Merge pull request #255 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 78392fe69c1b · 2025-05-20T00:41:05.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppPermissionTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppPermissionTemplate.ps1
@@ -1,7 +1,7 @@
 function Invoke-ExecAppPermissionTemplate {
     <#
     .FUNCTIONALITY
-        Entrypoint
+        Entrypoint,AnyTenant
     .ROLE
         Tenant.Application.ReadWrite
     #>
@@ -12,7 +12,9 @@ function Invoke-ExecAppPermissionTemplate {
 
     $User = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Request.Headers.'x-ms-client-principal')) | ConvertFrom-Json
 
-    switch ($Request.Query.Action) {
+    $Action = $Request.Query.Action ?? $Request.Body.Action
+
+    switch ($Action) {
         'Save' {
             try {
                 $Permissions = $Request.Body.Permissions
@@ -25,8 +27,11 @@ function Invoke-ExecAppPermissionTemplate {
                 }
                 $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force
                 $Body = @{
-                    'Results'    = 'Template Saved'
-                    'TemplateId' = $Entity.RowKey
+                    'Results'  = 'Template Saved'
+                    'Metadata' = @{
+                        'TemplateName' = $Entity.TemplateName
+                        'TemplateId'   = $Entity.RowKey
+                    }
                 }
                 Write-LogMessage -headers $Request.Headers -API 'ExecAppPermissionTemplate' -message "Permissions Saved for template: $($Request.Body.TemplateName)" -Sev 'Info' -LogData $Permissions
             } catch {
@@ -35,8 +40,39 @@ function Invoke-ExecAppPermissionTemplate {
                 }
             }
         }
+        'Delete' {
+            try {
+                $TemplateId = $Request.Body.TemplateId
+                $Template = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Templates' and RowKey eq '$TemplateId'")
+                $TemplateName = $Template.TemplateName
+
+                if ($TemplateId) {
+                    $null = Remove-AzDataTableEntity @Table -Entity $Template -Force
+                    $Body = @{
+                        'Results' = "Successfully deleted template '$TemplateName'"
+                    }
+                    Write-LogMessage -headers $Request.Headers -API 'ExecAppPermissionTemplate' -message "Permission template deleted: $TemplateName" -Sev 'Info'
+                } else {
+                    $Body = @{
+                        'Results' = 'No Template ID provided for deletion'
+                    }
+                }
+            } catch {
+                $Body = @{
+                    'Results' = "Failed to delete template: $($_.Exception.Message)"
+                }
+            }
+        }
         default {
-            $Body = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Templates'" | ForEach-Object {
+            # Check if TemplateId is provided to filter results
+            $filter = "PartitionKey eq 'Templates'"
+            if ($Request.Query.TemplateId) {
+                $templateId = $Request.Query.TemplateId
+                $filter = "PartitionKey eq 'Templates' and RowKey eq '$templateId'"
+                Write-LogMessage -headers $Request.Headers -API 'ExecAppPermissionTemplate' -message "Retrieved specific template: $templateId" -Sev 'Info'
+            }
+
+            $Body = Get-CIPPAzDataTableEntity @Table -Filter $filter | ForEach-Object {
                 [PSCustomObject]@{
                     TemplateId   = $_.RowKey
                     TemplateName = $_.TemplateName
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1
@@ -96,9 +96,9 @@ function Invoke-ListTenants {
             if ($Request.Query.Mode -eq 'TenantList') {
                 # add portal link properties
                 $Body = $Body | Select-Object *, @{Name = 'portal_m365'; Expression = { "https://admin.cloud.microsoft/?delegatedOrg=$($_.initialDomainName)" } },
-                @{Name = 'portal_exchange'; Expression = { "https://admin.cloud.microsoft/exchange/?delegatedOrg=$($_.initialDomainName)" } },
+                @{Name = 'portal_exchange'; Expression = { "https://admin.cloud.microsoft/exchange?delegatedOrg=$($_.initialDomainName)" } },
                 @{Name = 'portal_entra'; Expression = { "https://entra.microsoft.com/$($_.defaultDomainName)" } },
-                @{Name = 'portal_teams'; Expression = { "https://admin.teams.microsoft.com/?delegatedOrg=$($_.initialDomainName)" } },
+                @{Name = 'portal_teams'; Expression = { "https://admin.teams.microsoft.com?delegatedOrg=$($_.initialDomainName)" } },
                 @{Name = 'portal_azure'; Expression = { "https://portal.azure.com/$($_.defaultDomainName)" } },
                 @{Name = 'portal_intune'; Expression = { "https://intune.microsoft.com/$($_.defaultDomainName)" } },
                 @{Name = 'portal_security'; Expression = { "https://security.microsoft.com/?tid=$($_.customerId)" } },
diff --git a/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UpdatePermissionsOrchestrator.ps1 b/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UpdatePermissionsOrchestrator.ps1
@@ -15,7 +15,7 @@ function Start-UpdatePermissionsOrchestrator {
             'displayName'       = '*Partner Tenant'
         }
 
