pjustdtech
diff --git a/‎.github/workflows/dev_api.yml‎
Lines changed: 0 additions & 61 deletions b/‎.github/workflows/dev_api.yml‎
Lines changed: 0 additions & 61 deletions
diff --git a/‎.github/workflows/publish_release.yml‎
Lines changed: 0 additions & 62 deletions b/‎.github/workflows/publish_release.yml‎
Lines changed: 0 additions & 62 deletions
diff --git a/‎.github/workflows/upload_dev.yml‎
Lines changed: 0 additions & 60 deletions b/‎.github/workflows/upload_dev.yml‎
Lines changed: 0 additions & 60 deletions
diff --git a/‎Config/schemaDefinitions.json‎
Lines changed: 39 additions & 8 deletions b/‎Config/schemaDefinitions.json‎
Lines changed: 39 additions & 8 deletions
diff --git a/‎Modules/CIPPCore/Public/Alerts/Get-CIPPAlertGlobalAdminAllowList.ps1‎
Lines changed: 6 additions & 6 deletions b/‎Modules/CIPPCore/Public/Alerts/Get-CIPPAlertGlobalAdminAllowList.ps1‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMXRecordChanged.ps1‎
Lines changed: 6 additions & 6 deletions b/‎Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMXRecordChanged.ps1‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎Modules/CIPPCore/Public/Alerts/Get-CIPPAlertRestrictedUsers.ps1‎
Lines changed: 1 addition & 1 deletion b/‎Modules/CIPPCore/Public/Alerts/Get-CIPPAlertRestrictedUsers.ps1‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Modules/CIPPCore/Public/Authentication/Get-CippAllowedPermissions.ps1‎
Lines changed: 1 addition & 1 deletion b/‎Modules/CIPPCore/Public/Authentication/Get-CippAllowedPermissions.ps1‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAServiceExclusion.ps1‎
Lines changed: 5 additions & 5 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAServiceExclusion.ps1‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPAccessAssignments.ps1‎
Lines changed: 2 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPAccessAssignments.ps1‎
Lines changed: 2 additions & 0 deletions
@@ -25,67 +25,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-    
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
-      - name: Install ModuleBuilder
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module ModuleBuilder -AllowClobber -Force
-
-      - name: Build CIPPCore Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CIPPCore"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Generate function permissions before replacing the source module
-          $ToolsPath = Join-Path $env:GITHUB_WORKSPACE "Tools"
-          $ScriptPath = Join-Path $ToolsPath "Build-FunctionPermissions.ps1"
-          pwsh -File $ScriptPath -ModulePath $ModulePath
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CIPPCore") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-      - name: Build CippExtensions Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CippExtensions"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CippExtensions") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
 
       - name: Login to Azure
         uses: azure/login@v2
 
@@ -70,68 +70,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
-      - name: Install ModuleBuilder
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module ModuleBuilder -AllowClobber -Force
-
-      - name: Build CIPPCore Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CIPPCore"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Generate function permissions before replacing the source module
-          $ToolsPath = Join-Path $env:GITHUB_WORKSPACE "Tools"
-          $ScriptPath = Join-Path $ToolsPath "Build-FunctionPermissions.ps1"
-          pwsh -File $ScriptPath -ModulePath $ModulePath
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CIPPCore") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-      - name: Build CippExtensions Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CippExtensions"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CippExtensions") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-
       # Create ZIP File in a New Source Directory
       - name: Prepare and Zip Release Files
         if: env.tag_exists == 'false'
 
@@ -17,66 +17,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
-      - name: Install ModuleBuilder
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module ModuleBuilder -AllowClobber -Force
-
-      - name: Build CIPPCore Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CIPPCore"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Generate function permissions before replacing the source module
-          $ToolsPath = Join-Path $env:GITHUB_WORKSPACE "Tools"
-          $ScriptPath = Join-Path $ToolsPath "Build-FunctionPermissions.ps1"
-          pwsh -File $ScriptPath -ModulePath $ModulePath
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CIPPCore") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-      - name: Build CippExtensions Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CippExtensions"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CippExtensions") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
 
