Merge pull request KelvinTegelaar#1705 from kris6673/group-soa

KelvinTegelaar · web-flow · commit 9b9a50b60468 · 2025-11-18T17:28:33.000+01:00
Feat: Add functions to manage SOA
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Contacts/Invoke-ListContacts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Contacts/Invoke-ListContacts.ps1
@@ -1,7 +1,7 @@
 using namespace System.Collections.Generic
 using namespace System.Text.RegularExpressions
 
-Function Invoke-ListContacts {
+function Invoke-ListContacts {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -18,10 +18,9 @@ Function Invoke-ListContacts {
     # Early validation and exit
     if (-not $TenantFilter) {
         return ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::BadRequest
-            Body       = 'tenantFilter is required'
-        })
-        return
+                StatusCode = [HttpStatusCode]::BadRequest
+                Body       = 'tenantFilter is required'
+            })
     }
 
     # Pre-compiled regex for MailTip cleaning
@@ -52,35 +51,35 @@ Function Invoke-ListContacts {
         $phones = if ($phoneCapacity -gt 0) {
             $phoneList = [List[hashtable]]::new($phoneCapacity)
             if ($Contact.Phone) {
-                $phoneList.Add(@{ type = "business"; number = $Contact.Phone })
+                $phoneList.Add(@{ type = 'business'; number = $Contact.Phone })
             }
             if ($Contact.MobilePhone) {
-                $phoneList.Add(@{ type = "mobile"; number = $Contact.MobilePhone })
+                $phoneList.Add(@{ type = 'mobile'; number = $Contact.MobilePhone })
             }
             $phoneList.ToArray()
         } else { @() }
 
         return @{
-            id = $Contact.Id
-            displayName = $Contact.DisplayName
-            givenName = $Contact.FirstName
-            surname = $Contact.LastName
-            mail = $mailAddress
-            companyName = $Contact.Company
-            jobTitle = $Contact.Title
-            website = $Contact.WebPage
-            notes = $Contact.Notes
-            hidefromGAL = $MailContact.HiddenFromAddressListsEnabled
-            mailTip = $cleanMailTip
+            id                    = $Contact.Id
+            displayName           = $Contact.DisplayName
+            givenName             = $Contact.FirstName
+            surname               = $Contact.LastName
+            mail                  = $mailAddress
+            companyName           = $Contact.Company
+            jobTitle              = $Contact.Title
+            website               = $Contact.WebPage
+            notes                 = $Contact.Notes
+            hidefromGAL           = $MailContact.HiddenFromAddressListsEnabled
+            mailTip               = $cleanMailTip
             onPremisesSyncEnabled = $Contact.IsDirSynced
-            addresses = @(@{
-                street = $Contact.StreetAddress
-                city = $Contact.City
-                state = $Contact.StateOrProvince
-                countryOrRegion = $Contact.CountryOrRegion
-                postalCode = $Contact.PostalCode
-            })
-            phones = $phones
+            addresses             = @(@{
+                    street          = $Contact.StreetAddress
+                    city            = $Contact.City
+                    state           = $Contact.StateOrProvince
+                    countryOrRegion = $Contact.CountryOrRegion
+                    postalCode      = $Contact.PostalCode
+                })
+            phones                = $phones
         }
     }
 
@@ -98,20 +97,29 @@ Function Invoke-ListContacts {
             }
 
             if (!$Contact -or !$MailContact) {
-                throw "Contact not found or insufficient permissions"
+                throw 'Contact not found or insufficient permissions'
             }
 
             $ContactResponse = ConvertTo-ContactObject -Contact $Contact -MailContact $MailContact
 
         } else {
             # Get all contacts - simplified approach
-            Write-Host "Getting all contacts"
+            Write-Host 'Getting all contacts'
 
             $ContactResponse = New-EXORequest -tenantid $TenantFilter -cmdlet 'Get-Contact' -cmdParams @{
-                Filter = "RecipientTypeDetails -eq 'MailContact'"
+                Filter     = "RecipientTypeDetails -eq 'MailContact'"
                 ResultSize = 'Unlimited'
             } | Select-Object -Property City, Company, Department, DisplayName, FirstName, LastName, IsDirSynced, Guid, WindowsEmailAddress
 
