ss-ict
diff --git a/‎Modules/CIPPCore/Private/Convert-QuarantinePermissionsValue.ps1
Lines changed: 71 additions & 0 deletions b/‎Modules/CIPPCore/Private/Convert-QuarantinePermissionsValue.ps1
Lines changed: 71 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-AddQuarantinePolicy.ps1
Lines changed: 67 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-AddQuarantinePolicy.ps1
Lines changed: 67 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-EditQuarantinePolicy.ps1
Lines changed: 79 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-EditQuarantinePolicy.ps1
Lines changed: 79 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-ListQuarantinePolicy.ps1
Lines changed: 45 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-ListQuarantinePolicy.ps1
Lines changed: 45 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-RemoveQuarantinePolicy.ps1
Lines changed: 45 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-RemoveQuarantinePolicy.ps1
Lines changed: 45 additions & 0 deletions
@@ -0,0 +1,71 @@
+function Convert-QuarantinePermissionsValue {
+    [CmdletBinding(DefaultParameterSetName = 'DecimalValue')]
+    param (
+        [Parameter(Mandatory, Position = 0, ParameterSetName = "StringValue")]
+        [ValidateNotNullOrEmpty()]
+        [string]$InputObject,
+
+        [Parameter(Position = 0, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToViewHeader = 0,
+        [Parameter(Position = 1, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToDownload = 0,
+        [Parameter(Mandatory, Position = 2, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToAllowSender,
+        [Parameter(Mandatory, Position = 3, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToBlockSender,
+        [Parameter(Mandatory, Position = 4, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToRequestRelease,
+        [Parameter(Mandatory, Position = 5, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToRelease,
+        [Parameter(Mandatory, Position = 6, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToPreview,
+        [Parameter(Mandatory, Position = 7, ParameterSetName = "DecimalValue")]
+        [int]$PermissionToDelete
+    )
+
+    #Converts string value with EndUserQuarantinePermissions received from Get-QuarantinePolicy
+    if (($PSCmdlet.ParameterSetName) -eq "StringValue") {
+        try {
+            # Remove square brackets and split into lines
+            $InputObject = $InputObject.Trim('[', ']')
+            $hashtable = @{}
+            $InputObject -split "`n" | ForEach-Object {
+                $key, $value = $_ -split ":\s*"
+                $hashtable[$key.Trim()] = [System.Convert]::ToBoolean($value.Trim())
+            }
+            return $hashtable
+        }
+        catch {
+            throw "Convert-QuarantinePermissionsValue: Failed to convert string to hashtable."
+        }
+    }
+
+    #Converts selected end user quarantine permissions to decimal value used by EndUserQuarantinePermissionsValue property in New-QuarantinePolicy and Set-QuarantinePolicy
+    elseif (($PSCmdlet.ParameterSetName) -eq "DecimalValue") {
+        try {
+            # both PermissionToRequestRelease and PermissionToRelease cannot be set to true at the same time
+            if($PermissionToRequestRelease -eq 1 -and $PermissionToRelease -eq 1) {
+                throw "PermissionToRequestRelease and PermissionToRelease cannot both be set to true."
+            }
+
+            # Convert each permission to a binary string
+            $BinaryValue = [string]@(
+                $PermissionToViewHeader,
+                $PermissionToDownload,
+                $PermissionToAllowSender,
+                $PermissionToBlockSender,
+                $PermissionToRequestRelease,
+                $PermissionToRelease,
+                $PermissionToPreview,
+                $PermissionToDelete
+            ) -replace '\s',''
+
+            # Convert the binary string to an Decimal value
+            return [convert]::ToInt32($BinaryValue,2)
+        }
+        catch {
+            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+            throw "Convert-QuarantinePermissionsValue: Failed to convert QuarantinePermissions to QuarantinePermissionsValue. Error: $ErrorMessage"
+        }
+    }
+}
@@ -0,0 +1,67 @@
+using namespace System.Net
+
+Function Invoke-AddQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $Tenants = ($Request.body.selectedTenants).value
+
+    # If allTenants is selected, get all tenants and overwrite any other tenant selection
+    if ("AllTenants" -in $Tenants) {
+        $tenants = (Get-Tenants).defaultDomainName
+    }
+
+    $Result = foreach ($TenantFilter in $tenants) {
+        try {
+            $ReleaseActionPreference = $Request.Body.ReleaseActionPreference.value ?? $Request.Body.ReleaseActionPreference
+
+            $EndUserQuarantinePermissions   = @{
+                PermissionToBlockSender = $Request.Body.BlockSender
+                PermissionToDelete  = $Request.Body.Delete
+                PermissionToPreview = $Request.Body.Preview
+                PermissionToRelease = $ReleaseActionPreference -eq "Release" ? $true : $false
+                PermissionToRequestRelease  = $ReleaseActionPreference -eq "RequestRelease" ? $true : $false
+                PermissionToAllowSender = $Request.Body.AllowSender
+            }
+
+            $Params = @{
+                Identity = $Request.Body.Name
+                EndUserQuarantinePermissions = $EndUserQuarantinePermissions
+                ESNEnabled = $Request.Body.QuarantineNotification
+                IncludeMessagesFromBlockedSenderAddress = $Request.Body.IncludeMessagesFromBlockedSenderAddress
+                action = "New"
+                tenantFilter = $TenantFilter
+                APIName = $APIName
+            }
+
+            Set-CIPPQuarantinePolicy @Params
+            $Message = "Created Quarantine policy '$($Request.Body.Name)' for tenant '$($TenantFilter)'"
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev Info
+            $Message
+
+        }
+        catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            $Message = "Failed to create Quarantine policy '$($Request.Body.Name)' for tenant '$($TenantFilter)' - $($ErrorMessage.NormalizedError)"
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev Error -LogData $ErrorMessage
+            $Message
+        }
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{Results = @($Result) }
+        })
+
+}
@@ -0,0 +1,79 @@
+using namespace System.Net
+
+Function Invoke-EditQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.Body.TenantFilter
+
+    if ($Request.Query.Type -eq "GlobalQuarantinePolicy") {
+
+        $Frequency = $Request.Body.EndUserSpamNotificationFrequency.value ?? $Request.Body.EndUserSpamNotificationFrequency
+        # If request EndUserSpamNotificationFrequency it not set to a ISO 8601 timeformat, convert it to one.