-        $TenantList = Get-Tenants -IncludeAll | Where-Object { $_.Excluded -eq $false }
+        $TenantList = Get-Tenants -IncludeAll | Where-Object { $_.Excluded -eq $false -and $_.delegatedPrivilegeStatus -eq 'directTenant' }
 
         $Tenants = [System.Collections.Generic.List[object]]::new()
         foreach ($Tenant in $TenantList) {
diff --git a/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 b/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1
@@ -22,13 +22,10 @@ function Get-CIPPAuthentication {
             #Get list of tenants that have 'directTenant' set to true
             $tenants = Get-Tenants -IncludeErrors | Where-Object -Property delegatedPrivilegeStatus -EQ 'directTenant'
             if ($tenants) {
-                Write-Host "Found $($tenants.Count) tenants with directTenant set to true"
                 $tenants | ForEach-Object {
                     $secretname = $_.customerId -replace '-', '_'
                     if ($secret.$secretname) {
                         $name = $_.customerId
-                        Write-Host "Setting $name to $($secret.$secretname)"
-
                         Set-Item -Path env:$name -Value $secret.$secretname -Force
                     }
                 }
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1
@@ -7,8 +7,10 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
     if (!$env:SetFromProfile) { $CIPPAuth = Get-CIPPAuthentication; Write-Host 'Could not get Refreshtoken from environment variable. Reloading token.' }
     #If the $env:<$tenantid> is set, use that instead of the refreshtoken for all tenants.
     $refreshToken = $env:RefreshToken
+    if (!$tenantid) { $tenantid = $env:TenantID }
     $ClientType = Get-Tenants -IncludeErrors -TenantFilter $tenantid
     if ($clientType.delegatedPrivilegeStatus -eq 'directTenant') {
+        Write-Host "Using direct tenant refresh token for $($clientType.customerId)"
         $ClientRefreshToken = Get-Item -Path "env:\$($clientType.customerId)" -ErrorAction SilentlyContinue
         $refreshToken = $ClientRefreshToken.Value
     }
@@ -47,7 +49,6 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
         }
     }
 
