Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecModifyContactPerms.ps1

@@ -0,0 +1,116 @@
+using namespace System.Net
+
+function Invoke-ExecModifyContactPerms {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Mailbox.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $Username = $Request.Body.userID
+    $TenantFilter = $Request.Body.tenantFilter
+    $Permissions = $Request.Body.permissions
+
+    Write-LogMessage -headers $Headers -API $APIName -message "Processing request for user: $Username, tenant: $TenantFilter" -Sev 'Debug'
+
+    if ($null -eq $Username) {
+        Write-LogMessage -headers $Headers -API $APIName -message 'Username is null' -Sev 'Error'
+        $body = [pscustomobject]@{'Results' = @('Username is required') }
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::BadRequest
+                Body       = $Body
+            })
+        return
+    }
+
+    try {
+        $UserId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($Username)" -tenantid $TenantFilter).id
+        Write-LogMessage -headers $Headers -API $APIName -message "Retrieved user ID: $UserId" -Sev 'Debug'
+    } catch {
+        Write-LogMessage -headers $Headers -API $APIName -message "Failed to get user ID: $($_.Exception.Message)" -Sev 'Error'
+        $body = [pscustomobject]@{'Results' = @("Failed to get user ID: $($_.Exception.Message)") }
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::NotFound
+                Body       = $Body
+            })
+        return
+    }
+
+    $Results = [System.Collections.Generic.List[string]]::new()
+    $HasErrors = $false
+
+    # Convert permissions to array format if it's an object with numeric keys
+    if ($Permissions -is [PSCustomObject]) {
+        if ($Permissions.PSObject.Properties.Name -match '^\d+$') {
+            $Permissions = $Permissions.PSObject.Properties.Value
+        } else {
+            $Permissions = @($Permissions)
+        }
+    }
+
+    Write-LogMessage -headers $Headers -API $APIName -message "Processing $($Permissions.Count) permission entries" -Sev 'Debug'
+
+    foreach ($Permission in $Permissions) {
+        Write-LogMessage -headers $Headers -API $APIName -message "Processing permission: $($Permission | ConvertTo-Json)" -Sev 'Debug'
+
+        $PermissionLevel = $Permission.PermissionLevel.value ?? $Permission.PermissionLevel
+        $Modification = $Permission.Modification
+        $CanViewPrivateItems = $Permission.CanViewPrivateItems ?? $false
+        $FolderName = $Permission.FolderName ?? 'Contact'
+        $SendNotificationToUser = $Permission.SendNotificationToUser ?? $false
+
+        Write-LogMessage -headers $Headers -API $APIName -message "Permission Level: $PermissionLevel, Modification: $Modification, CanViewPrivateItems: $CanViewPrivateItems, FolderName: $FolderName" -Sev 'Debug'
+
+        # Handle UserID as array or single value
+        $TargetUsers = @($Permission.UserID | ForEach-Object { $_.value ?? $_ })
+
+        Write-LogMessage -headers $Headers -API $APIName -message "Target Users: $($TargetUsers -join ', ')" -Sev 'Debug'
+
+        foreach ($TargetUser in $TargetUsers) {
+            try {
+                Write-LogMessage -headers $Headers -API $APIName -message "Processing target user: $TargetUser" -Sev 'Debug'
+                $Params = @{
+                    APIName                = $APIName
+                    Headers                = $Headers
+                    RemoveAccess           = if ($Modification -eq 'Remove') { $TargetUser } else { $null }
+                    TenantFilter           = $TenantFilter
+                    UserID                 = $UserId
+                    folderName             = $FolderName
+                    UserToGetPermissions   = $TargetUser
+                    LoggingName            = $TargetUser
+                    Permissions            = $PermissionLevel
+                    SendNotificationToUser = $SendNotificationToUser
+                }
+
+                # Write-Host "Request params: $($Params | ConvertTo-Json)"
+                $Result = Set-CIPPContactPermission @Params
+
+                $null = $Results.Add($Result)
+            } catch {
+                $HasErrors = $true
+                $null = $Results.Add("$($_.Exception.Message)")
+            }
+        }
+    }
+
+    if ($Results.Count -eq 0) {
+        Write-LogMessage -headers $Headers -API $APIName -message 'No results were generated from the operation' -Sev 'Warning'
+        $null = $Results.Add('No results were generated from the operation. Please check the logs for more details.')
+        $HasErrors = $true
+    }
+
+    $Body = [pscustomobject]@{'Results' = @($Results) }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = if ($HasErrors) { [HttpStatusCode]::InternalServerError } else { [HttpStatusCode]::OK }
+            Body       = $Body
+        })
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListContactPermissions.ps1