+        # This happens if the user doesn't change the Notification Frequency value in the UI. Because of a "bug" with setDefaultValue function with the cippApiDialog, where "label" is set to both label and value.
+        $EndUserSpamNotificationFrequency = switch ($Frequency) {
+            "4 Hours" { "PT4H" }
+            "Daily" { "P1D" }
+            "Weekly" { "P7D" }
+            Default { $Frequency }
+        }
+
+        $Params = @{
+            Identity = $Request.Body.Identity
+            # Convert the requested frequency from ISO 8601 to a TimeSpan object
+            EndUserSpamNotificationFrequency = [System.Xml.XmlConvert]::ToTimeSpan($EndUserSpamNotificationFrequency)
+            EndUserSpamNotificationCustomFromAddress = $Request.Body.EndUserSpamNotificationCustomFromAddress
+            OrganizationBrandingEnabled = $Request.Body.OrganizationBrandingEnabled
+        }
+    }
+    else {
+        $ReleaseActionPreference = $Request.Body.ReleaseActionPreference.value ?? $Request.Body.ReleaseActionPreference
+
+        $EndUserQuarantinePermissions   = @{
+            PermissionToBlockSender = $Request.Body.BlockSender
+            PermissionToDelete  = $Request.Body.Delete
+            PermissionToPreview = $Request.Body.Preview
+            PermissionToRelease = $ReleaseActionPreference -eq "Release" ? $true : $false
+            PermissionToRequestRelease  = $ReleaseActionPreference -eq "RequestRelease" ? $true : $false
+            PermissionToAllowSender = $Request.Body.AllowSender
+        }
+
+        $Params = @{
+            Identity = $Request.Body.Identity
+            EndUserQuarantinePermissions = $EndUserQuarantinePermissions
+            ESNEnabled = $Request.Body.QuarantineNotification
+            IncludeMessagesFromBlockedSenderAddress = $Request.Body.IncludeMessagesFromBlockedSenderAddress
+            action = $Request.Body.Action ?? "Set"
+        }
+    }
+
+    try {
+        Set-CIPPQuarantinePolicy @Params -tenantFilter $TenantFilter -APIName $APIName
+
+        $Result = "Updated Quarantine policy '$($Request.Body.Name)'"
+        $StatusCode = [HttpStatusCode]::OK
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+    }
+    catch {
+        $Result = "Failed to update Quarantine policy '$($Request.Body.Name)' - $($_)"
+        $StatusCode = [HttpStatusCode]::Forbidden
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{Results = $Result }
+        })
+
+}
@@ -0,0 +1,45 @@
+function Invoke-ListQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.SpamFilter.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.body.TenantFilter
+    $QuarantinePolicyType = $Request.Query.Type ?? 'QuarantinePolicy'
+
+    $Policies = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-QuarantinePolicy' -cmdParams @{QuarantinePolicyType=$QuarantinePolicyType} | Select-Object -Property * -ExcludeProperty *odata*, *data.type*
+
+    write-host $($Request | ConvertTo-Json -Depth 10)
+
+    if ($QuarantinePolicyType -eq 'QuarantinePolicy') {
+        # Convert the string EndUserQuarantinePermissions to individual properties
+        $Policies | ForEach-Object {
+            $Permissions = Convert-QuarantinePermissionsValue -InputObject $_.EndUserQuarantinePermissions
+            foreach ($Perm in $Permissions.GetEnumerator()) {
+                $_ | Add-Member -MemberType NoteProperty -Name ($Perm.Key -replace "PermissionTo", "" ) -Value $Perm.Value
+            }
+        }
+
+        # "convert" to values display in the UI and Builtin used for filtering
+        $Policies = $Policies | Select-Object -Property *,
+        @{ Name = 'QuarantineNotification'; Expression = { $_.ESNEnabled -eq $true ? $true : $false} },
+        @{ Name = 'ReleaseActionPreference'; Expression = { $_.Release -eq $true ? "Release" : "RequestRelease"} },
+        @{ Name = 'Builtin'; Expression = { $_.Guid -eq "00000000-0000-0000-0000-000000000000" ? $true : $false} }
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @($Policies)
+        })
+}
@@ -0,0 +1,45 @@
+using namespace System.Net
+
+Function Invoke-RemoveQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.Body.TenantFilter
+    $PolicyName = $Request.Query.Name ?? $Request.Body.Name
+    $Identity = $Request.Query.Identity ?? $Request.Body.Identity
+
+    try {
+        $Params = @{
+            Identity = ($Identity -eq "00000000-0000-0000-0000-000000000000" ? $PolicyName : $Identity)
+        }
+
+        $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-QuarantinePolicy' -cmdParams $Params -useSystemMailbox $true
+
+        $Result = "Deleted Quarantine policy '$($PolicyName)'"
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Failed to remove Quarantine policy '$($PolicyName)' - $($ErrorMessage.NormalizedError -replace '\|Microsoft.Exchange.Management.Tasks.ValidationException\|', '')"
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+
+    $StatusCode = [HttpStatusCode]::OK
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{Results = $Result }
+        })
+
+}