Skip to content

Commit d0608a1

Browse files
StartAutomatingStartAutomating
authored
Merge pull request #139 from StartAutomating/MorePermissions
More permissions
2 parents 1801fe3 + a3498c7 commit d0608a1

File tree

7 files changed

+137
-53
lines changed

7 files changed

+137
-53
lines changed

CHANGELOG.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
1-
0.5.6:
1+
0.5.7:
2+
---
3+
* Fixing issue with setting branch permissions (#136)
4+
* Get/Set-ADOPermission: Support for ServiceEndpoints (#137)
5+
* Set-ADOPermission: Exposing specialized parameter sets (#138)
6+
* PSDevOps.WorkProcess objects now return .ProcessName and .ProcessID as alias properties
7+
8+
0.5.6:
29
---
310
### Azure DevOps Improvements
411
* Get-ADOPermission : Can now get permissions related to Dashboards, Analytics, AreaPaths, and IterationPaths

Get-ADOPermission.ps1

Lines changed: 61 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -48,19 +48,20 @@
4848
$SecurityToken,
4949

5050
# The Project ID.
51-
# If this is provided without anything else, will get permissions for the projectID
51+
# If this is provided without anything else, will get permissions for the projectID
5252
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Project')]
5353
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='Analytics')]
54+
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='EndpointID')]
5455
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='AreaPath')]
5556
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Dashboard')]
5657
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Tagging')]
5758
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ManageTFVC')]
5859
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildDefinition')]
5960
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildPermission')]
6061
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='IterationPath')]
61-
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')]
62+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')]
6263
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ProjectRepository')]
63-
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ProjectOverview')]
64+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ProjectOverview')]
6465
[Alias('Project')]
6566
[string]
6667
$ProjectID,
@@ -121,6 +122,18 @@
121122
[switch]
122123
$Dashboard,
123124

125+
126+
# If set, will get all service endpoints permissions.
127+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ServiceEndpoint')]
128+
[Alias('ServiceEndpoints')]
129+
[switch]
130+
$ServiceEndpoint,
131+
132+
# If set, will get endpoint permissions related to a particular endpoint.
133+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='EndpointID')]
134+
[string]
135+
$EndpointID,
136+
124137
# The Build Definition ID
125138
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='BuildDefinition')]
126139
[string]
@@ -137,12 +150,12 @@
137150
$BuildPermission,
138151

139152
# If provided, will get build and release permissions for a given project's repositoryID
140-
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')]
153+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')]
141154
[string]
142155
$RepositoryID,
143156

144-
# If provided, will get permissions for a given branch within a repository
145-
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='RepositoryBranch')]
157+
# If provided, will get permissions for a given branch within a repository
158+
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='RepositoryID')]
146159
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='AllRepositories')]
147160
[string]
148161
$BranchName,
@@ -216,10 +229,10 @@
216229
if (-not $ProjectID) { return }
217230
}
218231
$psBoundParameters["ParameterSet"] ='accesscontrollists/{NamespaceId}'
219-
switch -Regex ($psCmdlet.ParameterSetName) {
232+
switch -Regex ($psCmdlet.ParameterSetName) {
220233
Project {
221234
$null = $PSBoundParameters.Remove('ProjectID')
222-
$q.Enqueue(@{
235+
$q.Enqueue(@{
223236
NamespaceID = '52d39943-cb85-4d7f-8fa8-c6baac873819'
224237
SecurityToken = "`$PROJECT:vstfs:///Classification/TeamProject/$ProjectID"
225238
} + $PSBoundParameters)
@@ -232,7 +245,7 @@
232245
} else {
233246
Get-ADOIterationPath -Organization $Organization -Project $ProjectID -IterationPath $iterationPath
234247
}
235-
248+
236249
if (-not $gotPath) {
237250
continue
238251
}
@@ -247,15 +260,15 @@
247260
)
248261