@@ -0,0 +1,41 @@
+using namespace System.Net
+
+Function Invoke-ListContactPermissions {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Mailbox.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $UserID = $Request.Query.UserID
+    $TenantFilter = $Request.Query.tenantFilter
+
+    try {
+        $GetContactParam = @{Identity = $UserID; FolderScope = 'Contacts' }
+        $ContactFolder = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-MailboxFolderStatistics' -anchor $UserID -cmdParams $GetContactParam | Select-Object -First 1 -ExcludeProperty *data.type*
+        $ContactParam = @{Identity = "$($UserID):\$($ContactFolder.name)" }
+        $Mailbox = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Mailbox' -cmdParams @{Identity = $UserID }
+        $GraphRequest = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-MailboxFolderPermission' -anchor $UserID -cmdParams $ContactParam -UseSystemMailbox $true | Select-Object Identity, User, AccessRights, FolderName, @{ Name = 'MailboxInfo'; Expression = { $Mailbox } }
+
+        Write-LogMessage -API $APIName -tenant $TenantFilter -message "Contact permissions listed for $($TenantFilter)" -sev Debug
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::Forbidden
+        $GraphRequest = $ErrorMessage
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @($GraphRequest)
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-AddAutopilotConfig {
+function Invoke-AddAutopilotConfig {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -14,42 +14,34 @@ Function Invoke-AddAutopilotConfig {
     $Headers = $Request.Headers
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
-
-
-
     # Input bindings are passed in via param block.
-    $Tenants = $Request.body.selectedTenants.value
-    $AssignTo = if ($request.body.Assignto -ne 'on') { $request.body.Assignto }
-    $Profbod = [pscustomobject]$Request.body
-    $usertype = if ($Profbod.NotLocalAdmin -eq 'true') { 'standard' } else { 'administrator' }
-    $DeploymentMode = if ($profbod.DeploymentMode -eq 'true') { 'shared' } else { 'singleUser' }
+    $Tenants = $Request.Body.selectedTenants.value
+    $Profbod = [pscustomobject]$Request.Body
+    $UserType = if ($Profbod.NotLocalAdmin -eq 'true') { 'standard' } else { 'administrator' }
+    $DeploymentMode = if ($Profbod.DeploymentMode -eq 'true') { 'shared' } else { 'singleUser' }
     $profileParams = @{
-        displayname        = $request.body.Displayname
-        description        = $request.body.Description
-        usertype           = $usertype
+        DisplayName        = $Request.Body.DisplayName
+        Description        = $Request.Body.Description
+        UserType           = $UserType
         DeploymentMode     = $DeploymentMode
-        assignto           = $AssignTo
-        devicenameTemplate = $Profbod.deviceNameTemplate
-        allowWhiteGlove    = $Profbod.allowWhiteGlove
-        CollectHash        = $Profbod.collectHash
-        hideChangeAccount  = $Profbod.hideChangeAccount
-        hidePrivacy        = $Profbod.hidePrivacy
-        hideTerms          = $Profbod.hideTerms
+        AssignTo           = $Request.Body.Assignto
+        DeviceNameTemplate = $Profbod.DeviceNameTemplate
+        AllowWhiteGlove    = $Profbod.allowWhiteGlove
+        CollectHash        = $Profbod.CollectHash
+        HideChangeAccount  = $Profbod.HideChangeAccount
+        HidePrivacy        = $Profbod.HidePrivacy
+        HideTerms          = $Profbod.HideTerms
         Autokeyboard       = $Profbod.Autokeyboard
         Language           = $ProfBod.languages.value
     }
-    $results = foreach ($Tenant in $tenants) {
-        $profileParams['tenantFilter'] = $Tenant
+    $Results = foreach ($tenant in $Tenants) {
+        $profileParams['tenantFilter'] = $tenant
         Set-CIPPDefaultAPDeploymentProfile @profileParams
     }
-    $body = [pscustomobject]@{'Results' = $results }
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
-            Body       = $body
+            Body       = @{'Results' = $Results }
         })
-
-
-
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-RemoveAutopilotConfig.ps1

