124 | # The Build Definition ID |
86 | 125 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildDefinition')] |
87 | 126 | [string] |
|
90 | 129 | # The path to the build. |
91 | 130 | [Parameter(ValueFromPipelineByPropertyName,ParameterSetName='BuildDefinition')] |
92 | 131 | [string] |
93 | | - $Path ='/', |
| 132 | + $BuildPath ='/', |
94 | 133 |
|
95 | 134 | # If set, will get build and release permissions for a given project. |
96 | 135 | [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildPermission')] |
|
176 | 215 | $ProgressPreference = $oldProgressPref |
177 | 216 | if (-not $ProjectID) { return } |
178 | 217 | } |
179 | | - switch -Regex ($psCmdlet.ParameterSetName) { |
| 218 | + $psBoundParameters["ParameterSet"] ='accesscontrollists/{NamespaceId}' |
| 219 | + switch -Regex ($psCmdlet.ParameterSetName) { |
180 | 220 | Project { |
181 | 221 | $null = $PSBoundParameters.Remove('ProjectID') |
182 | | - $q.Enqueue(@{ |
183 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 222 | + $q.Enqueue(@{ |
184 | 223 | NamespaceID = '52d39943-cb85-4d7f-8fa8-c6baac873819' |
185 | 224 | SecurityToken = "`$PROJECT:vstfs:///Classification/TeamProject/$ProjectID" |
186 | 225 | } + $PSBoundParameters) |
| 226 | + |
| 227 | + } |
| 228 | + 'AreaPath|IterationPath' { |
| 229 | + $gotPath = |
| 230 | + if ($psCmdlet.ParameterSetName -eq 'AreaPath') { |
| 231 | + Get-ADOAreaPath -Organization $Organization -Project $ProjectID -AreaPath $AreaPath |
| 232 | + } else { |
| 233 | + Get-ADOIterationPath -Organization $Organization -Project $ProjectID -IterationPath $iterationPath |
| 234 | + } |
| 235 | + |
| 236 | + if (-not $gotPath) { |
| 237 | + continue |
| 238 | + } |
| 239 | + $PathIdList = @( |
| 240 | + $gotPath.Identifier |
| 241 | + $parentUri = $gotPath._links.parent.href |
| 242 | + while ($parentUri) { |
| 243 | + $parentPath = Invoke-ADORestAPI -Uri $parentUri |
| 244 | + $parentPath.identifier |
| 245 | + $parentUri = $parentPath._links.parent.href |
| 246 | + } |
| 247 | + ) |
| 248 | + |
| 249 | + [Array]::Reverse($PathIdList) |
| 250 | + |
| 251 | + $null = $PSBoundParameters.Remove('ProjectID') |
| 252 | + |
| 253 | + $q.Enqueue(@{ |
| 254 | + NamespaceID = |
| 255 | + if ($psCmdlet.ParameterSetName -eq 'AreaPath') { |
| 256 | + '83e28ad4-2d72-4ceb-97b0-c7726d5502c3' |
| 257 | + } else { |
| 258 | + 'bf7bfa03-b2b7-47db-8113-fa2e002cc5b1' |
| 259 | + } |
| 260 | + SecurityToken = @(foreach($PathId in $PathIdList) { |
| 261 | + "vstfs:///Classification/Node/$PathId" |
| 262 | + }) -join ':' |
| 263 | + } + $PSBoundParameters) |
| 264 | + } |
| 265 | + Analytics { |
| 266 | + $null = $PSBoundParameters.Remove('ProjectID') |
| 267 | + $q.Enqueue(@{ |
| 268 | + NamespaceID = if ($ProjectID) { '58450c49-b02d-465a-ab12-59ae512d6531' } else { 'd34d3680-dfe5-4cc6-a949-7d9c68f73cba'} |
| 269 | + SecurityToken = "`$/$(if ($ProjectID) { $ProjectID } else { 'Shared' })" |
| 270 | + } + $PSBoundParameters) |
| 271 | + } |
| 272 | + Dashboard { |
| 273 | + $null = $PSBoundParameters.Remove('ProjectID') |
| 274 | + $q.Enqueue(@{ |
| 275 | + NamespaceID = '8adf73b7-389a-4276-b638-fe1653f7efc7' |
| 276 | + SecurityToken = "$/$(if ($ProjectID) { $ProjectID })/$(if ($teamID) { $teamid } else { [guid]::Empty } )" |
| 277 | + } + $PSBoundParameters) |
187 | 278 | } |
188 | 279 | ProjectOverview { |
189 | 280 | $null = $psboundParameters.Remove('Recurse') |
190 | | - $q.Enqueue(@{ |
191 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 281 | + $q.Enqueue(@{ |
192 | 282 | NamespaceID = '52d39943-cb85-4d7f-8fa8-c6baac873819' # Project permissions |
193 | 283 | SecurityToken = "`$PROJECT:vstfs:///Classification/TeamProject/$ProjectID" |
194 | 284 | } + $PSBoundParameters) |
195 | | - $q.Enqueue(@{ |
196 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 285 | + $q.Enqueue(@{ |
