Merge pull request #464 from KelvinTegelaar/dev

pull[bot] · web-flow · commit f484ba01bbe7 · 2025-09-24T00:41:21.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1
@@ -61,6 +61,42 @@ function Invoke-ExecCustomRole {
                 $Body = @{Results = "Failed to save custom role $($Request.Body.RoleName)" }
             }
         }
+        'Clone' {
+            try {
+                if ($Request.Body.NewRoleName -in $DefaultRoles) {
+                    throw "Role name $($Request.Body.NewRoleName) cannot be used"
+                }
+                $ExistingRole = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.RoleName.ToLower())'"
+                if (!$ExistingRole) {
+                    throw "Role $($Request.Body.RoleName) not found"
+                }
+
+                if ($ExistingRole.RowKey -eq $Request.Body.NewRoleName.ToLower()) {
+                    throw "New role name cannot be the same as the existing role name"
+                }
+
+                $NewRoleTest = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.NewRoleName.ToLower())'"
+                if ($NewRoleTest) {
+                    throw "Role name $($Request.Body.NewRoleName) already exists"
+                }
+
+                $NewRole = @{
+                    'PartitionKey'     = 'CustomRoles'
+                    'RowKey'           = "$($Request.Body.NewRoleName.ToLower())"
+                    'Permissions'      = $ExistingRole.Permissions
+                    'AllowedTenants'   = $ExistingRole.AllowedTenants
+                    'BlockedTenants'   = $ExistingRole.BlockedTenants
+                    'BlockedEndpoints' = $ExistingRole.BlockedEndpoints
+                }
+                Add-CIPPAzDataTableEntity @Table -Entity $NewRole -Force | Out-Null
+                $Body = @{Results = "Custom role '$($Request.Body.NewRoleName)' cloned from '$($Request.Body.RoleName)'" }
+                Write-LogMessage -headers $Request.Headers -API 'ExecCustomRole' -message "Cloned custom role $($Request.Body.RoleName) to $($Request.Body.NewRoleName)" -Sev 'Info'
+            } catch {
+                Write-Warning "Failed to clone custom role $($Request.Body.RoleName): $($_.Exception.Message)"
+                Write-Warning $_.InvocationInfo.PositionMessage
+                $Body = @{Results = "Failed to clone custom role $($Request.Body.RoleName)" }
+            }
+        }
         'Delete' {
             Write-Information "Deleting custom role $($Request.Body.RoleName)"
             $Role = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.RoleName)'" -Property RowKey, PartitionKey
diff --git a/Modules/CIPPCore/Public/Get-CIPPTextReplacement.ps1 b/Modules/CIPPCore/Public/Get-CIPPTextReplacement.ps1
@@ -13,7 +13,8 @@ function Get-CIPPTextReplacement {
     #>
     param (
         [string]$TenantFilter,
-        $Text
+        $Text,
+        [switch]$EscapeForJson
     )
     if ($Text -isnot [string]) {
         return $Text
@@ -54,13 +55,21 @@ function Get-CIPPTextReplacement {
     $Vars = @{}
     if ($GlobalMap) {
         foreach ($Var in $GlobalMap) {
+            if ($EscapeForJson.IsPresent) {
+                # Escape quotes for JSON if not already escaped
+                $Var.Value = $Var.Value -replace '(?<!\\)"', '\"'
+            }
             $Vars[$Var.RowKey] = $Var.Value
         }
     }
     # Tenant Specific Variables
     $ReplaceMap = Get-CIPPAzDataTableEntity @ReplaceTable -Filter "PartitionKey eq '$CustomerId'"
     if ($ReplaceMap) {
         foreach ($Var in $ReplaceMap) {
+            if ($EscapeForJson.IsPresent) {
+                # Escape quotes for JSON if not already escaped
+                $Var.Value = $Var.Value -replace '(?<!\\)"', '\"'
+            }
             $Vars[$Var.RowKey] = $Var.Value
         }
     }
diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1
@@ -22,7 +22,7 @@ function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $N
             $contentType = 'application/json; charset=utf-8'
         }
         try {
-            $body = Get-CIPPTextReplacement -TenantFilter $tenantid -Text $body
+            $body = Get-CIPPTextReplacement -TenantFilter $tenantid -Text $body -EscapeForJson
             $ReturnedData = (Invoke-RestMethod -Uri $($uri) -Method $TYPE -Body $body -Headers $headers -ContentType $contentType -SkipHttpErrorCheck:$IgnoreErrors -ResponseHeadersVariable responseHeaders)
         } catch {
             $Message = if ($_.ErrorDetails.Message) {

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $N`
`22`	`22`	`$contentType = 'application/json; charset=utf-8'`
`23`	`23`	`}`
`24`	`24`	`try {`
`25`		`- $body = Get-CIPPTextReplacement -TenantFilter $tenantid -Text $body`
	`25`	`+ $body = Get-CIPPTextReplacement -TenantFilter $tenantid -Text $body -EscapeForJson`
`26`	`26`	`$ReturnedData = (Invoke-RestMethod -Uri $($uri) -Method $TYPE -Body $body -Headers $headers -ContentType $contentType -SkipHttpErrorCheck:$IgnoreErrors -ResponseHeadersVariable responseHeaders)`
`27`	`27`	`} catch {`
`28`	`28`	`$Message = if ($_.ErrorDetails.Message) {`