-    if (!$tenantid) { $tenantid = $env:TenantID }
 
     $TokenKey = '{0}-{1}-{2}' -f $tenantid, $scope, $asApp
 
diff --git a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1
@@ -122,12 +122,12 @@ function Invoke-HuduExtensionSync {
         $Links = @(
             @{
                 Title = 'M365 Admin Portal'
-                URL   = 'https://admin.cloud.microsoft/?delegatedOrg={0}' -f $Tenant.initialDomainName
+                URL   = 'https://admin.cloud.microsoft?delegatedOrg={0}' -f $Tenant.initialDomainName
                 Icon  = 'fas fa-cogs'
             }
             @{
                 Title = 'Exchange Admin Portal'
-                URL   = 'https://admin.cloud.microsoft/exchange/?delegatedOrg={0}' -f $Tenant.initialDomainName
+                URL   = 'https://admin.cloud.microsoft/exchange?delegatedOrg={0}' -f $Tenant.initialDomainName
                 Icon  = 'fas fa-mail-bulk'
             }
             @{
diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1
@@ -1523,7 +1523,7 @@ function Invoke-NinjaOneTenantSync {
             $ManagementLinksData = @(
                 @{
                     Name = 'M365 Admin Portal'
-                    Link = "https://admin.cloud.microsoft/?delegatedOrg=$($customer.defaultDomainName)"
+                    Link = "https://admin.cloud.microsoft?delegatedOrg=$($customer.defaultDomainName)"
                     Icon = 'fas fa-cogs'
                 },
                 @{
@@ -1548,7 +1548,7 @@ function Invoke-NinjaOneTenantSync {
                 },
                 @{
                     Name = 'Teams Admin'
-                    Link = "https://admin.teams.microsoft.com/?delegatedOrg=$($Customer.defaultDomainName)"
+                    Link = "https://admin.teams.microsoft.com?delegatedOrg=$($Customer.defaultDomainName)"
                     Icon = 'fas fa-users'
                 },
                 @{

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ function Start-UpdatePermissionsOrchestrator {`
`15`	`15`	`'displayName' = '*Partner Tenant'`
`16`	`16`	`}`
`17`	`17`
`18`		`- $TenantList = Get-Tenants -IncludeAll \| Where-Object { $_.Excluded -eq $false }`
	`18`	`+ $TenantList = Get-Tenants -IncludeAll \| Where-Object { $_.Excluded -eq $false -and $_.delegatedPrivilegeStatus -eq 'directTenant' }`
`19`	`19`
`20`	`20`	`$Tenants = [System.Collections.Generic.List[object]]::new()`
`21`	`21`	`foreach ($Tenant in $TenantList) {`
Original file line number	Diff line number	Diff line change
`@@ -22,13 +22,10 @@ function Get-CIPPAuthentication {`
`22`	`22`	`#Get list of tenants that have 'directTenant' set to true`
`23`	`23`	`$tenants = Get-Tenants -IncludeErrors \| Where-Object -Property delegatedPrivilegeStatus -EQ 'directTenant'`
`24`	`24`	`if ($tenants) {`
`25`		`- Write-Host "Found $($tenants.Count) tenants with directTenant set to true"`
`26`	`25`	`$tenants \| ForEach-Object {`
`27`	`26`	`$secretname = $_.customerId -replace '-', '_'`
`28`	`27`	`if ($secret.$secretname) {`
`29`	`28`	`$name = $_.customerId`
`30`		`- Write-Host "Setting $name to $($secret.$secretname)"`
`31`		`-`
`32`	`29`	`Set-Item -Path env:$name -Value $secret.$secretname -Force`
`33`	`30`	`}`
`34`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,10 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT`
`7`	`7`	`if (!$env:SetFromProfile) { $CIPPAuth = Get-CIPPAuthentication; Write-Host 'Could not get Refreshtoken from environment variable. Reloading token.' }`
`8`	`8`	`#If the $env:<$tenantid> is set, use that instead of the refreshtoken for all tenants.`
`9`	`9`	`$refreshToken = $env:RefreshToken`
	`10`	`+ if (!$tenantid) { $tenantid = $env:TenantID }`
`10`	`11`	`$ClientType = Get-Tenants -IncludeErrors -TenantFilter $tenantid`
`11`	`12`	`if ($clientType.delegatedPrivilegeStatus -eq 'directTenant') {`
	`13`	`+ Write-Host "Using direct tenant refresh token for $($clientType.customerId)"`
`12`	`14`	`$ClientRefreshToken = Get-Item -Path "env:\$($clientType.customerId)" -ErrorAction SilentlyContinue`
`13`	`15`	`$refreshToken = $ClientRefreshToken.Value`
`14`	`16`	`}`
`@@ -47,7 +49,6 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT`
`47`	`49`	`}`
`48`	`50`	`}`
`49`	`51`
`50`		`- if (!$tenantid) { $tenantid = $env:TenantID }`
`51`	`52`
`52`	`53`	`$TokenKey = '{0}-{1}-{2}' -f $tenantid, $scope, $asApp`
`53`	`54`