Merge branch 'KelvinTegelaar:master' into master

.editorconfig

@@ -0,0 +1,22 @@
+# Editor configuration, see http://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+insert_final_newline = true
+
+[*.{ps1, psd1, psm1}]
+indent_size = 4
+end_of_line = crlf
+trim_trailing_whitespace = true
+
+[*.json]
+indent_size = 2
+end_of_line = crlf
+trim_trailing_whitespace = true
+
+[*.{md, txt}]
+end_of_line = crlf
+max_line_length = off
+trim_trailing_whitespace = false

BestPracticeAnalyser_OrchestrationStarter/run.ps1

@@ -8,12 +8,10 @@ if ($Request.Query.TenantFilter) {
     $TenantList = Get-Tenants
     $Name = 'Best Practice Analyser (All Tenants)'
 }
-$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName
-$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json"
-$Templates = $TemplatesLoc | ForEach-Object {
-    $Template = $(Get-Content $_) | ConvertFrom-Json
-    $Template.Name
-}
+
+$BPATemplateTable = Get-CippTable -tablename 'templates'
+$Filter = "PartitionKey eq 'BPATemplate'"
+$Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name
 
 $BPAReports = foreach ($Tenant in $TenantList) {
     foreach ($Template in $Templates) {

BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1

@@ -7,12 +7,10 @@ if ($env:DEV_SKIP_BPA_TIMER) {
 
 $TenantList = Get-Tenants
 
-$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName
-$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json"
-$Templates = $TemplatesLoc | ForEach-Object {
-    $Template = $(Get-Content $_) | ConvertFrom-Json
-    $Template.Name
-}
+$BPATemplateTable = Get-CippTable -tablename 'templates'
+$Filter = "PartitionKey eq 'BPATemplate'"
+$Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name
+
 
 $BPAReports = foreach ($Tenant in $TenantList) {
     foreach ($Template in $Templates) {

Cache_SAMSetup/SAMManifest.json

@@ -157,7 +157,9 @@
         { "id": "885f682f-a990-4bad-a642-36736a74b0c7", "type": "Scope" },
         { "id": "913b9306-0ce1-42b8-9137-6a7df690a760", "type": "Role" },
         { "id": "cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec", "type": "Scope" },
-        { "id": "4c06a06a-098a-4063-868e-5dfee3827264", "type": "Scope" }
+        { "id": "4c06a06a-098a-4063-868e-5dfee3827264", "type": "Scope" },
+        { "id": "1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9", "type": "Role" },
+        { "id": "e67e6727-c080-415e-b521-e3f35d5248e9", "type": "Scope" }
       ]
     },
     {

Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1

@@ -3,7 +3,7 @@ function Test-CIPPAccess {
         $Request,
         [switch]$TenantList
     )
-
+    if ($Request.Params.CIPPEndpoint -eq 'ExecSAMSetup') { return $true }
     if (!$Request.Headers.'x-ms-client-principal') {
         # Direct API Access
         $CustomRoles = @('CIPP-API')
@@ -47,7 +47,6 @@ function Test-CIPPAccess {
                         $Permission.AllowedTenants | Where-Object { $Permission.BlockedTenants -notcontains $_ }
                     }
                 }
-                Write-Information ($LimitedTenantList | ConvertTo-Json)
                 return $LimitedTenantList
             }
 
@@ -77,11 +76,10 @@ function Test-CIPPAccess {
                         } else {
                             $Tenant = ($Tenants | Where-Object { $Request.Query.TenantFilter -eq $_.customerId -or $Request.Body.TenantFilter -eq $_.customerId -or $Request.Query.TenantFilter -eq $_.defaultDomainName -or $Request.Body.TenantFilter -eq $_.defaultDomainName }).customerId
                             if ($Role.AllowedTenants -contains 'AllTenants') {
-                                $AllowedTenants = $Tenants
+                                $AllowedTenants = $Tenants.customerId
                             } else {
                                 $AllowedTenants = $Role.AllowedTenants
                             }
-
                             if ($Tenant) {
                                 $TenantAllowed = $AllowedTenants -contains $Tenant -and $Role.BlockedTenants -notcontains $Tenant
                                 if (!$TenantAllowed) { continue }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1

@@ -6,18 +6,20 @@ function Push-BPACollectData {
     param($Item)
 
     $TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Item.Tenant
-    $CippRoot = (Get-Item $PSScriptRoot).Parent.Parent.Parent.Parent.Parent.Parent.FullName
-    $TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json"
+    $BPATemplateTable = Get-CippTable -tablename 'templates'
+    $Filter = "PartitionKey eq 'BPATemplate'"
+    $TemplatesLoc = (Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json
+
     $Templates = $TemplatesLoc | ForEach-Object {
-        $Template = $(Get-Content $_) | ConvertFrom-Json
+        $Template = $_
         [PSCustomObject]@{
             Data  = $Template
             Name  = $Template.Name
             Style = $Template.Style
         }
     }
     $Table = Get-CippTable -tablename 'cachebpav2'
-
+    Write-Host "Working on BPA for $($TenantName.displayName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
     $Template = $Templates | Where-Object -Property Name -EQ -Value $Item.Template
     # Build up the result object that will be stored in tables
     $Result = @{
@@ -39,13 +41,13 @@ function Push-BPACollectData {
                     }
                     if ($Field.parameters.psobject.properties.name) {
                         $field.Parameters | ForEach-Object {
-                            Write-Information "Doing: $($_.psobject.properties.name) with value $($_.psobject.properties.value)"
                             $paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
                         }
                     }
                     $FieldInfo = New-GraphGetRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
                 }
                 'Exchange' {
+                    Write-Host "Trying to execute $($field.Command) for $($TenantName.displayName) with GUID $($TenantName.customerId)"
                     if ($field.Command -notlike 'get-*') {
                         Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get- exchange commands. A set or update command was used.' -sev Error
                         break
@@ -93,6 +95,7 @@ function Push-BPACollectData {
                 }
                 'JSON' {
                     if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo -Compress) }
+                    Write-Host "Adding $($field.Name) to table with value $JsonString"
                     $Result.Add($field.Name, $JSONString)
                 }
                 'string' {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1

@@ -43,12 +43,12 @@ function Invoke-ExecCustomRole {
                     if ($Role.AllowedTenants) {
                         $Role.AllowedTenants = @($Role.AllowedTenants | ConvertFrom-Json)
                     } else {
-                        $Role | Add-Member -NotePropertyName AllowedTenants -NotePropertyValue @()
+                        $Role | Add-Member -NotePropertyName AllowedTenants -NotePropertyValue @() -Force
                     }
                     if ($Role.BlockedTenants) {
                         $Role.BlockedTenants = @($Role.BlockedTenants | ConvertFrom-Json)
                     } else {
-                        $Role | Add-Member -NotePropertyName BlockedTenants -NotePropertyValue @()
+                        $Role | Add-Member -NotePropertyName BlockedTenants -NotePropertyValue @() -Force
                     }
                     $Role
                 }