Add Set-CIPPDeviceState function and refactor Invoke-ExecDeviceDelete to use new function. GET support is maintained

Author: kris6673

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1

@@ -11,29 +11,28 @@ Function Invoke-ExecDeviceDelete {
     param($Request, $TriggerMetadata)
 
     $APIName = $TriggerMetadata.FunctionName
-    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
-
-    # Interact with query parameters or the body of the request.
+    $ExecutingUser = $Request.headers.'x-ms-client-principal'
+    $TenantFilter = $Request.body.tenantFilter
+    Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
+    # Interact with body parameters or the body of the request.
+    $Action = $Request.body.action ?? $Request.Query.action
+    $DeviceID = $Request.body.ID ?? $Request.Query.ID
 
     try {
-        $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)"
-        if ($Request.query.action -eq 'delete') {
-            $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter
-        } elseif ($Request.query.action -eq 'disable') {
-            $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }'
-        } elseif ($Request.query.action -eq 'enable') {
-            $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": true }'
-        }
-        Write-Host $ActionResult
-        $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" }
+        $Results = Set-CIPPDeviceState -Action $Action -DeviceID $DeviceID -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser -APIName $APINAME
+        $StatusCode = [HttpStatusCode]::OK
     } catch {
-        $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" }
+        $Results = $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::BadRequest
     }
 
+    Write-Host $Results
+    $body = [pscustomobject]@{'Results' = "$Results" }
+
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
+            StatusCode = $StatusCode
             Body       = $body
         })
 

Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1

@@ -0,0 +1,79 @@
+function Set-CIPPDeviceState {
+    <#
+    .SYNOPSIS
+    Sets or modifies the state of a device in Microsoft Graph.
+
+    .DESCRIPTION
+    This function allows you to enable, disable, or delete a device by making
+    corresponding requests to the Microsoft Graph API. It logs the result
+    and returns a success or error message based on the outcome.
+
+    .PARAMETER Action
+    Specifies the action to perform on the device. Valid actions are:
+        - Enable: Enable the device
+        - Disable: Disable the device
+        - Delete: Remove the device from the tenant
+
+    .PARAMETER DeviceID
+    Specifies the unique identifier (Object ID) of the device to be managed.
+
+    .PARAMETER TenantFilter
+    Specifies the tenant ID or domain against which to perform the operation.
+
+    .PARAMETER ExecutingUser
+    Specifies the user who initiated the request for logging purposes.
+
+    .PARAMETER APIName
+    Specifies the name of the API call for logging purposes. Defaults to 'Set Device State'.
+
+    .EXAMPLE
+    Set-CIPPDeviceState -Action Enable -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" -ExecutingUser "[email protected]"
+
+    This command enables the specified device within the given tenant.
+
+    .EXAMPLE
+    Set-CIPPDeviceState -Action Delete -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com"
+
+    This command removes the specified device from the tenant.
+#>
+    param (
+        [Parameter(Mandatory = $true)][ValidateSet('Enable', 'Disable', 'Delete')]$Action,
+
+        [ValidateScript({
+                if ([Guid]::TryParse($_, [ref] [Guid]::Empty)) {
+                    $true
+                } else {
+                    throw 'DeviceID must be a valid GUID.'
+                }
+            })]
+        [Parameter(Mandatory = $true)]$DeviceID,
+
+        [Parameter(Mandatory = $true)]$TenantFilter,
+        $ExecutingUser,
+        $APIName = 'Set Device State'
+    )
+    $Url = "https://graph.microsoft.com/beta/devices/$($DeviceID)"
+
+    try {
+        switch ($Action) {
+            'Delete' {
+                $ActionResult = New-GraphPOSTRequest -uri $Url -type DELETE -tenantid $TenantFilter
+            }
+            'Disable' {
+                $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": false }'
+            }
+            'Enable' {
+                $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": true }'
+            }
+        }
+        Write-Host $ActionResult
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Executed action $($Action) on $($DeviceID)" -Sev Info
+        return "Executed action $($Action) on $($DeviceID)"
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        throw "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)"
+    }
+
+
+}