197 | 286 | NamespaceID = '2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87' # Repositories |
198 | 287 | SecurityToken = "reposV2/$projectId" |
199 | 288 | Recurse = $true |
200 | 289 | } + $PSBoundParameters) |
201 | | - $q.Enqueue(@{ |
202 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 290 | + $q.Enqueue(@{ |
203 | 291 | NamespaceID = '33344d9c-fc72-4d6f-aba5-fa317101a7e9' # Build definitions |
204 | 292 | SecurityToken = "$ProjectID/" |
205 | 293 | Recurse = $true |
206 | 294 | } + $PSBoundParameters) |
207 | | - $q.Enqueue(@{ |
208 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 295 | + $q.Enqueue(@{ |
209 | 296 | NamespaceID = 'c788c23e-1b46-4162-8f5e-d7585343b5de' # Releases |
210 | 297 | SecurityToken = "$ProjectID/" |
211 | 298 | Recurse = $true |
212 | 299 | } + $PSBoundParameters) |
213 | | - $q.Enqueue(@{ |
214 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 300 | + $q.Enqueue(@{ |
215 | 301 | NamespaceID = '8adf73b7-389a-4276-b638-fe1653f7efc7' # Dashboards |
216 | 302 | SecurityToken = "`$/$ProjectID/" |
217 | 303 | Recurse = $true |
218 | 304 | } + $PSBoundParameters) |
219 | | - $q.Enqueue(@{ |
220 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 305 | + $q.Enqueue(@{ |
221 | 306 | NamespaceID = '49b48001-ca20-4adc-8111-5b60c903a50c' # Service Endpoints |
222 | 307 | SecurityToken = "endpoints/$ProjectID" |
223 | 308 | Recurse = $true |
224 | 309 | } + $PSBoundParameters) |
225 | | - $q.Enqueue(@{ |
226 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 310 | + $q.Enqueue(@{ |
227 | 311 | NamespaceID = 'cb594ebe-87dd-4fc9-ac2c-6a10a4c92046' # Service Hooks |
228 | 312 | SecurityToken = "PublisherSecurity/$ProjectID" |
229 | 313 | Recurse = $true |
230 | 314 | } + $PSBoundParameters) |
231 | 315 | } |
| 316 | + Plan { |
| 317 | + $q.Enqueue(@{ |
| 318 | + NamespaceID = 'bed337f8-e5f3-4fb9-80da-81e17d06e7a8' |
| 319 | + SecurityToken = "Plan" |
| 320 | + } + $PSBoundParameters) |
| 321 | + } |
232 | 322 | Tagging { |
233 | 323 |
|
234 | | - $q.Enqueue(@{ |
235 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 324 | + $q.Enqueue(@{ |
236 | 325 | NamespaceID = 'bb50f182-8e5e-40b8-bc21-e8752a1e7ae2' |
237 | 326 | SecurityToken = "/$ProjectID" |
238 | 327 | } + $PSBoundParameters) |
239 | 328 | } |
240 | 329 | ManageTFVC { |
241 | 330 |
|
242 | | - $q.Enqueue(@{ |
243 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 331 | + $q.Enqueue(@{ |
244 | 332 | NamespaceID = 'a39371cf-0841-4c16-bbd3-276e341bc052' |
245 | 333 | SecurityToken = "/$ProjectID" |
246 | 334 | } + $PSBoundParameters) |
247 | 335 | } |
248 | 336 | 'BuildDefinition|BuildPermission' { |
249 | 337 |
|
250 | | - $q.Enqueue(@{ |
251 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 338 | + $q.Enqueue(@{ |
252 | 339 | NamespaceID = 'a39371cf-0841-4c16-bbd3-276e341bc052' |
253 | | - SecurityToken = "$ProjectID$(($path -replace '\\','/').TrimEnd('/'))/$DefinitionID" |
| 340 | + SecurityToken = "$ProjectID$(($buildpath -replace '\\','/').TrimEnd('/'))/$DefinitionID" |
254 | 341 | } + $PSBoundParameters) |
255 | | - $q.Enqueue(@{ |
256 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 342 | + $q.Enqueue(@{ |
257 | 343 | NamespaceID = 'c788c23e-1b46-4162-8f5e-d7585343b5de' |
258 | | - SecurityToken = "$ProjectID$(($path -replace '\\','/').TrimEnd('/'))/$DefinitionID" |
| 344 | + SecurityToken = "$ProjectID$(($buildpath -replace '\\','/').TrimEnd('/'))/$DefinitionID" |
259 | 345 | } + $PSBoundParameters) |
260 | 346 | } |
261 | 347 | 'RepositoryID|AllRepositories|ProjectRepository' { |
262 | 348 |
|
263 | | - $q.Enqueue(@{ |
264 | | - ParameterSet='accesscontrollists/{NamespaceId}' |
| 349 | + $q.Enqueue(@{ |
265 | 350 | NamespaceID = '2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87' |
266 | 351 | SecurityToken = "repo$( |
267 | 352 | if ($psCmdlet.ParameterSetName -eq 'AllRepositories') {'s'})V2$( |
|
0 commit comments