Merge pull request #627 from KelvinTegelaar/dev

pull[bot] · web-flow · commit b3f2201b6ac6 · 2025-12-18T06:41:21.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/.github/workflows/dev_api.yml b/.github/workflows/dev_api.yml
@@ -26,13 +26,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
       - name: Login to Azure
         uses: azure/login@v2
         with:
diff --git a/Config/schemaDefinitions.json b/Config/schemaDefinitions.json
@@ -2,15 +2,46 @@
   {
     "id": "cippUser",
     "description": "CIPP User Schema",
-    "targetTypes": ["User"],
+    "targetTypes": [
+      "User"
+    ],
     "properties": [
-      { "name": "jitAdminEnabled", "type": "Boolean" },
-      { "name": "jitAdminExpiration", "type": "DateTime" },
-      { "name": "jitAdminReason", "type": "String" },
-      { "name": "mailboxType", "type": "String" },
-      { "name": "archiveEnabled", "type": "Boolean" },
-      { "name": "autoExpandingArchiveEnabled", "type": "Boolean" },
-      { "name": "perUserMfaState", "type": "String" }
+      {
+        "name": "jitAdminEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "jitAdminExpiration",
+        "type": "DateTime"
+      },
+      {
+        "name": "jitAdminReason",
+        "type": "String"
+      },
+      {
+        "name": "jitAdminStartDate",
+        "type": "DateTime"
+      },
+      {
+        "name": "jitAdminCreatedBy",
+        "type": "String"
+      },
+      {
+        "name": "mailboxType",
+        "type": "String"
+      },
+      {
+        "name": "archiveEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "autoExpandingArchiveEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "perUserMfaState",
+        "type": "String"
+      }
     ],
     "status": "Available"
   }
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPAccessAssignments.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPAccessAssignments.ps1
@@ -2,6 +2,8 @@ function Invoke-ListGDAPAccessAssignments {
     <#
     .FUNCTIONALITY
         Entrypoint,AnyTenant
+    .ROLE
+        Tenant.Relationship.Read
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1
@@ -36,7 +36,7 @@ function Invoke-ListFunctionParameters {
             $Functions = Get-Command @CommandQuery | Where-Object { $_.Visibility -eq 'Public' }
         }
         $Results = foreach ($Function in $Functions) {
-            if ($Function -In $TemporaryBlacklist) { continue }
+            if ($Function -in $TemporaryBlacklist) { continue }
             $GetHelp = @{
                 Name = $Function
             }
@@ -72,8 +72,8 @@ function Invoke-ListFunctionParameters {
         $StatusCode = [HttpStatusCode]::BadRequest
     }
     return [HttpResponseContext]@{
-            StatusCode = $StatusCode
-            Body       = @($Results)
-        }
+        StatusCode = $StatusCode
+        Body       = @($Results)
+    }
 
 }
diff --git a/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 b/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1
@@ -70,7 +70,7 @@ function Set-CIPPUserJITAdmin {
                         forceChangePasswordNextSignInWithMfa = $false
                         password                             = $Password
                     }
-                    $Schema.id        = @{
+                    "$($Schema.id)"   = @{
                         jitAdminEnabled    = $false
                         jitAdminExpiration = $Expiration.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
                         jitAdminStartDate  = if ($StartDate) { $StartDate.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ') } else { $null }
@@ -127,8 +127,11 @@ function Set-CIPPUserJITAdmin {
                         New-GraphPOSTRequest -type PATCH -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $TenantFilter -body $Json | Out-Null
                     } catch {}
                 }
+                $CreatedBy = if ($Headers) {
+                    ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails
+                } else { 'Unknown' }
 
-                Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Enabled -Expiration $Expiration -StartDate $StartDate -Reason $Reason -CreatedBy (if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }) | Out-Null
+                Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Enabled -Expiration $Expiration -StartDate $StartDate -Reason $Reason -CreatedBy $CreatedBy | Out-Null
                 $Message = "Added admin roles to user $($UserObj.displayName) ($($UserObj.userPrincipalName)). Reason: $Reason"
                 $LogData = @{
                     UserPrincipalName = $UserObj.userPrincipalName
diff --git a/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 b/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1
@@ -209,8 +209,8 @@ function Test-CIPPAuditLogRules {
         } else {
             # Use cached lookups
             $Users = ($Lookups | Where-Object { $_.RowKey -eq 'users' }).Data | ConvertFrom-Json
-            $Groups = (($Lookups | Where-Object { $_.RowKey -eq 'groups' }).Data | ConvertFrom-Json) ?? @()
-            $Devices = (($Lookups | Where-Object { $_.RowKey -eq 'devices' }).Data | ConvertFrom-Json) ?? @()
+            $Groups = (($Lookups | Where-Object { $_.RowKey -eq 'groups' }).Data | ConvertFrom-Json -ErrorAction SilentlyContinue) ?? @()
+            $Devices = (($Lookups | Where-Object { $_.RowKey -eq 'devices' }).Data | ConvertFrom-Json -ErrorAction SilentlyContinue) ?? @()
             $ServicePrincipals = ($Lookups | Where-Object { $_.RowKey -eq 'servicePrincipals' }).Data | ConvertFrom-Json
             Write-Information "Using cached directory lookups for tenant $TenantFilter"
         }
diff --git a/Tools/Build-FunctionPermissions.ps1 b/Tools/Build-FunctionPermissions.ps1
@@ -70,7 +70,7 @@ foreach ($command in $commands | Sort-Object -Property Name | Select-Object -Uni
         $functionality = ''
     }
 
-    if ($role -or $functionality) {
+    if ($role -and $functionality) {
         $permissions[$command.Name] = @{
             Role          = $role
             Functionality = $functionality

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ function Invoke-ListFunctionParameters {`
`36`	`36`	`$Functions = Get-Command @CommandQuery \| Where-Object { $_.Visibility -eq 'Public' }`
`37`	`37`	`}`
`38`	`38`	`$Results = foreach ($Function in $Functions) {`
`39`		`- if ($Function -In $TemporaryBlacklist) { continue }`
	`39`	`+ if ($Function -in $TemporaryBlacklist) { continue }`
`40`	`40`	`$GetHelp = @{`
`41`	`41`	`Name = $Function`
`42`	`42`	`}`
`@@ -72,8 +72,8 @@ function Invoke-ListFunctionParameters {`
`72`	`72`	`$StatusCode = [HttpStatusCode]::BadRequest`
`73`	`73`	`}`
`74`	`74`	`return [HttpResponseContext]@{`
`75`		`- StatusCode = $StatusCode`
`76`		`- Body = @($Results)`
`77`		`- }`
	`75`	`+ StatusCode = $StatusCode`
	`76`	`+ Body = @($Results)`
	`77`	`+ }`
`78`	`78`
`79`	`79`	`}`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ foreach ($command in $commands \| Sort-Object -Property Name \| Select-Object -Uni`
`70`	`70`	`$functionality = ''`
`71`	`71`	`}`
`72`	`72`
`73`		`- if ($role -or $functionality) {`
	`73`	`+ if ($role -and $functionality) {`
`74`	`74`	`$permissions[$command.Name] = @{`
`75`	`75`	`Role = $role`
`76`	`76`	`Functionality = $functionality`