249262
[Array]::Reverse($PathIdList)
250-
263+
251264
$null = $PSBoundParameters.Remove('ProjectID')
252-
253-
$q.Enqueue(@{
254-
NamespaceID =
255-
if ($psCmdlet.ParameterSetName -eq 'AreaPath') {
265+
266+
$q.Enqueue(@{
267+
NamespaceID =
268+
if ($psCmdlet.ParameterSetName -eq 'AreaPath') {
256269
'83e28ad4-2d72-4ceb-97b0-c7726d5502c3'
257270
} else {
258-
'bf7bfa03-b2b7-47db-8113-fa2e002cc5b1'
271+
'bf7bfa03-b2b7-47db-8113-fa2e002cc5b1'
259272
}
260273
SecurityToken = @(foreach($PathId in $PathIdList) {
261274
"vstfs:///Classification/Node/$PathId"
@@ -264,89 +277,105 @@
264277
}
265278
Analytics {
266279
$null = $PSBoundParameters.Remove('ProjectID')
267-
$q.Enqueue(@{
268-
NamespaceID = if ($ProjectID) { '58450c49-b02d-465a-ab12-59ae512d6531' } else { 'd34d3680-dfe5-4cc6-a949-7d9c68f73cba'}
280+
$q.Enqueue(@{
281+
NamespaceID = if ($ProjectID) { '58450c49-b02d-465a-ab12-59ae512d6531' } else { 'd34d3680-dfe5-4cc6-a949-7d9c68f73cba'}
269282
SecurityToken = "`$/$(if ($ProjectID) { $ProjectID } else { 'Shared' })"
270283
} + $PSBoundParameters)
271284
}
272285
Dashboard {
273286
$null = $PSBoundParameters.Remove('ProjectID')
274-
$q.Enqueue(@{
287+
$q.Enqueue(@{
275288
NamespaceID = '8adf73b7-389a-4276-b638-fe1653f7efc7'
276289
SecurityToken = "$/$(if ($ProjectID) { $ProjectID })/$(if ($teamID) { $teamid } else { [guid]::Empty } )"
277290
} + $PSBoundParameters)
278291
}
279292
ProjectOverview {
280293
$null = $psboundParameters.Remove('Recurse')
281-
$q.Enqueue(@{
294+
$q.Enqueue(@{
282295
NamespaceID = '52d39943-cb85-4d7f-8fa8-c6baac873819' # Project permissions
283296
SecurityToken = "`$PROJECT:vstfs:///Classification/TeamProject/$ProjectID"
284297
} + $PSBoundParameters)
285-
$q.Enqueue(@{
298+
$q.Enqueue(@{
286299
NamespaceID = '2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87' # Repositories
287300
SecurityToken = "reposV2/$projectId"
288301
Recurse = $true
289302
} + $PSBoundParameters)
290-
$q.Enqueue(@{
303+
$q.Enqueue(@{
291304
NamespaceID = '33344d9c-fc72-4d6f-aba5-fa317101a7e9' # Build definitions
292305
SecurityToken = "$ProjectID/"
293306
Recurse = $true
294307
} + $PSBoundParameters)
295-
$q.Enqueue(@{
308+
$q.Enqueue(@{
296309
NamespaceID = 'c788c23e-1b46-4162-8f5e-d7585343b5de' # Releases
297310
SecurityToken = "$ProjectID/"
298311
Recurse = $true
299312
} + $PSBoundParameters)
300-
$q.Enqueue(@{
313+
$q.Enqueue(@{
301314
NamespaceID = '8adf73b7-389a-4276-b638-fe1653f7efc7' # Dashboards
302315
SecurityToken = "`$/$ProjectID/"
303316
Recurse = $true
304317
} + $PSBoundParameters)
305-
$q.Enqueue(@{
318+
$q.Enqueue(@{
306319
NamespaceID = '49b48001-ca20-4adc-8111-5b60c903a50c' # Service Endpoints
307320
SecurityToken = "endpoints/$ProjectID"
308321
Recurse = $true
309322
} + $PSBoundParameters)
310-
$q.Enqueue(@{
323+
$q.Enqueue(@{
311324
NamespaceID = 'cb594ebe-87dd-4fc9-ac2c-6a10a4c92046' # Service Hooks
312325
SecurityToken = "PublisherSecurity/$ProjectID"
313326
Recurse = $true
314327
} + $PSBoundParameters)
315328
}
316329
Plan {
317-
$q.Enqueue(@{
330+
$q.Enqueue(@{
318331
NamespaceID = 'bed337f8-e5f3-4fb9-80da-81e17d06e7a8'
319332
SecurityToken = "Plan"
320333
} + $PSBoundParameters)
321334
}
335+
'ServiceEndpoint|EndpointID' {
336+
if ($psCmdlet.ParameterSetName -eq 'ServiceEndpoint') {
337+
$PSBoundParameters['Recurse'] = $true
338+
}
339+
340+
if ($EndpointID) {
341+
$q.Enqueue(@{
342+
NamespaceID = '49b48001-ca20-4adc-8111-5b60c903a50c'
343+
SecurityToken = "endpoints/Collection/$(if ($EndpointID) {$EndpointID})"
344+
} + $PSBoundParameters)
345+
}
346+
$q.Enqueue(@{
347+
NamespaceID = '49b48001-ca20-4adc-8111-5b60c903a50c'
348+
SecurityToken = "endpoints/$(if ($ProjectID) {"$ProjectID/"})$(if ($EndpointID) {$EndpointID})"
349+
} + $PSBoundParameters)
350+
}
322351
Tagging {
323352

