updates to logic

KelvinTegelaar · KelvinTegelaar · commit 293552fa268f · 2025-10-23T12:23:41.000+02:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCreateDefaultGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCreateDefaultGroups.ps1
@@ -0,0 +1,65 @@
+function Invoke-ExecCreateDefaultGroups {
+    <#
+    .SYNOPSIS
+        Create default tenant groups
+    .DESCRIPTION
+        This function creates a set of default tenant groups that are commonly used
+    .FUNCTIONALITY
+        Entrypoint,AnyTenant
+    .ROLE
+        Tenant.Groups.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    try {
+        $Table = Get-CippTable -tablename 'TenantGroups'
+        $Results = [System.Collections.Generic.List[object]]::new()
+        $ExistingGroups = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'TenantGroup' and Type eq 'dynamic'"
+        $DefaultGroups = 
+
+        foreach ($Group in $DefaultGroups) {
+            # Check if group with same name already exists
+            $ExistingGroup = $ExistingGroups | Where-Object -Property Name -EQ $group.Name
+            if ($ExistingGroup) {
+                $Results.Add(@{
+                        resultText = "Group '$($Group.Name)' already exists, skipping"
+                        state      = 'warning'
+                    })
+                continue
+            }
+            $GroupEntity = @{
+                PartitionKey = 'TenantGroup'
+                RowKey       = $groupId
+                Name         = $Group.Name
+                Description  = $Group.Description
+                GroupType    = $Group.GroupType
+                DynamicRules = $Group.DynamicRules
+                RuleLogic    = $Group.RuleLogic
+            }
+            Add-CIPPAzDataTableEntity @Table -Entity $GroupEntity -Force
+
+            $Results.Add(@{
+                    resultText = "Created default group: '$($Group.Name)'"
+                    state      = 'success'
+                })
+
+            Write-LogMessage -API 'TenantGroups' -message "Created default tenant group: $($Group.Name)" -sev Info
+        }
+
+        $Body = @{ Results = $Results }
+
+        return ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::OK
+                Body       = $Body
+            })
+    } catch {
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        Write-LogMessage -API 'TenantGroups' -message "Failed to create default groups: $ErrorMessage" -sev Error
+        $Body = @{ Results = "Failed to create default groups: $ErrorMessage" }
+        return ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::InternalServerError
+                Body       = $Body
+            })
+    }
+}
diff --git a/Modules/CIPPCore/Public/TenantGroups/Update-CIPPDynamicTenantGroups.ps1 b/Modules/CIPPCore/Public/TenantGroups/Update-CIPPDynamicTenantGroups.ps1
@@ -52,18 +52,28 @@ function Update-CIPPDynamicTenantGroups {
                             if ($Operator -in @('in', 'notin')) {
                                 $arrayValues = if ($Value -is [array]) { $Value.guid } else { @($Value.guid) }
                                 $arrayAsString = $arrayValues | ForEach-Object { "'$_'" }
-                                "(`$_.skuId | Where-Object { `$_ -in @($($arrayAsString -join ', ')) }).Count -gt 0"
+                                if ($Operator -eq 'in') {
+                                    "(`$_.skuId | Where-Object { `$_ -in @($($arrayAsString -join ', ')) }).Count -gt 0"
+                                } else {
+                                    "(`$_.skuId | Where-Object { `$_ -in @($($arrayAsString -join ', ')) }).Count -eq 0"
+                                }
                             } else {
-                                "`$_.skuId -contains '$($Value.guid)'"
+                                "`$_.skuId -$Operator '$($Value.guid)'"
                             }
                         }
                         'availableServicePlan' {
                             if ($Operator -in @('in', 'notin')) {
                                 $arrayValues = if ($Value -is [array]) { $Value.value } else { @($Value.value) }
                                 $arrayAsString = $arrayValues | ForEach-Object { "'$_'" }
-                                "(`$_.servicePlans | Where-Object { `$_ -in @($($arrayAsString -join ', ')) }).Count -gt 0"
+                                if ($Operator -eq 'in') {
+                                    # Keep tenants with ANY of the provided plans
+                                    "(`$_.servicePlans | Where-Object { `$_ -in @($($arrayAsString -join ', ')) }).Count -gt 0"
+                                } else {
+                                    # Exclude tenants with ANY of the provided plans
+                                    "(`$_.servicePlans | Where-Object { `$_ -in @($($arrayAsString -join ', ')) }).Count -eq 0"
+                                }
                             } else {
-                                "`$_.servicePlans -contains '$($Value.value)'"
+                                "`$_.servicePlans -$Operator '$($Value.value)'"
                             }
                         }
                         default {
@@ -73,6 +83,9 @@ function Update-CIPPDynamicTenantGroups {
                     }
 
                 }
+                if (!$WhereConditions) {
+                    throw 'Generating the conditions failed. The conditions seem to be empty.'
+                }
                 $TenantObj = $AllTenants | ForEach-Object {
                     if ($Rules.property -contains 'availableLicense') {
                         $LicenseInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/subscribedSkus' -TenantId $_.defaultDomainName
