Added endpoints for new quarantine policies page.

ngms-psh · ngms-psh · commit 9b939c5094cf · 2025-05-25T00:06:06.000+02:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-AddQuarantinePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-AddQuarantinePolicy.ps1
@@ -0,0 +1,68 @@
+using namespace System.Net
+
+Function Invoke-AddQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $Tenants = ($Request.body.selectedTenants).value
+
+    # If allTenants is selected, get all tenants from table and overwrite any other tenant selection
+    if ("AllTenants" -in $Tenants) {
+        $TenantTable = Get-CIPPTable -tablename 'Tenants'
+        $tenants = (Get-CIPPAzDataTableEntity @TenantTable -Filter "PartitionKey eq 'Tenants'").defaultDomainName
+    }
+
+    $Result = foreach ($TenantFilter in $tenants) {
+        try {
+            $ReleaseActionPreference = $Request.Body.ReleaseActionPreference.value ?? $Request.Body.ReleaseActionPreference
+
+            $EndUserQuarantinePermissions   = @{
+                PermissionToBlockSender = $Request.Body.BlockSender
+                PermissionToDelete  = $Request.Body.Delete
+                PermissionToPreview = $Request.Body.Preview
+                PermissionToRelease = $ReleaseActionPreference -eq "Release" ? $true : $false
+                PermissionToRequestRelease  = $ReleaseActionPreference -eq "RequestRelease" ? $true : $false
+                PermissionToAllowSender = $Request.Body.AllowSender
+            }
+
+            $Params = @{
+                Identity = $Request.Body.Name
+                EndUserQuarantinePermissions = $EndUserQuarantinePermissions
+                ESNEnabled = $Request.Body.QuarantineNotification
+                IncludeMessagesFromBlockedSenderAddress = $Request.Body.IncludeMessagesFromBlockedSenderAddress
+                action = "New"
+                tenantFilter = $TenantFilter
+                APIName = $APIName
+            }
+
+            Set-CIPPQuarantinePolicy @Params
+            $Message = "Created Quarantine policy '$($Request.Body.Name)' for tenant '$($TenantFilter)'"
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev Info
+            $Message
+
+        }
+        catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            $Message = "Failed to create Quarantine policy '$($Request.Body.Name)' for tenant '$($TenantFilter)' - $($ErrorMessage.NormalizedError)"
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev Error -LogData $ErrorMessage
+            $Message
+        }
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{Results = @($Result) }
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-EditQuarantinePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-EditQuarantinePolicy.ps1
@@ -0,0 +1,79 @@
+using namespace System.Net
+
+Function Invoke-EditQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.Body.TenantFilter
+
+    if ($Request.Query.Type -eq "GlobalQuarantinePolicy") {
+
+        $Frequency = $Request.Body.EndUserSpamNotificationFrequency.value ?? $Request.Body.EndUserSpamNotificationFrequency
+        # If request EndUserSpamNotificationFrequency it not set to a ISO 8601 timeformat, convert it to one.
+        # This happens if the user doesn't change the Notification Frequency value in the UI. Because of a "bug" with setDefaultValue function with the cippApiDialog, where "label" is set to both label and value.
