Skip to content

Commit 0c6b4a4

Browse files
authored
Merge pull request #918 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 9e68fff + a1c72de commit 0c6b4a4

3 files changed

Lines changed: 76 additions & 57 deletions

File tree

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSnoozeAlert.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,10 @@ function Invoke-ExecSnoozeAlert {
2727
})
2828
}
2929

30-
if ($Duration -notin @(7, 14, 30, -1)) {
30+
if ($Duration -notin @(7, 14, 30, 90)) {
3131
return ([HttpResponseContext]@{
3232
StatusCode = [HttpStatusCode]::BadRequest
33-
Body = @{ Results = 'Duration must be 7, 14, 30, or -1 (forever).' }
33+
Body = @{ Results = 'Duration must be 7, 14, 30, or 90 days.' }
3434
})
3535
}
3636

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsPolicyMigration.ps1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,10 @@ function Invoke-CIPPStandardAuthMethodsPolicyMigration {
4343
throw 'Failed to retrieve current authentication methods policy information'
4444
}
4545

46-
$CurrentValue = $CurrentInfo | Select-Object policyMigrationState
46+
$StateValue = if ($null -eq $CurrentInfo.policyMigrationState) { 'migrationComplete' } else { $CurrentInfo.policyMigrationState }
47+
$CurrentValue = [PSCustomObject]@{
48+
policyMigrationState = $StateValue
49+
}
4750
$ExpectedValue = [PSCustomObject]@{
4851
policyMigrationState = 'migrationComplete'
4952
}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1

Lines changed: 70 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ function Invoke-CIPPStandardcalDefault {
1616
EXECUTIVETEXT
1717
Configures how much calendar information employees share by default with colleagues, balancing collaboration needs with privacy. This setting determines whether others can see meeting details, free/busy times, or just availability, helping optimize scheduling while protecting sensitive meeting information.
1818
DISABLEDFEATURES
19-
{"report":true,"warn":true,"remediate":false}
19+
{"report":false,"warn":false,"remediate":false}
2020
ADDEDCOMPONENT
2121
{"type":"autoComplete","multiple":false,"label":"Select Sharing Level","name":"standards.calDefault.permissionLevel","options":[{"label":"Owner - The user can create, read, edit, and delete all items in the folder, and create subfolders. The user is both folder owner and folder contact.","value":"Owner"},{"label":"Publishing Editor - The user can create, read, edit, and delete all items in the folder, and create subfolders.","value":"PublishingEditor"},{"label":"Editor - The user can create items in the folder. The contents of the folder do not appear.","value":"Editor"},{"label":"Publishing Author. The user can read, create all items/subfolders. Can modify and delete only items they create.","value":"PublishingAuthor"},{"label":"Author - The user can create and read items, and modify and delete items that they create.","value":"Author"},{"label":"Non Editing Author - The user has full read access and create items. Can can delete only own items.","value":"NonEditingAuthor"},{"label":"Reviewer - The user can read all items in the folder.","value":"Reviewer"},{"label":"Contributor - The user can create items and folders.","value":"Contributor"},{"label":"Availability Only - Indicates that the user can view only free/busy time within the calendar.","value":"AvailabilityOnly"},{"label":"Limited Details - The user can view free/busy time within the calendar and the subject and location of appointments.","value":"LimitedDetails"},{"label":"None - The user has no permissions on the folder.","value":"none"}]}
2222
IMPACT
@@ -49,70 +49,86 @@ function Invoke-CIPPStandardcalDefault {
4949
return
5050
}
5151

52-
if ($Settings.remediate -eq $true) {
53-
$UpdateDB = $false
54-
try {
55-
# Get calendar permissions from cache - this contains the calendar Identity we need
56-
$CalendarPermissions = New-CIPPDbRequest -TenantFilter $Tenant -Type 'CalendarPermissions'
57-
58-
if (-not $CalendarPermissions) {
59-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'No cached calendar permissions found. Please ensure the mailbox cache has been populated.' -sev Error
60-
return
61-
}
62-
63-
# Filter to only Default user permissions that don't match target level
64-
$DefaultPermissions = $CalendarPermissions | Where-Object { $_.User -eq 'Default' }
65-
$NeedsUpdate = $DefaultPermissions | Where-Object {
66-
$currentRights = if ($_.AccessRights -is [array]) { $_.AccessRights -join ',' } else { $_.AccessRights }
67-
$currentRights -ne $permissionLevel
68-
}
52+
# Get calendar permissions from cache - this contains the calendar Identity we need
53+
$CalendarPermissions = New-CIPPDbRequest -TenantFilter $Tenant -Type 'CalendarPermissions'
6954

