feat: full tenant group management

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecTenantGroup.ps1

@@ -1,7 +1,11 @@
 function Invoke-ExecTenantGroup {
     <#
+    .SYNOPSIS
+        Entrypoint for tenant group management
+    .DESCRIPTION
+        This function is used to manage tenant groups in CIPP
     .FUNCTIONALITY
-        Entrypoint
+        Entrypoint,AnyTenant
     .ROLE
         Tenant.Config.ReadWrite
     #>
@@ -14,56 +18,86 @@ function Invoke-ExecTenantGroup {
     $groupId = $Request.Body.groupId ?? [guid]::NewGuid().ToString()
     $groupName = $Request.Body.groupName
     $groupDescription = $Request.Body.groupDescription
-    $membersToAdd = $Request.Body.membersToAdd
-    $membersToRemove = $Request.Body.membersToRemove
+    $members = $Request.Body.members
 
     switch ($Action) {
         'AddEdit' {
+            $Results = [System.Collections.Generic.List[object]]::new()
             # Update group details
             $GroupEntity = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'TenantGroup' and RowKey eq '$groupId'"
             if ($GroupEntity) {
                 if ($groupName) {
-                    $GroupEntity.groupName = $groupName
+                    $GroupEntity.Name = $groupName
                 }
                 if ($groupDescription) {
-                    $GroupEntity.groupDescription = $groupDescription
+                    $GroupEntity.Description = $groupDescription
                 }
                 Add-CIPPAzDataTableEntity @Table -Entity $GroupEntity -Force
             } else {
                 $GroupEntity = @{
                     PartitionKey = 'TenantGroup'
                     RowKey       = $groupId
-                    groupName    = $groupName
-                    groupDescription = $groupDescription
+                    Name         = $groupName
+                    Description  = $groupDescription
                 }
                 Add-CIPPAzDataTableEntity @Table -Entity $GroupEntity -Force
             }
 
+            $CurrentMembers = Get-CIPPAzDataTableEntity @MembersTable -Filter "GroupId eq '$groupId'"
+
+            $Adds = [System.Collections.Generic.List[string]]::new()
+            $Removes = [System.Collections.Generic.List[string]]::new()
             # Add members
-            foreach ($member in $membersToAdd) {
+            foreach ($member in $members) {
+                if ($CurrentMembers) {
+                    $CurrentMember = $CurrentMembers | Where-Object { $_.customerId -eq $member.value }
+                    if ($CurrentMember) {
+                        continue
+                    }
+                }
                 $MemberEntity = @{
-                    PartitionKey = $groupId
-                    RowKey       = $member
+                    PartitionKey = 'Member'
+                    RowKey     = '{0}-{1}' -f $groupId, $member.value
+                    GroupId    = $groupId
+                    customerId = $member.value
                 }
                 Add-CIPPAzDataTableEntity @MembersTable -Entity $MemberEntity -Force
+                $Adds.Add('Added member {0}' -f $member.label)
             }
 
-            # Remove members
-            foreach ($member in $membersToRemove) {
-                $MemberEntity = Get-CIPPAzDataTableEntity @MembersTable -Filter "PartitionKey eq '$groupId' and RowKey eq '$member'"
-                if ($MemberEntity) {
-                    Remove-AzDataTableEntity @MembersTable -Entity $MemberEntity -Force
+            if ($CurrentMembers) {
+                foreach ($CurrentMember in $CurrentMembers) {
+                    if ($members.value -notcontains $CurrentMember.customerId) {
+                        Remove-AzDataTableEntity @MembersTable -Entity $CurrentMember -Force
+                        $Removes.Add('Removed member {0}' -f $CurrentMember.customerId)
+                    }
                 }
             }
+            $Results.Add(@{
+                    resultText = "Group '$groupName' saved successfully"
+                    state      = 'success'
+                })
+            foreach ($Add in $Adds) {
+                $Results.Add(@{
+                        resultText = $Add
+                        state      = 'success'
+                    })
+            }
+            foreach ($Remove in $Removes) {
+                $Results.Add(@{
+                        resultText = $Remove
+                        state      = 'success'
+                    })
+            }
 
-            $Body = @{ Results = "Group '$groupName' saved successfully" }
+            $Body = @{ Results = $Results }
         }
         'Delete' {
             # Delete group
             $GroupEntity = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'TenantGroup' and RowKey eq '$groupId'"
             if ($GroupEntity) {
                 Remove-AzDataTableEntity @Table -Entity $GroupEntity -Force
-                $Body = @{ Results = "Group '$groupId' deleted successfully" }
+                $Body = @{ Results = "Group '$($GroupEntity.Name)' deleted successfully" }
             } else {
                 $Body = @{ Results = "Group '$groupId' not found" }
             }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListTenantGroups.ps1