+            # Add Graph ID to each contact based on email match
+            $GraphContacts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/contacts' -tenantid $TenantFilter
+            foreach ($contact in $ContactResponse) {
+                $GraphMatch = $GraphContacts | Where-Object { $_.mail -eq $contact.WindowsEmailAddress }
+                if ($GraphMatch) {
+                    $contact | Add-Member -MemberType NoteProperty -Name 'graphId' -Value $GraphMatch.id -Force
+                }
+            }
+
             # Return empty array if no contacts found
             if (!$ContactResponse) {
                 $ContactResponse = @()
@@ -128,7 +136,7 @@ Function Invoke-ListContacts {
     }
 
     return ([HttpResponseContext]@{
-        StatusCode = $StatusCode
-        Body       = $ContactResponse
-    })
+            StatusCode = $StatusCode
+            Body       = $ContactResponse
+        })
 }
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Invoke-ExecSetCloudManaged.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Invoke-ExecSetCloudManaged.ps1
@@ -0,0 +1,43 @@
+function Invoke-ExecSetCloudManaged {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Identity.DirSync.ReadWrite
+    .DESCRIPTION
+        Sets the cloud-managed status of a user, group, or contact.
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Body.tenantFilter
+    $GroupID = $Request.Body.ID
+    $DisplayName = $Request.Body.displayName
+    $Type = $Request.Body.type
+    $IsCloudManaged = [System.Convert]::ToBoolean($Request.Body.isCloudManaged)
+
+    try {
+        $Params = @{
+            Id             = $GroupID
+            TenantFilter   = $TenantFilter
+            DisplayName    = $DisplayName
+            Type           = $Type
+            IsCloudManaged = $IsCloudManaged
+            APIName        = $APIName
+            Headers        = $Headers
+        }
+        $Result = Set-CIPPCloudManaged @Params
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $Result = "$($_.Exception.Message)"
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+    return ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{'Results' = $Result }
+        })
+}
diff --git a/Modules/CIPPCore/Public/SAMManifest.json b/Modules/CIPPCore/Public/SAMManifest.json
@@ -538,6 +538,18 @@
         {
           "id": "0a42382f-155c-4eb1-9bdc-21548ccaa387",
           "type": "Role"
+        },
+        {
+          "id": "2d9bd318-b883-40be-9df7-63ec4fcdc424",
+          "type": "Role"
+        },
+        {
+          "id": "c8948c23-e66b-42db-83fd-770b71ab78d2",
+          "type": "Role"
+        },
+        {
+          "id": "a94a502d-0281-4d15-8cd2-682ac9362c4c",
+          "type": "Role"
         }
       ]
     },
diff --git a/Modules/CIPPCore/Public/Set-CIPPCloudManaged.ps1 b/Modules/CIPPCore/Public/Set-CIPPCloudManaged.ps1
@@ -0,0 +1,34 @@
+function Set-CIPPCloudManaged(
+    [string]$TenantFilter,
+    [string]$Id,
+    [string]$DisplayName,
+    [ValidateSet('User', 'Group', 'Contact')]
+    [string]$Type,
+    [bool]$IsCloudManaged,
+    [string]$APIName = 'Set Cloud Managed',
+    $Headers
+) {
+    try {
+        $statusText = if ($IsCloudManaged -eq $true) { 'cloud-managed' } else { 'on-premises managed' }
+
+        $URI = switch ($Type) {
+            'User' { "https://graph.microsoft.com/beta/users/$Id/onPremisesSyncBehavior" }
+            'Group' { "https://graph.microsoft.com/beta/groups/$Id/onPremisesSyncBehavior" }
+            'Contact' { "https://graph.microsoft.com/beta/contacts/$Id/onPremisesSyncBehavior" }
+        }
+
+        $Body = @{
+            isCloudManaged = $IsCloudManaged
+        } | ConvertTo-Json -Depth 10
+
+        $null = New-GraphPOSTRequest -uri $URI -type PATCH -tenantid $TenantFilter -body $Body -AsApp $true
+        $Message = "Successfully set $Type $DisplayName ($Id) source of authority to $statusText"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
+        return $Message
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Message = "Failed to set $Type $DisplayName ($Id) source of authority to ${statusText}: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Error' -LogData $ErrorMessage
+        throw $Message
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -538,6 +538,18 @@`
`538`	`538`	`{`
`539`	`539`	`"id": "0a42382f-155c-4eb1-9bdc-21548ccaa387",`
`540`	`540`	`"type": "Role"`
	`541`	`+ },`
	`542`	`+ {`
	`543`	`+ "id": "2d9bd318-b883-40be-9df7-63ec4fcdc424",`
	`544`	`+ "type": "Role"`
	`545`	`+ },`
	`546`	`+ {`
	`547`	`+ "id": "c8948c23-e66b-42db-83fd-770b71ab78d2",`
	`548`	`+ "type": "Role"`
	`549`	`+ },`
	`550`	`+ {`
	`551`	`+ "id": "a94a502d-0281-4d15-8cd2-682ac9362c4c",`
	`552`	`+ "type": "Role"`
`541`	`553`	`}`
`542`	`554`	`]`
`543`	`555`	`},`