Merge pull request #352 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 15babfdde566 · 2025-07-11T06:41:05.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1
@@ -59,7 +59,7 @@ function Add-CIPPScheduledTask {
             if ($null -eq $Param -or $Param -eq '' -or ($Param | Measure-Object).Count -eq 0) {
                 continue
             }
-            if ($Param -is [System.Collections.IDictionary] -or $Param.Key) {
+            if ($Param -is [System.Collections.IDictionary] -and $Param.Key) {
                 $ht = @{}
                 foreach ($p in $Param.GetEnumerator()) {
                     $ht[$p.Key] = $p.Value
@@ -77,6 +77,9 @@ function Add-CIPPScheduledTask {
         $Parameters = ($Parameters | ConvertTo-Json -Depth 10 -Compress)
         $AdditionalProperties = [System.Collections.Hashtable]@{}
         foreach ($Prop in $task.AdditionalProperties) {
+            if ($null -eq $Prop.Value -or $Prop.Value -eq '' -or ($Prop.Value | Measure-Object).Count -eq 0) {
+                continue
+            }
             $AdditionalProperties[$Prop.Key] = $Prop.Value
         }
         $AdditionalProperties = ([PSCustomObject]$AdditionalProperties | ConvertTo-Json -Compress)
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ListScheduledItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ListScheduledItems.ps1
@@ -109,7 +109,7 @@ function Invoke-ListScheduledItems {
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
-            Body       = @($ScheduledTasks | Sort-Object -Property ExecutedTime -Descending)
+            Body       = @($ScheduledTasks | Sort-Object -Property ScheduledTime, ExecutedTime -Descending)
         })
 
 }
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecCAExclusion {
+function Invoke-ExecCAExclusion {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -13,48 +13,87 @@ Function Invoke-ExecCAExclusion {
     $APIName = $Request.Params.CIPPEndpoint
     $Headers = $Request.Headers
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+    try {
+        #If UserId is a guid, get the user's UPN
+        $TenantFilter = $Request.Body.tenantFilter
+        $UserID = $Request.Body.UserID
+        $Username = $Request.Body.Username
+        $Users = $Request.Body.Users
+        $EndDate = $Request.Body.EndDate
+        $PolicyId = $Request.Body.PolicyId
+        $ExclusionType = $Request.Body.ExclusionType
 
-    #If UserId is a guid, get the user's UPN
-    $TenantFilter = $Request.Body.tenantFilter
-    $UserId = $Request.Body.UserID
-    $EndDate = $Request.Body.EndDate
-    $PolicyId = $Request.Body.PolicyId
-    $ExclusionType = $Request.Body.ExclusionType
+        if ($Users) {
+            $UserID = $Users.value
+            $Username = $Users.addedFields.userPrincipalName -join ', '
+        } else {
+            if ($UserID -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$' -and -not $Username) {
+                $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserID)" -tenantid $TenantFilter).userPrincipalName
+            }
+        }
 
+        $Policy = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($PolicyId)?`$select=id,displayName" -tenantid $TenantFilter -asApp $true
 