324-
$q.Enqueue(@{
353+
$q.Enqueue(@{
325354
NamespaceID = 'bb50f182-8e5e-40b8-bc21-e8752a1e7ae2'
326355
SecurityToken = "/$ProjectID"
327356
} + $PSBoundParameters)
328357
}
329358
ManageTFVC {
330359

331-
$q.Enqueue(@{
360+
$q.Enqueue(@{
332361
NamespaceID = 'a39371cf-0841-4c16-bbd3-276e341bc052'
333362
SecurityToken = "/$ProjectID"
334363
} + $PSBoundParameters)
335364
}
336365
'BuildDefinition|BuildPermission' {
337366

338-
$q.Enqueue(@{
367+
$q.Enqueue(@{
339368
NamespaceID = 'a39371cf-0841-4c16-bbd3-276e341bc052'
340369
SecurityToken = "$ProjectID$(($buildpath -replace '\\','/').TrimEnd('/'))/$DefinitionID"
341370
} + $PSBoundParameters)
342-
$q.Enqueue(@{
371+
$q.Enqueue(@{
343372
NamespaceID = 'c788c23e-1b46-4162-8f5e-d7585343b5de'
344373
SecurityToken = "$ProjectID$(($buildpath -replace '\\','/').TrimEnd('/'))/$DefinitionID"
345374
} + $PSBoundParameters)
346375
}
347376
'RepositoryID|AllRepositories|ProjectRepository' {
348377

349-
$q.Enqueue(@{
378+
$q.Enqueue(@{
350379
NamespaceID = '2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87'
351380
SecurityToken = "repo$(
352381
if ($psCmdlet.ParameterSetName -eq 'AllRepositories') {'s'})V2$(
@@ -368,23 +397,6 @@ if ($BranchName) {
368397
end {
369398
$c, $t, $progId = 0, $q.Count, [Random]::new().Next()
370399

371-
if ($ExpandACL) {
372-
373-
$resolveIdentity = {
374-
param([Parameter(Mandatory,ValueFromPipelineByPropertyName)][string]$Descriptor)
375-
begin {
376-
if (-not $script:ResolvedIdentities) { $script:ResolvedIdentities= @{} }
377-
}
378-
process {
379-
if (-not $script:ResolvedIdentities[$Descriptor]) {
380-
$script:ResolvedIdentities[$Descriptor] =
381-
Invoke-ADORestAPI "https://vssps.dev.azure.com/$Organization/_apis/identities?api-version=6.0&descriptors=$Descriptor&queryMembership=Direct"
382-
}
383-
return $script:ResolvedIdentities[$Descriptor]
384-
}
385-
}
386-
}
387-
388400
if ($Overview -and $inputObject) {
389401
$projectRepositories = $inputObject | Get-ADORepository
390402
$projectServiceEndpoints = $inputObject | Get-ADOServiceEndpoint
@@ -508,7 +520,7 @@ if ($BranchName) {
508520
switch ($namespace.Name) {
509521
Project { $inputObject }
510522
'Git Repositories' {
511-
foreach ($repo in $ProjectRepository) {
523+
foreach ($repo in $projectRepositories) {
512524
if ($aclOut.Token -like "*/$($repo.id)*") {
513525
$repo;break
514526
}

Get-ADOServiceEndpoint.ps1

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,8 @@
103103
'.Type'
104104
} else {
105105
''
106-
}
106+
}
107+
107108
Invoke-ADORestAPI @invokeParams -Uri $uri -PSTypeName @( # Prepare a list of typenames so we can customize formatting:
108109
"$Organization.$Project.ServiceEndpoint$subTypeName" # * $Organization.$Project.ServiceEndpoint
109110
"$Organization.ServiceEndpoint$subTypeName" # * $Organization.ServiceEndpoint

PSDevOps.psd1

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
@{
2-
ModuleVersion = '0.5.6'
2+
ModuleVersion = '0.5.7'
33
RootModule = 'PSDevOps.psm1'
44
Description = 'PowerShell Tools for DevOps'
55
Guid = 'e6b56c5f-41ac-4ba4-8b88-2c063f683176'
@@ -9,6 +9,13 @@
99
ProjectURI = 'https://github.com/StartAutomating/PSDevOps'
1010
LicenseURI = 'https://github.com/StartAutomating/PSDevOps/blob/master/LICENSE'
1111
ReleaseNotes = @'
12+
0.5.7:
13+
---
14+
* Fixing issue with setting branch permissions (#136)
15+
* Get/Set-ADOPermission: Support for ServiceEndpoints (#137)
16+
* Set-ADOPermission: Exposing specialized parameter sets (#138)
17+
* PSDevOps.WorkProcess objects now return .ProcessName and .ProcessID as alias properties
18+
1219
0.5.6:
1320
---
1421
### Azure DevOps Improvements

