Merge pull request KelvinTegelaar#1726 from Zacgoose/fix-audit-log-rules-search

Improve tenant filtering in audit log rules

Author: KelvinTegelaar

Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1

@@ -126,13 +126,25 @@ function Test-CIPPAuditLogRules {
         $TrustedIPTable = Get-CIPPTable -TableName 'trustedIps'
         $ConfigTable = Get-CIPPTable -TableName 'WebhookRules'
         $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
-        $Configuration = $ConfigEntries | Where-Object { ($_.Tenants -match $TenantFilter -or $_.Tenants -match 'AllTenants') } | ForEach-Object {
-            [pscustomobject]@{
-                Tenants    = ($_.Tenants | ConvertFrom-Json)
-                Excluded   = ($_.excludedTenants | ConvertFrom-Json -ErrorAction SilentlyContinue)
-                Conditions = $_.Conditions
-                Actions    = $_.Actions
-                LogType    = $_.Type
+        $Configuration = foreach ($ConfigEntry in $ConfigEntries) {
+            if ([string]::IsNullOrEmpty($ConfigEntry.Tenants)) {
+                continue
+            }
+            $Tenants = $ConfigEntry.Tenants | ConvertFrom-Json -ErrorAction SilentlyContinue
+            if ($null -eq $Tenants) {
+                continue
+            }
+            # Expand tenant groups to get actual tenant list
+            $ExpandedTenants = Expand-CIPPTenantGroups -TenantFilter $Tenants
+            # Check if the TenantFilter matches any tenant in the expanded list or AllTenants
+            if ($ExpandedTenants.value -contains $TenantFilter -or $ExpandedTenants.value -contains 'AllTenants') {
+                [pscustomobject]@{
+                    Tenants    = $Tenants
+                    Excluded   = ($ConfigEntry.excludedTenants | ConvertFrom-Json -ErrorAction SilentlyContinue)
+                    Conditions = $ConfigEntry.Conditions
+                    Actions    = $ConfigEntry.Actions
+                    LogType    = $ConfigEntry.Type
+                }
             }
         }