Skip to content

Commit 5b3b68c

Browse files
JohnDupreyJohnDuprey
committed
fix group edit from users list
1 parent fd89089 commit 5b3b68c

File tree

1 file changed

+37
-35
lines changed
  • Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups

1 file changed

+37
-35
lines changed

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1

Lines changed: 37 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -20,26 +20,28 @@ Function Invoke-EditGroup {
2020
# Write to the Azure Functions log stream.
2121
Write-Host 'PowerShell HTTP trigger function processed a request.'
2222

23-
$AddMembers = ($userobj.Addmember).value
24-
$userobj.groupId = $userobj.groupId.value ? $userobj.groupId.value : $userobj.groupId
23+
$AddMembers = ($userobj.Addmember).value ?? $userobj.AddMember
24+
$userobj.groupId = $userobj.groupId.value ?? $userobj.groupId
25+
26+
$TenantId = $userobj.tenantid ?? $userobj.tenantFilter
2527

2628
if ($AddMembers) {
2729
$AddMembers | ForEach-Object {
2830
try {
2931
$member = $_
3032
if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
31-
$MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $Userobj.tenantid).id
33+
$MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantId).id
3234
$addmemberbody = "{ `"[email protected]`": $(ConvertTo-Json @($MemberIDs)) }"
3335
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
3436
$Params = @{ Identity = $userobj.groupid; Member = $member; BypassSecurityGroupManagerCheck = $true }
35-
New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
37+
New-ExoRequest -tenantid $TenantId -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
3638
} else {
37-
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)" -tenantid $Userobj.tenantid -type patch -body $addmemberbody -Verbose
39+
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)" -tenantid $TenantId -type patch -body $addmemberbody -Verbose
3840
}
39-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Added $member to $($GroupName) group" -Sev 'Info'
41+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Added $member to $($GroupName) group" -Sev 'Info'
4042
$null = $results.add("Success. $member has been added to $($GroupName)")
4143
} catch {
42-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Failed to add member $member to $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
44+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to add member $member to $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
4345
$null = $results.add("Failed to add member $member to $($GroupName): $($_.Exception.Message)")
4446
}
4547
}
@@ -53,11 +55,11 @@ Function Invoke-EditGroup {
5355
$member = $_
5456
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
5557
$Params = @{ Identity = $userobj.groupid; Member = $member; BypassSecurityGroupManagerCheck = $true }
56-
New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
57-
Write-LogMessage -API $APINAME -tenant $Userobj.tenantid -user $request.headers.'x-ms-client-principal' -message "Added $member to $($GroupName) group" -Sev 'Info'
58+
New-ExoRequest -tenantid $TenantId -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
59+
Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Added $member to $($GroupName) group" -Sev 'Info'
5860
$null = $results.add("Success. $member has been added to $($GroupName)")
5961
} else {
60-
Write-LogMessage -API $APINAME -tenant $Userobj.tenantid -user $request.headers.'x-ms-client-principal' -message 'You cannot add a contact to a security group' -Sev 'Error'
62+
Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message 'You cannot add a contact to a security group' -Sev 'Error'
6163
$null = $results.add('You cannot add a contact to a security group')
6264
}
6365
} catch {
@@ -75,17 +77,17 @@ Function Invoke-EditGroup {
7577
if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
7678
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
7779
$Params = @{ Identity = $userobj.groupid; Member = $member ; BypassSecurityGroupManagerCheck = $true }
78-
New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
80+
New-ExoRequest -tenantid $TenantId -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
7981
} else {
80-
$MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $Userobj.tenantid)
81-
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/members/$($MemberInfo.id)/`$ref" -tenantid $Userobj.tenantid -type DELETE
82+
$MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId)
83+
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/members/$($MemberInfo.id)/`$ref" -tenantid $TenantId -type DELETE
8284
}
83-
Write-LogMessage -API $APINAME -tenant $Userobj.tenantid -user $request.headers.'x-ms-client-principal' -message "Removed $member from $($GroupName) group" -Sev 'Info'
85+
Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Removed $member from $($GroupName) group" -Sev 'Info'
8486
$null = $results.add("Success. Member $member has been removed from $($GroupName)")
8587
}
8688
}
8789
} catch {
88-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Failed to remove $RemoveContact from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
90+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveContact from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
8991
$null = $results.add("Could not remove $RemoveContact from $($GroupName). $($_.Exception.Message)")
9092
}
9193

@@ -98,17 +100,17 @@ Function Invoke-EditGroup {
98100
if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
99101
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
100102
$Params = @{ Identity = $userobj.groupid; Member = $member ; BypassSecurityGroupManagerCheck = $true }
101-
New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
103+
New-ExoRequest -tenantid $TenantId -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
102104
} else {
103-
$MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $Userobj.tenantid)
104-
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/members/$($MemberInfo.id)/`$ref" -tenantid $Userobj.tenantid -type DELETE
105+
$MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId)
106+
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/members/$($MemberInfo.id)/`$ref" -tenantid $TenantId -type DELETE
105107
}
106-
Write-LogMessage -API $APINAME -tenant $Userobj.tenantid -user $request.headers.'x-ms-client-principal' -message "Removed $member from $($GroupName) group" -Sev 'Info'
108+
Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Removed $member from $($GroupName) group" -Sev 'Info'
107109
$null = $results.add("Success. Member $member has been removed from $($GroupName)")
108110
}
109111
}
110112
} catch {
111-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
113+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
112114
$null = $results.add("Could not remove $RemoveMembers from $($GroupName). $($_.Exception.Message)")
113115
}
114116