PSDevOps.types.ps1xml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1691,4 +1691,30 @@ Invoke-ADORestAPI -Uri "$($this.Url)/comments" -QueryParameter @{"api-version"="
16911691
</AliasProperty>
16921692
</Members>
16931693
</Type>
1694+
<Type>
1695+
<Name>PSDevOps.WorkProcess</Name>
1696+
<Members>
1697+
<AliasProperty>
1698+
<Name>ProcessID</Name>
1699+
<ReferencedMemberName>TypeID</ReferencedMemberName>
1700+
</AliasProperty>
1701+
<AliasProperty>
1702+
<Name>ProcessName</Name>
1703+
<ReferencedMemberName>Name</ReferencedMemberName>
1704+
</AliasProperty>
1705+
</Members>
1706+
</Type>
1707+
<Type>
1708+
<Name>Deserialized.PSDevOps.WorkProcess</Name>
1709+
<Members>
1710+
<AliasProperty>
1711+
<Name>ProcessID</Name>
1712+
<ReferencedMemberName>TypeID</ReferencedMemberName>
1713+
</AliasProperty>
1714+
<AliasProperty>
1715+
<Name>ProcessName</Name>
1716+
<ReferencedMemberName>Name</ReferencedMemberName>
1717+
</AliasProperty>
1718+
</Members>
1719+
</Type>
16941720
</Types>

Set-ADOPermission.ps1

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
# If this is provided without anything else, will get permissions for the projectID
2727
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Project')]
2828
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='Analytics')]
29+
[Parameter(ValueFromPipelineByPropertyName,ParameterSetName='EndpointID')]
2930
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='AreaPath')]
3031
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Dashboard')]
3132
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='IterationPath')]
@@ -97,11 +98,28 @@
9798
[switch]
9899
$Tagging,
99100

101+
100102
# If set, will set permissions for Team Foundation Version Control related to the current project.
101103
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='ManageTFVC')]
102104
[switch]
103105
$ManageTFVC,
104106

107+
# If set, will set permissions for Delivery Plans.
108+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Plan')]
109+
[switch]
110+
$Plan,
111+
112+
# If set, will set dashboard permissions related to the current project.
113+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='Dashboard')]
114+
[Alias('Dashboards')]
115+
[switch]
116+
$Dashboard,
117+
118+
# If set, will set endpoint permissions related to a particular endpoint.
119+
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName='EndpointID')]
120+
[string]
121+
$EndpointID,
122+
105123
# If set, will list the type of permisssions.
106124
[Parameter(ParameterSetName='securitynamespaces')]
107125
[Alias('SecurityNamespace', 'ListPermissionType','ListSecurityNamespace')]
@@ -271,6 +289,16 @@
271289
SecurityToken = "Plan"
272290
} + $PSBoundParameters)
273291
}
292+
EndpointID {
293+
$q.Enqueue(@{
294+
NamespaceID = '49b48001-ca20-4adc-8111-5b60c903a50c'
295+
SecurityToken = "endpoints/$(
296+
if ($ProjectID) {"$ProjectID/"} else { "Collection/"}
297+
)$(
298+
if ($EndpointID) {$EndpointID}
299+
)"
300+
} + $PSBoundParameters)
301+
}
274302
Tagging {
275303
$q.Enqueue(@{
276304
NamespaceID = 'bb50f182-8e5e-40b8-bc21-e8752a1e7ae2'
@@ -403,7 +431,6 @@ $($cachedNamespaces.$namespaceID.actions | Format-Table -Property Name, DisplayN
403431
$c++
404432
Write-Progress "Setting Permissions for $Identity" " (Allowing: $friendlyAllow Denying: $friendlyDeny) on $SecurityToken " -Id $progId -PercentComplete ($c * 100/$t)
405433

406-
407434
if (-not $Descriptors) {
408435
Write-Error "No -Descriptor or -Identity provided"
409436
return

Types/PSDevOps.WorkProcess/Alias.psd1

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
@{
2+
ProcessName = 'Name'
3+
ProcessID = 'TypeID'
4+
}

0 commit comments

Comments
 (0)