-    if ($UserId -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
-        $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserId)" -tenantid $TenantFilter).userPrincipalName
-    }
-    if ($Request.Body.vacation -eq 'true') {
-        $StartDate = $Request.Body.StartDate
-        $EndDate = $Request.Body.EndDate
-        $TaskBody = [pscustomobject]@{
-            TenantFilter  = $TenantFilter
-            Name          = "Add CA Exclusion Vacation Mode: $Username - $($TenantFilter)"
-            Command       = @{
-                value = 'Set-CIPPCAExclusion'
-                label = 'Set-CIPPCAExclusion'
-            }
-            Parameters    = [pscustomobject]@{
+        if (-not $Policy) {
+            throw "Policy with ID $PolicyId not found in tenant $TenantFilter."
+        }
+
+        $PolicyName = $Policy.displayName
+        if ($Request.Body.vacation -eq 'true') {
+            $StartDate = $Request.Body.StartDate
+            $EndDate = $Request.Body.EndDate
+
+            $Parameters = [PSCustomObject]@{
                 ExclusionType = 'Add'
-                UserID        = $UserID
                 PolicyId      = $PolicyId
-                UserName      = $Username
             }
-            ScheduledTime = $StartDate
+
+            if ($Users) {
+                $Parameters | Add-Member -NotePropertyName Users -NotePropertyValue $Users
+            } else {
+                $Parameters | Add-Member -NotePropertyName UserID -NotePropertyValue $UserID
+            }
+
+            $TaskBody = [pscustomobject]@{
+                TenantFilter  = $TenantFilter
+                Name          = "Add CA Exclusion Vacation Mode: $PolicyName"
+                Command       = @{
+                    value = 'Set-CIPPCAExclusion'
+                    label = 'Set-CIPPCAExclusion'
+                }
+                Parameters    = [pscustomobject]$Parameters
+                ScheduledTime = $StartDate
+            }
+
+            Write-Information ($TaskBody | ConvertTo-Json -Depth 10)
+
+            Add-CIPPScheduledTask -Task $TaskBody -hidden $false
+            #Removal of the exclusion
+            $TaskBody.Parameters.ExclusionType = 'Remove'
+            $TaskBody.Name = "Remove CA Exclusion Vacation Mode: $PolicyName"
+            $TaskBody.ScheduledTime = $EndDate
+            Add-CIPPScheduledTask -Task $TaskBody -hidden $false
+            $body = @{ Results = "Successfully added vacation mode schedule for $Username." }
+        } else {
+            $Parameters = @{
+                ExclusionType = $ExclusionType
+                PolicyId      = $PolicyId
+            }
+            if ($Users) {
+                $Parameters.Users = $Users
+            } else {
+                $Parameters.UserID = $UserID
+            }
+
+            Set-CIPPCAExclusion -TenantFilter $TenantFilter -Headers $Headers @Parameters
         }
-        Add-CIPPScheduledTask -Task $TaskBody -hidden $false
-        #Removal of the exclusion
-        $TaskBody.Parameters.ExclusionType = 'Remove'
-        $TaskBody.Name = "Remove CA Exclusion Vacation Mode: $Username - $($TenantFilter)"
-        $TaskBody.ScheduledTime = $EndDate
-        Add-CIPPScheduledTask -Task $TaskBody -hidden $false
-        $body = @{ Results = "Successfully added vacation mode schedule for $Username." }
-    } else {
-        Set-CIPPCAExclusion -TenantFilter $TenantFilter -ExclusionType $ExclusionType -UserID $UserID -PolicyId $PolicyId -Headers $Headers -UserName $Username
+    } catch {
+        Write-Warning "Failed to perform exclusion for $Username : $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
+        $body = @{ Results = "Failed to perform exclusion for $Username : $($_.Exception.Message)" }
+        Write-LogMessage -headers $Headers -API 'Invoke-ExecCAExclusion' -message "Failed to perform exclusion for $Username : $_" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_)
     }
 
-
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
             Body       = $Body
diff --git a/Modules/CIPPCore/Public/Set-CIPPCAExclusion.ps1 b/Modules/CIPPCore/Public/Set-CIPPCAExclusion.ps1
@@ -6,39 +6,78 @@ function Set-CIPPCAExclusion {
         $UserID,
         $PolicyId,
         $Username,
+        $Users,
         $Headers
     )
     try {
-        $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($PolicyId)" -tenantid $TenantFilter -AsApp $true
+        $CheckExisting = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($PolicyId)" -tenantid $TenantFilter -AsApp $true
         if ($ExclusionType -eq 'add') {
-            $NewExclusions = [pscustomobject]@{
-                conditions = [pscustomobject]@{ users = [pscustomobject]@{
-                        excludeUsers = @($CheckExististing.conditions.users.excludeUsers + $UserID)
+            if ($Users) {
+                $Username = $Users.addedFields.userPrincipalName
+                $ExcludeUsers = [System.Collections.Generic.List[string]]::new()
+                foreach ($User in $CheckExisting.conditions.users.excludeUsers) {
+                    $ExcludeUsers.Add($User)
+                }
+                foreach ($User in $Users.value) {
+                    if ($ExcludeUsers -notcontains $User) {
+                        $ExcludeUsers.Add($User)
+                    }
+                }
+                $NewExclusions = [pscustomobject]@{
+                    conditions = [pscustomobject]@{ users = [pscustomobject]@{
+                            excludeUsers = $ExcludeUsers
+                        }
+                    }
+                }
+            } else {
+                if ($UserID -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
+                    $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserID)" -tenantid $TenantFilter).userPrincipalName
+                }
+                $NewExclusions = [pscustomobject]@{
+                    conditions = [pscustomobject]@{ users = [pscustomobject]@{
+                            excludeUsers = @($CheckExisting.conditions.users.excludeUsers + $UserID)
+                        }
                     }
                 }
             }
+
             $RawJson = ConvertTo-Json -Depth 10 -InputObject $NewExclusions
             if ($PSCmdlet.ShouldProcess($PolicyId, "Add exclusion for $UserID")) {
-                New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($CheckExististing.id)" -tenantid $tenantfilter -type PATCH -body $RawJSON -AsApp $true
+                New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($CheckExisting.id)" -tenantid $tenantfilter -type PATCH -body $RawJSON -AsApp $true
             }
         }
 
