Skip to content

Commit 2e2aaa8

Browse files
kris6673kris6673
committed
feat: re-add remove from groups and streamline various variable names and such
1 parent 6ac1879 commit 2e2aaa8

File tree

1 file changed

+50
-60
lines changed
  • Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users

1 file changed

+50
-60
lines changed

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1

Lines changed: 50 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,11 @@ Function Invoke-EditUser {
1111
param($Request, $TriggerMetadata)
1212

1313
$APIName = $Request.Params.CIPPEndpoint
14-
$User = $Request.Headers
15-
Write-LogMessage -headers $Request.headers -API $ApiName -message 'Accessed this API' -Sev 'Debug'
14+
$Headers = $Request.Headers
15+
Write-LogMessage -headers $Headers -API $ApiName -message 'Accessed this API' -Sev 'Debug'
1616

17-
$UserObj = $Request.body
18-
if ($UserObj.id -eq '') {
17+
$UserObj = $Request.Body
18+
if ([string]::IsNullOrWhiteSpace($UserObj.id)) {
1919
$body = @{'Results' = @('Failed to edit user. No user ID provided') }
2020
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
2121
StatusCode = [HttpStatusCode]::BadRequest
@@ -26,8 +26,8 @@ Function Invoke-EditUser {
2626
$Results = [System.Collections.Generic.List[object]]::new()
2727
$licenses = ($UserObj.licenses).value
2828
$Aliases = if ($UserObj.AddedAliases) { ($UserObj.AddedAliases) -split '\s' }
29-
$AddToGroups = $Request.body.AddToGroups
30-
$RemoveFromGroups = $Request.body.RemoveFromGroups
29+
$AddToGroups = $Request.Body.AddToGroups
30+
$RemoveFromGroups = $Request.Body.RemoveFromGroups
3131

3232

3333
#Edit the user
@@ -69,18 +69,18 @@ Function Invoke-EditUser {
6969
}
7070
$bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress
7171
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type PATCH -body $BodyToship -verbose
72-
$null = $results.Add( 'Success. The user has been edited.' )
73-
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Edited user $($UserObj.DisplayName) with id $($UserObj.id)" -Sev Info
72+
$null = $Results.Add( 'Success. The user has been edited.' )
73+
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Edited user $($UserObj.DisplayName) with id $($UserObj.id)" -Sev Info
7474
if ($UserObj.password) {
7575
$passwordProfile = [pscustomobject]@{'passwordProfile' = @{ 'password' = $UserObj.password; 'forceChangePasswordNextSignIn' = [boolean]$UserObj.MustChangePass } } | ConvertTo-Json
7676
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type PATCH -body $PasswordProfile -verbose
77-
$null = $results.Add("Success. The password has been set to $($UserObj.password)")
78-
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Reset $($UserObj.DisplayName)'s Password" -Sev Info
77+
$null = $Results.Add("Success. The password has been set to $($UserObj.password)")
78+
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Reset $($UserObj.DisplayName)'s Password" -Sev Info
7979
}
8080
} catch {
8181
$ErrorMessage = Get-CippException -Exception $_
82-
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "User edit API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
83-
$null = $results.Add( "Failed to edit user. $($ErrorMessage.NormalizedError)")
82+
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "User edit API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
83+
$null = $Results.Add( "Failed to edit user. $($ErrorMessage.NormalizedError)")
8484
}
8585

8686

@@ -89,8 +89,8 @@ Function Invoke-EditUser {
8989

9090
if ($licenses -or $UserObj.removeLicenses) {
9191
if ($UserObj.sherwebLicense.value) {
92-
$License = Set-SherwebSubscription -TenantFilter $UserObj.tenantFilter -SKU $UserObj.sherwebLicense.value -Add 1
93-
$null = $results.Add('Added Sherweb License, scheduling assignment')
92+
$null = Set-SherwebSubscription -TenantFilter $UserObj.tenantFilter -SKU $UserObj.sherwebLicense.value -Add 1
93+
$null = $Results.Add('Added Sherweb License, scheduling assignment')
9494
$taskObject = [PSCustomObject]@{
9595
TenantFilter = $UserObj.tenantFilter
9696
Name = "Assign License: $UserPrincipalName"
@@ -118,12 +118,12 @@ Function Invoke-EditUser {
118118
$null = $results.Add( 'Success. User license is already correct.' )
119119
} else {
120120
if ($UserObj.removeLicenses) {
121-
$licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $CurrentLicenses.assignedLicenses.skuId -Headers $Request.Headers
121+
$licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $CurrentLicenses.assignedLicenses.skuId -Headers $Headers
122122
$null = $results.Add($licResults)
123123
} else {
124124
#Remove all objects from $CurrentLicenses.assignedLicenses.skuId that are in $licenses
125125
$RemoveLicenses = $CurrentLicenses.assignedLicenses.skuId | Where-Object { $_ -notin $licenses }
126-
$licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $RemoveLicenses -AddLicenses $licenses -Headers $Request.headers
126+
$licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $RemoveLicenses -AddLicenses $licenses -Headers $headers
127127
$null = $results.Add($licResults)
128128
}
129129