@@ -117,10 +119,10 @@ Function Invoke-EditGroup {
117119
if ($AddOwners) {
118120
$AddOwners | ForEach-Object {
119121
try {
120-
$ID = 'https://graph.microsoft.com/beta/users/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $Userobj.tenantid).id
122+
$ID = 'https://graph.microsoft.com/beta/users/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId).id
121123
Write-Host $ID
122-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/owners/`$ref" -tenantid $Userobj.tenantid -type POST -body ('{"@odata.id": "' + $ID + '"}')
123-
Write-LogMessage -API $APINAME -tenant $Userobj.tenantid -user $request.headers.'x-ms-client-principal' -message "Added owner $_ to $($GroupName) group" -Sev 'Info'
124+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/owners/`$ref" -tenantid $TenantId -type POST -body ('{"@odata.id": "' + $ID + '"}')
125+
Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Added owner $_ to $($GroupName) group" -Sev 'Info'
124126
$null = $results.add("Success. $_ has been added $($GroupName)")
125127
} catch {
126128
$null = $results.add("Failed to add owner $_ to $($GroupName): Error:$($_.Exception.Message)")
@@ -130,58 +132,58 @@ Function Invoke-EditGroup {
130132
}
131133

132134
} catch {
133-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Userobj.tenantid -API $APINAME -message "Add member API failed. $($_.Exception.Message)" -Sev 'Error'
135+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $TenantId -API $APINAME -message "Add member API failed. $($_.Exception.Message)" -Sev 'Error'
134136
}
135137

136138
$RemoveOwners = ($userobj.RemoveOwner).value
137139
try {
138140
if ($RemoveOwners) {
139141
$RemoveOwners | ForEach-Object {
140142
try {
141-
$MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $Userobj.tenantid)
142-
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/owners/$($MemberInfo.id)/`$ref" -tenantid $Userobj.tenantid -type DELETE
143-
Write-LogMessage -API $APINAME -tenant $Userobj.tenantid -user $request.headers.'x-ms-client-principal' -message "Removed $($MemberInfo.UserPrincipalname) from $($userobj.displayname) group" -Sev 'Info'
143+
$MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId)
144+
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/owners/$($MemberInfo.id)/`$ref" -tenantid $TenantId -type DELETE
145+
Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Removed $($MemberInfo.UserPrincipalname) from $($userobj.displayname) group" -Sev 'Info'
144146
$null = $results.add("Success. Member $_ has been removed from $($GroupName)")
145147
} catch {
146148
$null = $results.add("Failed to remove $_ from $($GroupName): $($_.Exception.Message)")
147149
}
148150
}
149151
}
150152
} catch {
151-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
153+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error'
152154
$body = $results.add("Could not remove $RemoveMembers from $($GroupName). $($_.Exception.Message)")
153155
}
154156

155157
if ($userobj.allowExternal -eq 'true') {
156158
try {
157-
Set-CIPPGroupAuthentication -ID $userobj.mail -GroupType $GroupType -tenantFilter $Userobj.tenantid -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal'
159+
Set-CIPPGroupAuthentication -ID $userobj.mail -GroupType $GroupType -tenantFilter $TenantId -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal'
158160
$body = $results.add("Allowed external senders to send to $($userobj.mail).")
159161
} catch {
160162
$body = $results.add("Failed to allow external senders to send to $($userobj.mail).")
161-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Failed to allow external senders for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error'
163+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to allow external senders for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error'
162164
}
163165

164166
}
165167

166168
if ($userobj.sendCopies -eq 'true') {
167169
try {
168170
$Params = @{ Identity = $userobj.Groupid; subscriptionEnabled = $true; AutoSubscribeNewMembers = $true }
169-
New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Set-UnifiedGroup' -cmdParams $params -useSystemMailbox $true
171+
New-ExoRequest -tenantid $TenantId -cmdlet 'Set-UnifiedGroup' -cmdParams $params -useSystemMailbox $true
170172

171173
$MemberParams = @{ Identity = $userobj.Groupid; LinkType = 'members' }
172-
$Members = New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Get-UnifiedGrouplinks' -cmdParams $MemberParams
174+
$Members = New-ExoRequest -tenantid $TenantId -cmdlet 'Get-UnifiedGrouplinks' -cmdParams $MemberParams
173175

174176
$MemberSmtpAddresses = $Members | ForEach-Object { $_.PrimarySmtpAddress }
175177

176178
$subscriberParams = @{ Identity = $userobj.Groupid; LinkType = 'subscribers'; Links = @($MemberSmtpAddresses) }
177-
New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Add-UnifiedGrouplinks' -cmdParams $subscriberParams -Anchor $userobj.mail
179+
New-ExoRequest -tenantid $TenantId -cmdlet 'Add-UnifiedGrouplinks' -cmdParams $subscriberParams -Anchor $userobj.mail
178180

179181

180182
$body = $results.add("Send Copies of team emails and events to team members inboxes for $($userobj.mail) enabled.")
181-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Send Copies of team emails and events to team members inboxes for $($userobj.mail) enabled." -Sev 'Info'
183+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Send Copies of team emails and events to team members inboxes for $($userobj.mail) enabled." -Sev 'Info'
182184
} catch {
183185
$body = $results.add("Failed to Send Copies of team emails and events to team members inboxes for $($userobj.mail).")
184-
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Failed to Send Copies of team emails and events to team members inboxes for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error'
186+
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to Send Copies of team emails and events to team members inboxes for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error'
185187
}
186188
}
187189

0 commit comments

Comments
 (0)