@@ -0,0 +1,56 @@
+using namespace System.Net
+
+function Invoke-RemoveAutopilotConfig {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.Autopilot.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Body.tenantFilter
+    $ProfileId = $Request.Body.ID
+    $DisplayName = $Request.Body.displayName
+    $Assignments = $Request.Body.assignments
+
+    try {
+        # Validate required parameters
+        if ([string]::IsNullOrEmpty($ProfileId)) {
+            throw 'Profile ID is required'
+        }
+
+        if ([string]::IsNullOrEmpty($TenantFilter)) {
+            throw 'Tenant filter is required'
+        }
+
+        # Call the helper function to delete the autopilot profile
+        $params = @{
+            ProfileId    = $ProfileId
+            DisplayName  = $DisplayName
+            TenantFilter = $TenantFilter
+            Assignments  = $Assignments
+            Headers      = $Headers
+            APIName      = $APIName
+        }
+        $Result = Remove-CIPPAutopilotProfile @params
+        $StatusCode = [HttpStatusCode]::OK
+
+    } catch {
+        $ErrorMessage = $_.Exception.Message
+        $Result = $ErrorMessage
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{'Results' = "$Result" }
+        })
+}

Modules/CIPPCore/Public/Remove-CIPPAutopilotProfile.ps1

@@ -0,0 +1,67 @@
+function Remove-CIPPAutopilotProfile {
+    param(
+        $ProfileId,
+        $DisplayName,
+        $TenantFilter,
+        $Assignments,
+        $Headers,
+        $APIName = 'Remove Autopilot Profile'
+    )
+
+
+    try {
+
+        try {
+            $DisplayName = $null -eq $DisplayName ? $ProfileId : $DisplayName
+            if ($Assignments.Count -gt 0) {
+                Write-Host "Profile $ProfileId has $($Assignments.Count) assignments, removing them first"
+                throw
+            }
+
+            $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$ProfileId" -tenantid $TenantFilter -type DELETE
+            $Result = "Successfully deleted Autopilot profile '$($DisplayName)'"
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev 'Info'
+            return $Result
+        } catch {
+
+            # Profile could not be deleted, there is probably an assignment still referencing it. The error is bloody useless here, and we just need to try some stuff
+            if ($null -eq $Assignments) {
+                $Assignments = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$ProfileId/assignments" -tenantid $TenantFilter
+            }
+
+            # Remove all assignments
+            if ($Assignments -and $Assignments.Count -gt 0) {
+                foreach ($Assignment in $Assignments) {
+                    try {
+                        # Use the assignment ID directly as provided by the API
+                        $AssignmentId = $Assignment.id
+                        $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$ProfileId/assignments/$AssignmentId" -tenantid $TenantFilter -type DELETE
+
+                    } catch {
+                        # Handle the case where the assignment might reference a deleted group
+                        try {
+                            if ($Assignment.target -and $Assignment.target.'@odata.type' -eq '#microsoft.graph.groupAssignmentTarget') {
+                                $GroupId = $Assignment.target.groupId
+                                $AlternativeAssignmentId = "${ProfileId}_${GroupId}"
+                                $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$ProfileId/assignments/$AlternativeAssignmentId" -tenantid $TenantFilter -type DELETE
+                            }
+                        } catch {
+                            throw "Could not remove assignment $AssignmentId"
+                        }
+                    }
+                }
+            }
+            # Retry deleting the profile after removing assignments
+            $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$ProfileId" -tenantid $TenantFilter -type DELETE
+            $Result = "Successfully deleted Autopilot profile '$($DisplayName)' "
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev 'Info'
+            return $Result
+        }
+
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $ErrorText = "Failed to delete Autopilot profile $ProfileId. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $ErrorText -Sev 'Error' -LogData $ErrorMessage
+        throw $ErrorText
+    }
+}