@@ -133,7 +133,7 @@ Function Invoke-EditUser {
133133

134134
} catch {
135135
$ErrorMessage = Get-CippException -Exception $_
136-
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "License assign API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
136+
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "License assign API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
137137
$null = $results.Add( "We've failed to assign the license. $($ErrorMessage.NormalizedError)")
138138
}
139139

@@ -145,18 +145,18 @@ Function Invoke-EditUser {
145145
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -Verbose
146146
}
147147
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type 'patch' -body "{`"mail`": `"$UserPrincipalName`"}" -Verbose
148-
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Added Aliases to $($UserObj.DisplayName)" -Sev Info
148+
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Added Aliases to $($UserObj.DisplayName)" -Sev Info
149149
$null = $results.Add( 'Success. added aliases to user.')
150150
}
151151

152152
} catch {
153153
$ErrorMessage = Get-CippException -Exception $_
154-
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Alias API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
154+
Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Alias API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
155155
$null = $results.Add( "Successfully edited user. The password is $password. We've failed to create the Aliases: $($ErrorMessage.NormalizedError)")
156156
}
157157

158-
if ($Request.body.CopyFrom.value) {
159-
$CopyFrom = Set-CIPPCopyGroupMembers -Headers $User -CopyFromId $Request.body.CopyFrom.value -UserID $UserPrincipalName -TenantFilter $UserObj.tenantFilter
158+
if ($Request.Body.CopyFrom.value) {
159+
$CopyFrom = Set-CIPPCopyGroupMembers -Headers $Headers -CopyFromId $Request.Body.CopyFrom.value -UserID $UserPrincipalName -TenantFilter $UserObj.tenantFilter
160160
$null = $results.AddRange(@($CopyFrom))
161161
}
162162

@@ -169,83 +169,73 @@ Function Invoke-EditUser {
169169
Write-Host "About to add $($UserObj.userPrincipalName) to $GroupName. Group ID is: $GroupID and type is: $GroupType"
170170

171171
try {
172-
173172
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
174-
Write-Host 'Adding to group via Add-DistributionGroupMember '
173+
Write-Host 'Adding to group via Add-DistributionGroupMember'
175174
$Params = @{ Identity = $GroupID; Member = $UserObj.id; BypassSecurityGroupManagerCheck = $true }
176175
$null = New-ExoRequest -tenantid $UserObj.tenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
177-
178176
} else {
179-
180177
Write-Host 'Adding to group via Graph'
181178
$UserBody = [PSCustomObject]@{
182179
'@odata.id' = "https://graph.microsoft.com/beta/directoryObjects/$($UserObj.id)"
183180
}
184181
$UserBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $UserBody
185182
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$GroupID/members/`$ref" -tenantid $UserObj.tenantFilter -type POST -body $UserBodyJSON -Verbose
186-
187183
}
188-
189-
Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Added $($UserObj.DisplayName) to $GroupName group" -Sev Info
184+
Write-LogMessage -headers $Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Added $($UserObj.DisplayName) to $GroupName group" -Sev Info
190185
$null = $results.Add("Success. $($UserObj.DisplayName) has been added to $GroupName")
191186
} catch {
192187
$ErrorMessage = Get-CippException -Exception $_
193-
Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Failed to add member $($UserObj.DisplayName) to $GroupName. Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
194-
$null = $results.Add("Failed to add member $($UserObj.DisplayName) to $GroupName : $($ErrorMessage.NormalizedError)")
188+
$Message = "Failed to add member $($UserObj.DisplayName) to $GroupName. Error: $($ErrorMessage.NormalizedError)"
189+
Write-LogMessage -headers $Headers -API $ApiName -tenant $UserObj.tenantFilter -message $Message -Sev Error -LogData $ErrorMessage
190+
$null = $results.Add($Message)
195191
}
196-
197192
}
198193
}
199-
if ($Request.body.setManager.value) {
200-
$ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" }
201-
$ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody
202-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)/manager/`$ref" -tenantid $UserObj.tenantFilter -type PUT -body $ManagerBodyJSON -Verbose
203-
Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev Info
204-
$null = $results.Add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)")
205-
}
206-
207-
if ($Request.body.setSponsor.value) {
208-
$SponsorBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setSponsor.value)" }
209-
$SponsorBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $SponsorBody
210-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)/sponsors/`$ref" -tenantid $UserObj.tenantFilter -type POST -body $SponsorBodyJSON -Verbose
211-
Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Set $($UserObj.DisplayName)'s sponsor to $($Request.body.setSponsor.label)" -Sev Info
212-
$null = $results.Add("Success. Set $($UserObj.DisplayName)'s sponsor to $($Request.body.setSponsor.label)")
213-
}
214194