@@ -1,64 +1,18 @@
 function Invoke-ListTenantGroups {
     <#
+    .SYNOPSIS
+        Entrypoint for listing tenant groups
     .FUNCTIONALITY
-        Entrypoint
+        Entrypoint,AnyTenant
     .ROLE
         CIPP.Core.Read
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
-    $Table = Get-CippTable -tablename 'TenantGroups'
-    $MembersTable = Get-CippTable -tablename 'TenantGroupMembers'
-    $Action = $Request.Query.Action ?? $Request.Body.Action
     $groupFilter = $Request.Query.groupId ?? $Request.Body.groupId
-
-    switch ($Action) {
-        'ListMembers' {
-            if (!$groupFilter) {
-                Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-                        StatusCode = [HttpStatusCode]::BadRequest
-                        Body       = 'groupFilter is required for ListMembers action'
-                    })
-                return
-            }
-
-            $Tenants = Get-Tenants -IncludeErrors
-            $Members = Get-CIPPAzDataTableEntity @MembersTable -Filter "PartitionKey eq '$groupFilter'"
-            if (!$Members) {
-                $Members = @()
-            }
-
-            $Results = $Members | ForEach-Object {
-                $Tenant = $Tenants | Where-Object { $_.customerId -eq $_.RowKey }
-                if ($Tenant) {
-                    @{
-                        customerId        = $Tenant.customerId
-                        displayName       = $Tenant.displayName
-                        defaultDomainName = $Tenant.defaultDomainName
-                    }
-                }
-            }
-
-            $Body = @{ Results = $Results }
-        }
-        default {
-            $Groups = Get-CIPPAzDataTableEntity @Table
-            if (!$Groups) {
-                $Results = @()
-            } else {
-                $Results = $Groups | ForEach-Object {
-                    @{
-                        groupId           = $_.RowKey
-                        groupName         = $_.groupName
-                        groupDescription  = $_.groupDescription
-                        groupMembersCount = (Get-CIPPAzDataTableEntity @MembersTable -Filter "PartitionKey eq '$($_.RowKey)'" -Property PartitionKey, RowKey).Count
-                    }
-                }
-            }
-            $Body = @{ Results = @($Results) }
-        }
-    }
+    $TenantGroups = (Get-TenantGroups -GroupId $groupFilter) ?? @()
+    $Body = @{ Results = @($TenantGroups) }
 
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-EditTenant.ps1

@@ -3,7 +3,7 @@ using namespace System.Net
 Function Invoke-EditTenant {
     <#
     .FUNCTIONALITY
-        Entrypoint
+        Entrypoint,AnyTenant
     .ROLE
         Tenant.Config.ReadWrite
     #>
@@ -16,12 +16,13 @@ Function Invoke-EditTenant {
 
     $customerId = $Request.Body.customerId
     $tenantAlias = $Request.Body.Alias
-    $tenantGroups = $Request.Body.Groups
+    $tenantGroups = $Request.Body.tenantGroups
 
     $PropertiesTable = Get-CippTable -TableName 'TenantProperties'
     $Existing = Get-CIPPAzDataTableEntity @PropertiesTable -Filter "PartitionKey eq '$customerId'"
     $Tenant = Get-Tenants -TenantFilter $customerId
     $TenantTable = Get-CippTable -TableName 'Tenants'
+    $GroupMembersTable = Get-CippTable -TableName 'TenantGroupMembers'
 
     try {
         $AliasEntity = $Existing | Where-Object { $_.RowKey -eq 'Alias' }
@@ -43,14 +44,27 @@ Function Invoke-EditTenant {
             $null = Add-CIPPAzDataTableEntity @TenantTable -Entity $Tenant -Force
         }
 