         if ($ExclusionType -eq 'remove') {
+            if ($Users) {
+                $UserID = $Users.value
+                $Username = $Users.addedFields.userPrincipalName
+            } else {
+                if ($UserID -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
+                    $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserID)" -tenantid $TenantFilter).userPrincipalName
+                }
+                $UserID = @($UserID)
+            }
             $NewExclusions = [pscustomobject]@{
                 conditions = [pscustomobject]@{ users = [pscustomobject]@{
-                        excludeUsers = @($CheckExististing.conditions.users.excludeUsers | Where-Object { $_ -ne $UserID })
+                        excludeUsers = @($CheckExisting.conditions.users.excludeUsers | Where-Object { $UserID -notcontains $_ })
                     }
                 }
             }
             $RawJson = ConvertTo-Json -Depth 10 -InputObject $NewExclusions
             if ($PSCmdlet.ShouldProcess($PolicyId, "Remove exclusion for $UserID")) {
-                New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($CheckExististing.id)" -tenantid $tenantfilter -type PATCH -body $RawJSON -AsApp $true
+                New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($CheckExisting.id)" -tenantid $tenantfilter -type PATCH -body $RawJSON -AsApp $true
             }
         }
-        "Successfully performed $($ExclusionType) exclusion for $username from policy $($PolicyId)"
-        Write-LogMessage -headers $Headers -API 'Set-CIPPConditionalAccessExclusion' -message "Successfully performed $($ExclusionType) exclusion for $username from policy $($PolicyId)" -Sev 'Info' -tenant $TenantFilter
+
+        foreach ($User in $Username) {
+            "Successfully performed $($ExclusionType) exclusion for $User from policy $($CheckExisting.displayName)"
+            Write-LogMessage -headers $Headers -API 'Set-CIPPCAExclusion' -message "Successfully performed $($ExclusionType) exclusion for $User from policy $($CheckExisting.displayName)" -Sev 'Info' -tenant $TenantFilter
+        }
     } catch {
-        "Failed to $($ExclusionType) user exclusion for $username from policy $($PolicyId): $($_.Exception.Message)"
-        Write-LogMessage -headers $Headers -API 'Set-CIPPConditionalAccessExclusion' -message "Failed to $($ExclusionType) user exclusion for $username from policy $($PolicyId): $_" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_)
+        foreach ($User in $Username) {
+            "Failed to $($ExclusionType) user exclusion for $User from policy $($CheckExisting.displayName): $($_.Exception.Message)"
+            Write-LogMessage -headers $Headers -API 'Set-CIPPCAExclusion' -message "Failed to $($ExclusionType) user exclusion for $User from policy $($CheckExisting.displayName): $_" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_)
+        }
     }
 }
+

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ function Invoke-ListScheduledItems {`
`109`	`109`	`# Associate values to output bindings by calling 'Push-OutputBinding'.`
`110`	`110`	`Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{`
`111`	`111`	`StatusCode = [HttpStatusCode]::OK`
`112`		`- Body = @($ScheduledTasks \| Sort-Object -Property ExecutedTime -Descending)`
	`112`	`+ Body = @($ScheduledTasks \| Sort-Object -Property ScheduledTime, ExecutedTime -Descending)`
`113`	`113`	`})`
`114`	`114`
`115`	`115`	`}`