Skip to content

Commit 1da775b

Browse files
authored
Merge pull request #985 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents ea06247 + a40683c commit 1da775b

5 files changed

Lines changed: 77 additions & 40 deletions

File tree

Modules/CIPPCore/Public/Add-CIPPW32ScriptApplication.ps1

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,15 +45,15 @@ function Add-CIPPW32ScriptApplication {
4545
)
4646

4747
# Get the standard Chocolatey package location (relative to function app root)
48-
$IntuneWinFile = 'AddChocoApp\IntunePackage.intunewin'
49-
$ChocoXmlFile = 'AddChocoApp\Choco.App.xml'
48+
$IntuneWinFile = Join-Path $env:CIPPRootPath 'AddChocoApp\IntunePackage.intunewin'
49+
$ChocoXmlFile = Join-Path $env:CIPPRootPath 'AddChocoApp\Choco.App.xml'
5050

5151
if (-not (Test-Path $IntuneWinFile)) {
52-
throw "Chocolatey IntunePackage.intunewin not found at: $IntuneWinFile (Current directory: $PWD)"
52+
throw "Chocolatey IntunePackage.intunewin not found at: $IntuneWinFile (CIPPRootPath: $env:CIPPRootPath)"
5353
}
5454

5555
if (-not (Test-Path $ChocoXmlFile)) {
56-
throw "Choco.App.xml not found at: $ChocoXmlFile (Current directory: $PWD)"
56+
throw "Choco.App.xml not found at: $ChocoXmlFile (CIPPRootPath: $env:CIPPRootPath)"
5757
}
5858

5959
# Parse the Choco XML to get encryption info. We need a wrapper around the application and this is a tiny intune file, perfect for our purpose.

Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1

Lines changed: 4 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,6 @@ function Test-CIPPAccess {
320320
$PermissionsFound = $true
321321
} catch {
322322
Write-Information $_.Exception.Message
323-
continue
324323
}
325324
}
326325
$swRolePerms.Stop()
@@ -477,38 +476,12 @@ function Test-CIPPAccess {
477476
} else {
478477
# No permissions found for any roles
479478
if ($TenantList.IsPresent) {
480-
return @('AllTenants')
481-
}
482-
return $true
483-
if ($APIAllowed) {
484-
$TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter.value ?? $Request.Body.tenantFilter ?? $Request.Query.tenantId ?? $Request.Body.tenantId.value ?? $Request.Body.tenantId ?? $env:TenantID
485-
# Check tenant level access
486-
if (($Role.BlockedTenants | Measure-Object).Count -eq 0 -and $Role.AllowedTenants -contains 'AllTenants') {
487-
$TenantAllowed = $true
488-
} elseif ($TenantFilter -eq 'AllTenants') {
489-
$TenantAllowed = $false
490-
} else {
491-
$Tenant = ($Tenants | Where-Object { $TenantFilter -eq $_.customerId -or $TenantFilter -eq $_.defaultDomainName }).customerId
492-
493-
if ($Role.AllowedTenants -contains 'AllTenants') {
494-
$AllowedTenants = $Tenants.customerId
495-
} else {
496-
$AllowedTenants = $Role.AllowedTenants
497-
}
498-
if ($Tenant) {
499-
$TenantAllowed = $AllowedTenants -contains $Tenant -and $Role.BlockedTenants -notcontains $Tenant
500-
if (!$TenantAllowed) { continue }
501-
break
502-
} else {
503-
$TenantAllowed = $true
504-
break
505-
}
506-
}
479+
return @()
507480
}
481+
throw 'Access to this CIPP API endpoint is not allowed, the user does not have the required permission'
508482
}
509483

510484
if (!$TenantAllowed -and $Functionality -notmatch 'AnyTenant') {
511-
512485
if (!$APIAllowed) {
513486
throw "Access to this CIPP API endpoint is not allowed, you do not have the required permission: $APIRole"
514487
}
@@ -519,14 +492,13 @@ function Test-CIPPAccess {
519492
} else {
520493
return $true
521494
}
522-
523495
}
524496
} else {
525497
# No permissions found for any roles
526498
if ($TenantList.IsPresent) {
527-
return @('AllTenants')
499+
return @()
528500
}
529-
return $true
501+
throw 'Access to this CIPP API endpoint is not allowed, the user does not have the required permission'
530502
}
531503
$swUserBranch.Stop()
532504
$AccessTimings['UserBranch'] = $swUserBranch.Elapsed.TotalMilliseconds

Modules/CIPPDB/Public/DBCache/Set-CIPPDBCacheOneDriveUsage.ps1

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,21 @@ function Set-CIPPDBCacheOneDriveUsage {
3434