-        <## Update tenant groups
-        $groupsEntity = @{
-            PartitionKey = $customerId
-            RowKey       = 'tenantGroups'
-            Value        = ($tenantGroups | ConvertTo-Json)
+        # Update tenant groups
+        $CurrentMembers = Get-CIPPAzDataTableEntity @GroupMembersTable -Filter "customerId eq '$customerId'"
+        foreach ($Group in $tenantGroups) {
+            $GroupEntity = $CurrentMembers | Where-Object { $_.GroupId -eq $Group.groupId }
+            if (!$GroupEntity) {
+                $GroupEntity = @{
+                    PartitionKey = 'Member'
+                    RowKey       = '{0}-{1}' -f $Group.groupId, $customerId
+                    GroupId      = $Group.groupId
+                    customerId   = $customerId
+                }
+                Add-CIPPAzDataTableEntity @GroupMembersTable -Entity $GroupEntity -Force
+            }
+        }
+
+        # Remove any groups that are no longer selected
+        foreach ($Group in $CurrentMembers) {
+            if ($tenantGroups -notcontains $Group.GroupId) {
+                Remove-AzDataTableEntity @GroupMembersTable -Entity $Group
+            }
         }
-        Set-CIPPAzDataTableEntity -Context $context -Entity $groupsEntity
-        #>
 
         $response = @{
             state      = 'success'

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1

@@ -23,9 +23,12 @@ Function Invoke-ListTenantDetails {
         tenantType, createdDateTime, onPremisesLastPasswordSyncDateTime, onPremisesLastSyncDateTime, onPremisesSyncEnabled, assignedPlans
 
         $customProperties = Get-TenantProperties -customerId $tenantfilter
-
         $org | Add-Member -MemberType NoteProperty -Name 'customProperties' -Value $customProperties
 
+        $Groups = (Get-TenantGroups -TenantFilter $tenantfilter) ?? @()
+        $org | Add-Member -MemberType NoteProperty -Name 'Groups' -Value @($Groups)
+
+
         # Respond with the successful output
         Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
                 StatusCode = [HttpStatusCode]::OK

Modules/CIPPCore/Public/Functions/Get-TenantGroups.ps1

@@ -0,0 +1,88 @@
+function Get-TenantGroups {
+    <#
+    .SYNOPSIS
+        Get tenant groups
+    .DESCRIPTION
+        Get tenant groups from Azure Table Storage
+    .PARAMETER GroupId
+        The group id to filter on
+    .PARAMETER TenantFilter
+        The tenant filter to apply to get the groups for a specific tenant
+    #>
+    [CmdletBinding()]
+    param(
+        $GroupId,
+        $TenantFilter
+    )
+
+    $GroupTable = Get-CippTable -tablename 'TenantGroups'
+    $MembersTable = Get-CippTable -tablename 'TenantGroupMembers'
+
+    if ($TenantFilter) {
+        $TenantParams = @{
+            TenantFilter = $TenantFilter
+            IncludeErrors = $true
+        }
+    } else {
+        $TenantParams = @{
+            IncludeErrors = $true
+        }
+    }
+    $Tenants = Get-Tenants @TenantParams
+
+    if ($GroupFilter) {
+        $Groups = Get-CIPPAzDataTableEntity @GroupTable -Filter "RowKey eq '$GroupFilter'"
+        $AllMembers = Get-CIPPAzDataTableEntity @MembersTable -Filter "GroupId eq '$GroupFilter'"
+    } else {
+        $Groups = Get-CIPPAzDataTableEntity @GroupTable
+        $AllMembers = Get-CIPPAzDataTableEntity @MembersTable
+    }
+
+    if (!$Groups) {
+        return @()
+    }
+
+    if ($TenantFilter) {
+        $Memberships = $AllMembers | Where-Object { $_.customerId -eq $Tenants.customerId }
+        foreach ($Group in $Memberships) {
+            $Group = $Groups | Where-Object { $_.RowKey -eq $Group.GroupId }
+            if ($Group) {
+                [PSCustomObject]@{
+                    Id          = $Group.RowKey
+                    Name        = $Group.Name
+                    Description = $Group.Description
+                }
+            }
+        }
+    } else {
+        $Groups | ForEach-Object {
+            $Group = $_
+            $Members = $AllMembers | Where-Object { $_.GroupId -eq $Group.RowKey }
+            if (!$Members) {
+                $Members = @()
+            }
+
+            $Members = $Members | ForEach-Object {
+                $Member = $_
+                $Tenant = $Tenants | Where-Object { $Member.customerId -eq $_.customerId }
+                if ($Tenant) {
+                    @{
+                        customerId        = $Tenant.customerId
+                        displayName       = $Tenant.displayName
+                        defaultDomainName = $Tenant.defaultDomainName
+                    }
+                }
+            }
+            if (!$Members) {
+                $Members = @()
+            }
+
+            [PSCustomObject]@{
+                Id          = $Group.RowKey
+                Name        = $Group.Name
+                Description = $Group.Description
+                Members     = @($Members)
+            }
+        }
+    }
+}