+        $EndUserSpamNotificationFrequency = switch ($Frequency) {
+            "4 Hours" { "PT4H" }
+            "Daily" { "P1D" }
+            "Weekly" { "P7D" }
+            Default { $Frequency }
+        }
+
+        $Params = @{
+            Identity = $Request.Body.Identity
+            # Convert the requested frequency from ISO 8601 to a TimeSpan object
+            EndUserSpamNotificationFrequency = [System.Xml.XmlConvert]::ToTimeSpan($EndUserSpamNotificationFrequency)
+            EndUserSpamNotificationCustomFromAddress = $Request.Body.EndUserSpamNotificationCustomFromAddress
+            OrganizationBrandingEnabled = $Request.Body.OrganizationBrandingEnabled
+        }
+    }
+    else {
+        $ReleaseActionPreference = $Request.Body.ReleaseActionPreference.value ?? $Request.Body.ReleaseActionPreference
+
+        $EndUserQuarantinePermissions   = @{
+            PermissionToBlockSender = $Request.Body.BlockSender
+            PermissionToDelete  = $Request.Body.Delete
+            PermissionToPreview = $Request.Body.Preview
+            PermissionToRelease = $ReleaseActionPreference -eq "Release" ? $true : $false
+            PermissionToRequestRelease  = $ReleaseActionPreference -eq "RequestRelease" ? $true : $false
+            PermissionToAllowSender = $Request.Body.AllowSender
+        }
+
+        $Params = @{
+            Identity = $Request.Body.Identity
+            EndUserQuarantinePermissions = $EndUserQuarantinePermissions
+            ESNEnabled = $Request.Body.QuarantineNotification
+            IncludeMessagesFromBlockedSenderAddress = $Request.Body.IncludeMessagesFromBlockedSenderAddress
+            action = $Request.Body.Action ?? "Set"
+        }
+    }
+
+    try {
+        Set-CIPPQuarantinePolicy @Params -tenantFilter $TenantFilter -APIName $APIName
+
+        $Result = "Updated Quarantine policy '$($Request.Body.Name)'"
+        $StatusCode = [HttpStatusCode]::OK
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+    }
+    catch {
+        $Result = "Failed to update Quarantine policy '$($Request.Body.Name)' - $($_)"
+        $StatusCode = [HttpStatusCode]::Forbidden
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{Results = $Result }
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-ListQuarantinePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-ListQuarantinePolicy.ps1
@@ -0,0 +1,45 @@
+function Invoke-ListQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.SpamFilter.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.body.TenantFilter
+    $QuarantinePolicyType = $Request.Query.Type ?? 'QuarantinePolicy'
+
+    $Policies = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-QuarantinePolicy' -cmdParams @{QuarantinePolicyType=$QuarantinePolicyType} | Select-Object -Property * -ExcludeProperty *odata*, *data.type*
+
+    write-host $($Request | ConvertTo-Json -Depth 10)
+
+    if ($QuarantinePolicyType -eq 'QuarantinePolicy') {
+        # Convert the string EndUserQuarantinePermissions to individual properties
+        $Policies | ForEach-Object {
+            $Permissions = Convert-QuarantinePermissionsValue -InputObject $_.EndUserQuarantinePermissions
+            foreach ($Perm in $Permissions.GetEnumerator()) {
+                $_ | Add-Member -MemberType NoteProperty -Name ($Perm.Key -replace "PermissionTo", "" ) -Value $Perm.Value
+            }
+        }
+
+        # "convert" to values display in the UI and Builtin used for filtering
+        $Policies = $Policies | Select-Object -Property *,
+        @{ Name = 'QuarantineNotification'; Expression = { $_.ESNEnabled -eq $true ? $true : $false} },
+        @{ Name = 'ReleaseActionPreference'; Expression = { $_.Release -eq $true ? "Release" : "RequestRelease"} },
+        @{ Name = 'Builtin'; Expression = { $_.Guid -eq "00000000-0000-0000-0000-000000000000" ? $true : $false} }
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @($Policies)
+        })
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-RemoveQuarantinePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-RemoveQuarantinePolicy.ps1
@@ -0,0 +1,45 @@
+using namespace System.Net
+
+Function Invoke-RemoveQuarantinePolicy {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.Body.TenantFilter
+    $PolicyName = $Request.Query.Name ?? $Request.Body.Name
+    $Identity = $Request.Query.Identity ?? $Request.Body.Identity
+
+    try {
+        $Params = @{
+            Identity = ($Identity -eq "00000000-0000-0000-0000-000000000000" ? $PolicyName : $Identity)
+        }
+
+        $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-QuarantinePolicy' -cmdParams $Params -useSystemMailbox $true
+
+        $Result = "Deleted Quarantine policy '$($PolicyName)'"
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Failed to remove Quarantine policy '$($PolicyName)' - $($ErrorMessage.NormalizedError -replace '\|Microsoft.Exchange.Management.Tasks.ValidationException\|', '')"
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+
+    $StatusCode = [HttpStatusCode]::OK
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{Results = $Result }
+        })
+
+}