       # Create ZIP File in a New Source Directory
       - name: Prepare and Zip Release Files
 
@@ -2,15 +2,46 @@
   {
     "id": "cippUser",
     "description": "CIPP User Schema",
-    "targetTypes": ["User"],
+    "targetTypes": [
+      "User"
+    ],
     "properties": [
-      { "name": "jitAdminEnabled", "type": "Boolean" },
-      { "name": "jitAdminExpiration", "type": "DateTime" },
-      { "name": "jitAdminReason", "type": "String" },
-      { "name": "mailboxType", "type": "String" },
-      { "name": "archiveEnabled", "type": "Boolean" },
-      { "name": "autoExpandingArchiveEnabled", "type": "Boolean" },
-      { "name": "perUserMfaState", "type": "String" }
+      {
+        "name": "jitAdminEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "jitAdminExpiration",
+        "type": "DateTime"
+      },
+      {
+        "name": "jitAdminReason",
+        "type": "String"
+      },
+      {
+        "name": "jitAdminStartDate",
+        "type": "DateTime"
+      },
+      {
+        "name": "jitAdminCreatedBy",
+        "type": "String"
+      },
+      {
+        "name": "mailboxType",
+        "type": "String"
+      },
+      {
+        "name": "archiveEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "autoExpandingArchiveEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "perUserMfaState",
+        "type": "String"
+      }
     ],
     "status": "Available"
   }
 
@@ -46,8 +46,8 @@ function Get-CIPPAlertGlobalAdminAllowList {
             $UpnPrefix = ($admin.userPrincipalName -split '@')[0].ToLowerInvariant()
             if ($AllowedLookup -notcontains $UpnPrefix) {
                 [PSCustomObject]@{
-                    Admin      = $admin
-                    UpnPrefix  = $UpnPrefix
+                    Admin     = $admin
+                    UpnPrefix = $UpnPrefix
                 }
             }
         }
@@ -69,10 +69,10 @@ function Get-CIPPAlertGlobalAdminAllowList {
             } else {
                 $NonCompliantUpns = @($UnapprovedAdmins.Admin.userPrincipalName)
                 $AlertData = @([PSCustomObject]@{
-                        Message            = "Found $($NonCompliantUpns.Count) Global Administrator account(s) not in the approved allow list."
-                        NonCompliantUsers  = $NonCompliantUpns
-                        ApprovedPrefixes   = if ($AllowedAdmins) { $AllowedAdmins -join ', ' } else { 'Not provided' }
-                        Tenant             = $TenantFilter
+                        Message           = "Found $($NonCompliantUpns.Count) Global Administrator account(s) not in the approved allow list."
+                        NonCompliantUsers = $NonCompliantUpns -join ', '
+                        ApprovedPrefixes  = if ($AllowedAdmins) { $AllowedAdmins -join ', ' } else { 'Not provided' }
+                        Tenant            = $TenantFilter
                     })
             }
 
 
@@ -30,12 +30,12 @@ function Get-CIPPAlertMXRecordChanged {
         # Update cache with current data
         foreach ($Domain in $DomainData) {
             $CacheEntity = @{
-                PartitionKey    = $TenantFilter
-                RowKey          = $Domain.Domain
-                Domain          = $Domain.Domain
-                ActualMXRecords = $Domain.ActualMXRecords
-                LastRefresh     = $Domain.LastRefresh
-                MailProvider    = $Domain.MailProvider
+                PartitionKey    = [string]$TenantFilter
+                RowKey          = [string]$Domain.Domain
+                Domain          = [string]$Domain.Domain
+                ActualMXRecords = [string]$Domain.ActualMXRecords
+                LastRefresh     = [string]$Domain.LastRefresh
+                MailProvider    = [string]$Domain.MailProvider
             }
             Add-CIPPAzDataTableEntity @CacheTable -Entity $CacheEntity -Force
         }
 
@@ -37,6 +37,6 @@
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
         }
     } catch {
-        Write-AlertMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+        Write-LogMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" -severity 'Error' -API 'Get-CIPPAlertRestrictedUsers' -LogData (Get-CippException -Exception $_)
     }
 }
@@ -32,7 +32,7 @@ function Get-CippAllowedPermissions {
     $AllPermissionCacheTable = Get-CIPPTable -tablename 'cachehttppermissions'
     $AllPermissionsRow = Get-CIPPAzDataTableEntity @AllPermissionCacheTable -Filter "PartitionKey eq 'HttpFunctions' and RowKey eq 'HttpFunctions' and Version eq '$($Version)'"
 
