Merge pull request #541 from KelvinTegelaar/dev

pull[bot] · web-flow · commit e3999fee00cd · 2025-11-13T18:41:22.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/.github/workflows/dev_clouduptest.yml b/.github/workflows/dev_clouduptest.yml
diff --git a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccessUserRole.ps1 b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccessUserRole.ps1
@@ -21,7 +21,7 @@ function Test-CIPPAccessUserRole {
     )
     $Roles = @()
     $Table = Get-CippTable -TableName cacheAccessUserRoles
-    $Filter = "PartitionKey eq 'AccessRole' and RowKey eq '$($User.userDetails)' and Timestamp ge datetime'$((Get-Date).AddMinutes(-15).ToString('yyyy-MM-ddTHH:mm:ss'))'"
+    $Filter = "PartitionKey eq 'AccessUser' and RowKey eq '$($User.userDetails)' and Timestamp ge datetime'$((Get-Date).AddMinutes(-15).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffZ'))'"
     $UserRole = Get-CIPPAzDataTableEntity @Table -Filter $Filter
     if ($UserRole) {
         Write-Information "Found cached user role for $($User.userDetails)"
@@ -31,27 +31,34 @@ function Test-CIPPAccessUserRole {
             $uri = "https://graph.microsoft.com/beta/users/$($User.userDetails)/transitiveMemberOf"
             $Memberships = New-GraphGetRequest -uri $uri -NoAuthCheck $true | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.group' }
             if ($Memberships) {
-                Write-Information "Found user roles for $($User.userDetails)"
+                Write-Information "Found group memberships for $($User.userDetails)"
             } else {
-                Write-Information "No user roles found for $($User.userDetails)"
+                Write-Information "No group memberships found for $($User.userDetails)"
             }
         } catch {
             Write-Information "Could not get user roles for $($User.userDetails). $($_.Exception.Message)"
             return $User
         }
 
         $AccessGroupsTable = Get-CippTable -TableName AccessRoleGroups
-        $AccessGroups = Get-CIPPAzDataTableEntity @AccessGroupsTable
+        $AccessGroups = Get-CIPPAzDataTableEntity @AccessGroupsTable -Filter "PartitionKey eq 'AccessRoleGroups'"
+        $CustomRolesTable = Get-CippTable -TableName CustomRoles
+        $CustomRoles = Get-CIPPAzDataTableEntity @CustomRolesTable -Filter "PartitionKey eq 'CustomRoles'"
+        $BaseRoles = @('superadmin', 'admin', 'editor', 'readonly')
 
         $Roles = foreach ($AccessGroup in $AccessGroups) {
-            if ($Memberships.id -contains $AccessGroup.GroupId) {
+            if ($Memberships.id -contains $AccessGroup.GroupId -and ($CustomRoles.RowKey -contains $AccessGroup.RowKey -or $BaseRoles -contains $AccessGroup.RowKey)) {
                 $AccessGroup.RowKey
             }
         }
 
         $Roles = @($Roles) + @($User.userRoles)
 
-        if (($Roles | Measure-Object).Count -gt 0) {
+        if ($Roles) {
+            Write-Information "Roles determined for $($User.userDetails): $($Roles -join ', ')"
+        }
+
+        if (($Roles | Measure-Object).Count -gt 2) {
             $UserRole = [PSCustomObject]@{
                 PartitionKey = 'AccessUser'
                 RowKey       = [string]$User.userDetails
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1
@@ -110,6 +110,10 @@ function Invoke-ExecCustomRole {
             Write-Information "Deleting custom role $($Request.Body.RoleName)"
             $Role = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.RoleName)'" -Property RowKey, PartitionKey
             Remove-AzDataTableEntity -Force @Table -Entity $Role
+            $AccessRoleGroup = Get-CIPPAzDataTableEntity @AccessRoleGroupTable -Filter "PartitionKey eq 'AccessRoleGroups' and RowKey eq '$($Request.Body.RoleName)'"
+            if ($AccessRoleGroup) {
+                Remove-AzDataTableEntity -Force @AccessRoleGroupTable -Entity $AccessRoleGroup
+            }
             $Body = @{Results = 'Custom role deleted' }
             Write-LogMessage -headers $Request.Headers -API 'ExecCustomRole' -message "Deleted custom role $($Request.Body.RoleName)" -Sev 'Info'
         }
diff --git a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1
@@ -12,7 +12,12 @@ function Invoke-GitHubApiRequest {
     )
 
     $Table = Get-CIPPTable -TableName Extensionsconfig
-    $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub
+    $ExtensionConfig = (Get-CIPPAzDataTableEntity @Table).config
+    if (Test-Json -Json $ExtensionConfig) {
+        $Configuration = ($ExtensionConfig | ConvertFrom-Json).GitHub
+    } else {
+        $Configuration = @{ Enabled = $false }
+    }
 
     if ($Configuration.Enabled) {
         $APIKey = Get-ExtensionAPIKey -Extension 'GitHub'
