Skip to content

Commit 559fd18

Browse files
JohnDupreyJohnDuprey
committed
Add group template support to New-CIPPCAPolicy
Enhances group creation in New-CIPPCAPolicy by allowing groups to be created from templates if available. The Replace-GroupNameWithId function now accepts group templates and uses them when matching display names, otherwise defaults to generic security group creation.
1 parent 3996a7a commit 559fd18

File tree

1 file changed

+28
-13
lines changed

1 file changed

+28
-13
lines changed

Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1

Lines changed: 28 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ function New-CIPPCAPolicy {
4040
}
4141
# Helper function to replace group display names with GUIDs
4242
function Replace-GroupNameWithId {
43-
param($TenantFilter, $groupNames, $CreateGroups)
43+
param($TenantFilter, $groupNames, $CreateGroups, $GroupTemplates)
4444

4545
$GroupIds = [System.Collections.Generic.List[string]]::new()
4646
$groupNames | ForEach-Object {
@@ -57,18 +57,26 @@ function New-CIPPCAPolicy {
5757
}
5858
} elseif ($CreateGroups) {
5959
Write-Warning "Creating group $_ as it does not exist in the tenant"
60-
$username = $_ -replace '[^a-zA-Z0-9]', ''
61-
if ($username.Length -gt 64) {
62-
$username = $username.Substring(0, 64)
63-
}
64-
$GroupObject = @{
65-
groupType = 'generic'
66-
displayName = $_
67-
username = $username
68-
securityEnabled = $true
60+
if ($GroupTemplates.displayName -eq $_) {
61+
Write-Information "Creating group from template for $_"
62+
$GroupTemplate = $GroupTemplates | Where-Object -Property displayName -EQ $_
63+
$NewGroup = New-CIPPGroup -GroupObject $GroupTemplate -TenantFilter $TenantFilter -APIName 'New-CIPPCAPolicy'
64+
$GroupIds.Add($NewGroup.GroupId)
65+
} else {
66+
Write-Information "No template found, creating security group for $_"
67+
$username = $_ -replace '[^a-zA-Z0-9]', ''
68+
if ($username.Length -gt 64) {
69+
$username = $username.Substring(0, 64)
70+
}
71+
$GroupObject = @{
72+
groupType = 'generic'
73+
displayName = $_
74+
username = $username
75+
securityEnabled = $true
76+
}
77+
$NewGroup = New-CIPPGroup -GroupObject $GroupObject -TenantFilter $TenantFilter -APIName 'New-CIPPCAPolicy'
78+
$GroupIds.Add($NewGroup.GroupId)
6979
}
70-
$NewGroup = New-CIPPGroup -GroupObject $GroupObject -TenantFilter $TenantFilter -APIName 'New-CIPPCAPolicy'
71-
$GroupIds.Add($NewGroup.GroupId)
7280
} else {
7381
Write-Warning "Group $_ not found in the tenant"
7482
}
@@ -200,6 +208,13 @@ function New-CIPPCAPolicy {
200208
if ($JSONobj.conditions.users.excludeGroups) { $JSONobj.conditions.users.excludeGroups = @() }
201209
}
202210
'displayName' {
211+
$TemplatesTable = Get-CIPPTable -tablename 'templates'
212+
$GroupTemplates = Get-CIPPAzDataTableEntity @TemplatesTable -filter "PartitionKey eq 'GroupTemplate'" | ForEach-Object {
213+
if ($_.JSON -and (Test-Json -Json $_.JSON -ErrorAction SilentlyContinue)) {
214+
$Group = $_.JSON | ConvertFrom-Json
215+
$Group
216+
}
217+
}
203218
try {
204219
Write-Information 'Replacement pattern for inclusions and exclusions is displayName.'
205220
$Requests = @(
@@ -228,7 +243,7 @@ function New-CIPPCAPolicy {
228243
# Check the included and excluded groups
229244
foreach ($groupType in 'includeGroups', 'excludeGroups') {
230245
if ($JSONobj.conditions.users.PSObject.Properties.Name -contains $groupType) {
231-
$JSONobj.conditions.users.$groupType = @(Replace-GroupNameWithId -groupNames $JSONobj.conditions.users.$groupType -CreateGroups $CreateGroups -TenantFilter $TenantFilter)
246+
$JSONobj.conditions.users.$groupType = @(Replace-GroupNameWithId -groupNames $JSONobj.conditions.users.$groupType -CreateGroups $CreateGroups -TenantFilter $TenantFilter -GroupTemplates $GroupTemplates)
232247
}
233248
}
234249
} catch {

0 commit comments

Comments
 (0)