70-
$TotalCalendars = $DefaultPermissions.Count
71-
$CalendarsToUpdate = $NeedsUpdate.Count
72-
73-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Found $TotalCalendars calendars. $CalendarsToUpdate need permission update to $permissionLevel." -sev Info
74-
75-
if ($CalendarsToUpdate -eq 0) {
76-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All calendars already have the correct default permission level.' -sev Info
77-
return
78-
}
55+
if (-not $CalendarPermissions) {
56+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'No cached calendar permissions found. Please ensure the mailbox cache has been populated.' -sev Error
57+
return
58+
}
7959

80-
# Set permissions for each calendar that needs updating
81-
$SuccessCounter = 0
82-
$ErrorCounter = 0
60+
# Filter to only Default user permissions that don't match target level
61+
$DefaultPermissions = $CalendarPermissions | Where-Object { $_.User -eq 'Default' }
62+
$NeedsUpdate = @($DefaultPermissions | Where-Object {
63+
$currentRights = if ($_.AccessRights -is [array]) { $_.AccessRights -join ',' } else { $_.AccessRights }
64+
$currentRights -ne $permissionLevel
65+
})
66+
67+
$CurrentValue = if ($NeedsUpdate.Count -eq 0) {
68+
[PSCustomObject]@{ state = 'Configured correctly' }
69+
} else {
70+
[PSCustomObject]@{ NonCompliantCalendars = $NeedsUpdate | Select-Object -Property Identity, AccessRights }
71+
}
72+
$ExpectedValue = [PSCustomObject]@{
73+
state = 'Configured correctly'
74+
}
8375

84-
foreach ($Calendar in $NeedsUpdate) {
85-
try {
86-
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdParams @{
87-
Identity = $Calendar.Identity
88-
User = 'Default'
89-
AccessRights = $permissionLevel
76+
if ($Settings.remediate -eq $true) {
77+
if ($NeedsUpdate.Count -eq 0) {
78+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All calendars already have the correct default permission level.' -sev Info
79+
} else {
80+
$UpdateDB = $false
81+
try {
82+
$SuccessCounter = 0
83+
$ErrorCounter = 0
84+
85+
foreach ($Calendar in $NeedsUpdate) {
86+
try {
87+
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdParams @{
88+
Identity = $Calendar.Identity
89+
User = 'Default'
90+
AccessRights = $permissionLevel
91+
}
92+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default calendar permission for $($Calendar.Identity) to $permissionLevel" -sev Debug
93+
$SuccessCounter++
94+
$UpdateDB = $true
95+
} catch {
96+
$ErrorCounter++
97+
$ErrorMessage = Get-CippException -Exception $_
98+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set calendar permission for $($Calendar.Identity): $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
9099
}
91-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default calendar permission for $($Calendar.Identity) to $permissionLevel" -sev Debug
92-
$SuccessCounter++
93-
$UpdateDB = $true
94-
} catch {
95-
$ErrorCounter++
96-
$ErrorMessage = Get-CippException -Exception $_
97-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set calendar permission for $($Calendar.Identity): $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
98100
}
99-
}
100101

101-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter calendars. $ErrorCounter failed." -sev Info
102+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter calendars. $ErrorCounter failed." -sev Info
102103

103-
# Refresh calendar permissions cache after remediation only if changes were made
104-
if ($UpdateDB) {
105-
try {
106-
Set-CIPPDBCacheMailboxes -TenantFilter $Tenant
107-
} catch {
108-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning
104+
# Refresh calendar permissions cache after remediation only if changes were made
105+
if ($UpdateDB) {
106+
try {
107+
Set-CIPPDBCacheMailboxes -TenantFilter $Tenant
108+
} catch {
109+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning
110+
}
109111
}
112+
} catch {
113+
$ErrorMessage = Get-CippException -Exception $_
114+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
110115
}
116+
}
117+
}
111118

112-
} catch {
113-
$ErrorMessage = Get-CippException -Exception $_
114-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
119+
if ($Settings.alert -eq $true) {
120+
if ($NeedsUpdate.Count -eq 0) {
121+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Default calendar permissions are correctly configured for all mailboxes' -sev Info
122+
} else {
123+
Write-StandardsAlert -message "Default calendar permission is not set to $permissionLevel for $($NeedsUpdate.Count) calendars" -object ($NeedsUpdate | Select-Object -Property Identity, AccessRights) -tenant $Tenant -standardName 'calDefault' -standardId $Settings.standardId
124+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Default calendar permission is not set to $permissionLevel for $($NeedsUpdate.Count) calendars" -sev Info
115125
}
116126
}
117127

128+
if ($Settings.report -eq $true) {
129+
$Filtered = $NeedsUpdate | Select-Object -Property Identity, AccessRights
130+
Set-CIPPStandardsCompareField -FieldName 'standards.calDefault' -CurrentValue $CurrentValue -ExpectedValue $ExpectedValue -TenantFilter $Tenant
131+
Add-CIPPBPAField -FieldName 'calDefault' -FieldValue $Filtered -StoreAs json -Tenant $Tenant
132+
}
133+
118134
}

0 commit comments

Comments
 (0)