-    if (-not $AllPermissionsRow) {
+    if (-not $AllPermissionsRow.Permissions) {
         $AllPermissions = Get-CIPPHttpFunctions -ByRole | Select-Object -ExpandProperty Permission
         $Entity = @{
             PartitionKey = 'HttpFunctions'
 
@@ -1,4 +1,4 @@
-Function Invoke-ExecCAServiceExclusion {
+function Invoke-ExecCAServiceExclusion {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -17,15 +17,15 @@ Function Invoke-ExecCAServiceExclusion {
     try {
         $result = Set-CIPPCAPolicyServiceException -TenantFilter $TenantFilter -PolicyId $ID
         $Body = @{ Results = $result }
-        Write-LogMessage -headers $Headers -API 'Set-CIPPCAPolicyServiceException' -message $Message -Sev 'Info' -tenant $TenantFilter
+        Write-LogMessage -headers $Headers -API 'Set-CIPPCAPolicyServiceException' -message $result -Sev 'Info' -tenant $TenantFilter
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
         $Body = @{ Results = "Failed to add service provider exception to policy $($ID): $($ErrorMessage.NormalizedError)" }
         Write-LogMessage -headers $Headers -API 'Set-CIPPCAPolicyServiceException' -message "Failed to update policy $($PolicyId) with service provider exception for tenant $($CSPtenantId): $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_)
     }
 
     return ([HttpResponseContext]@{
-        StatusCode = [HttpStatusCode]::OK
-        Body       = $Body
-    })
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Body
+        })
 }
@@ -2,6 +2,8 @@ function Invoke-ListGDAPAccessAssignments {
     <#
     .FUNCTIONALITY
         Entrypoint,AnyTenant
+    .ROLE
+        Tenant.Relationship.Read
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
Original file line number	Diff line number	Diff line change
`@@ -46,8 +46,8 @@ function Get-CIPPAlertGlobalAdminAllowList {`
`46`	`46`	`$UpnPrefix = ($admin.userPrincipalName -split '@')[0].ToLowerInvariant()`
`47`	`47`	`if ($AllowedLookup -notcontains $UpnPrefix) {`
`48`	`48`	`[PSCustomObject]@{`
`49`		`- Admin = $admin`
`50`		`- UpnPrefix = $UpnPrefix`
	`49`	`+ Admin = $admin`
	`50`	`+ UpnPrefix = $UpnPrefix`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`	`}`
`@@ -69,10 +69,10 @@ function Get-CIPPAlertGlobalAdminAllowList {`
`69`	`69`	`} else {`
`70`	`70`	`$NonCompliantUpns = @($UnapprovedAdmins.Admin.userPrincipalName)`
`71`	`71`	`$AlertData = @([PSCustomObject]@{`
`72`		`- Message = "Found $($NonCompliantUpns.Count) Global Administrator account(s) not in the approved allow list."`
`73`		`- NonCompliantUsers = $NonCompliantUpns`
`74`		`- ApprovedPrefixes = if ($AllowedAdmins) { $AllowedAdmins -join ', ' } else { 'Not provided' }`
`75`		`- Tenant = $TenantFilter`
	`72`	`+ Message = "Found $($NonCompliantUpns.Count) Global Administrator account(s) not in the approved allow list."`
	`73`	`+ NonCompliantUsers = $NonCompliantUpns -join ', '`
	`74`	`+ ApprovedPrefixes = if ($AllowedAdmins) { $AllowedAdmins -join ', ' } else { 'Not provided' }`
	`75`	`+ Tenant = $TenantFilter`
`76`	`76`	`})`
`77`	`77`	`}`
`78`	`78`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,6 @@`
`37`	`37`	`Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData`
`38`	`38`	`}`
`39`	`39`	`} catch {`
`40`		`- Write-AlertMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"`
	`40`	`+ Write-LogMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" -severity 'Error' -API 'Get-CIPPAlertRestrictedUsers' -LogData (Get-CippException -Exception $_)`
`41`	`41`	`}`
`42`	`42`	`}`