215195
if ($RemoveFromGroups) {
216196
$RemoveFromGroups | ForEach-Object {
217197

218-
$GroupType = $_.value.groupType -join ','
219-
$GroupID = $_.value.groupid
220-
$GroupName = $_.value.groupName
198+
$GroupType = $_.addedFields.calculatedGroupType
199+
$GroupID = $_.value
200+
$GroupName = $_.label
221201
Write-Host "About to remove $($UserObj.userPrincipalName) from $GroupName. Group ID is: $GroupID and type is: $GroupType"
222202

223203
try {
224-
225204
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
226-
227-
Write-Host 'Removing From group via Remove-DistributionGroupMember '
205+
Write-Host 'Removing From group via Remove-DistributionGroupMember'
228206
$Params = @{ Identity = $GroupID; Member = $UserObj.id; BypassSecurityGroupManagerCheck = $true }
229207
$null = New-ExoRequest -tenantid $UserObj.tenantFilter -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
230-
231208
} else {
232-
233209
Write-Host 'Removing From group via Graph'
234210
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$GroupID/members/$($UserObj.id)/`$ref" -tenantid $UserObj.tenantFilter -type DELETE
235-
236211
}
237-
238-
Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Removed $($UserObj.DisplayName) from $GroupName group" -Sev Info
212+
Write-LogMessage -headers $Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Removed $($UserObj.DisplayName) from $GroupName group" -Sev Info
239213
$null = $results.Add("Success. $($UserObj.DisplayName) has been removed from $GroupName")
240214
} catch {
241215
$ErrorMessage = Get-CippException -Exception $_
242-
Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Failed to remove member $($UserObj.DisplayName) from $GroupName. Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
243-
$null = $results.Add("Failed to remove member $($UserObj.DisplayName) from $GroupName : $($ErrorMessage.NormalizedError)")
216+
$Message = "Failed to remove member $($UserObj.DisplayName) from $GroupName. Error: $($ErrorMessage.NormalizedError)"
217+
Write-LogMessage -headers $Headers -API $ApiName -tenant $UserObj.tenantFilter -message $Message -Sev Error -LogData $ErrorMessage
218+
$null = $results.Add($Message)
244219
}
245-
246220
}
247221
}
248222

223+
if ($Request.body.setManager.value) {
224+
$ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" }
225+
$ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody
226+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)/manager/`$ref" -tenantid $UserObj.tenantFilter -type PUT -body $ManagerBodyJSON -Verbose
227+
Write-LogMessage -headers $Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev Info
228+
$null = $results.Add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)")
229+
}
230+
231+
if ($Request.body.setSponsor.value) {
232+
$SponsorBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setSponsor.value)" }
233+
$SponsorBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $SponsorBody
234+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)/sponsors/`$ref" -tenantid $UserObj.tenantFilter -type POST -body $SponsorBodyJSON -Verbose
235+
Write-LogMessage -headers $Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Set $($UserObj.DisplayName)'s sponsor to $($Request.body.setSponsor.label)" -Sev Info
236+
$null = $results.Add("Success. Set $($UserObj.DisplayName)'s sponsor to $($Request.body.setSponsor.label)")
237+
}
238+
249239
$body = @{'Results' = @($results) }
250240
# Associate values to output bindings by calling 'Push-OutputBinding'.
251241
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

0 commit comments

Comments
 (0)