3535
$Result = New-GraphBulkRequest -tenantid $TenantFilter -Requests @($BulkRequests) -asapp $true
3636
$Sites = @(($Result | Where-Object { $_.id -eq 'listAllSites' }).body.value)
37-
$UsageBase64 = ($Result | Where-Object { $_.id -eq 'usage' }).body
38-
$UsageJson = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UsageBase64))
39-
$OneDriveUsage = @(($UsageJson | ConvertFrom-Json).value)
37+
38+
$UsageResponse = $Result | Where-Object { $_.id -eq 'usage' }
39+
if ($UsageResponse.status -and $UsageResponse.status -ne 200) {
40+
throw ($UsageResponse.body.error.message ?? "Usage report request failed with status $($UsageResponse.status)")
41+
}
42+
$UsageBody = $UsageResponse.body
43+
if ($UsageBody -is [string]) {
44+
$UsageJson = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UsageBody))
45+
$OneDriveUsage = @(($UsageJson | ConvertFrom-Json).value)
46+
} else {
47+
$OneDriveUsage = @($UsageBody.value)
48+
}
4049

4150
foreach ($UsageRow in $OneDriveUsage) {
51+
if ($null -eq $UsageRow) { continue }
4252
$UsageRow | Add-Member -NotePropertyName 'id' -NotePropertyValue $UsageRow.siteId -Force
4353
$UsageRow | Add-Member -NotePropertyName 'userPrincipalName' -NotePropertyValue $UsageRow.ownerPrincipalName -Force
4454
}

Modules/CIPPDB/Public/DBCache/Set-CIPPDBCacheSharePointSiteUsage.ps1

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ function Set-CIPPDBCacheSharePointSiteUsage {
5151

5252
# Ensure a stable row key for usage rows.
5353
foreach ($UsageRow in $UsageRows) {
54+
if ($null -eq $UsageRow) { continue }
5455
$UsageRow | Add-Member -NotePropertyName 'id' -NotePropertyValue $UsageRow.siteId -Force
5556
}
5657

@@ -99,4 +100,4 @@ function Set-CIPPDBCacheSharePointSiteUsage {
99100
} catch {
100101
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Failed to cache SharePoint site usage: $($_.Exception.Message)" -sev Error -LogData (Get-CippException -Exception $_)
101102
}
102-
}
103+
}

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Invoke-ExecUniversalSearchV2.ps1

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,60 @@ function Invoke-ExecUniversalSearchV2 {
3131
'Applications' {
3232
$Results = Search-CIPPDbData -SearchTerms $SearchTerms -Types 'Apps', 'ServicePrincipals' -Limit $Limit -Properties 'id', 'appId', 'displayName', 'publisherName', 'appOwnerOrganizationId' -TenantFilter $TenantFilter
3333
}
34+
'Licenses' {
35+
# SKU lookup is universal — always search across all tenants regardless of caller scope.
36+
# No Properties filter so service plan names / friendly names embedded in the JSON
37+
# still pass the secondary verification pass.
38+
$Raw = Search-CIPPDbData -SearchTerms $SearchTerms -Types 'LicenseOverview' -TenantFilter 'allTenants'
39+
40+
$BySku = [ordered]@{}
41+
foreach ($Row in $Raw) {
42+
$Data = $Row.Data
43+
if (-not $Data -or [string]::IsNullOrWhiteSpace($Data.skuId)) { continue }
44+
$Key = ([string]$Data.skuId).ToLowerInvariant()
45+
46+
if (-not $BySku.Contains($Key)) {
47+
$BySku[$Key] = [PSCustomObject]@{
48+
skuId = [string]$Data.skuId
49+
skuPartNumber = [string]$Data.skuPartNumber
50+
displayName = [string]$Data.License
51+
servicePlans = @($Data.ServicePlans)
52+
tenantCount = 0
53+
totalAssigned = 0
54+
totalAvailable = 0
55+
tenants = [System.Collections.Generic.List[object]]::new()
56+
}
57+
}
58+
59+
$Entry = $BySku[$Key]
60+
if ([string]::IsNullOrWhiteSpace($Entry.skuPartNumber) -and $Data.skuPartNumber) { $Entry.skuPartNumber = [string]$Data.skuPartNumber }
61+
if ([string]::IsNullOrWhiteSpace($Entry.displayName) -and $Data.License) { $Entry.displayName = [string]$Data.License }
62+
if ((-not $Entry.servicePlans -or $Entry.servicePlans.Count -eq 0) -and $Data.ServicePlans) { $Entry.servicePlans = @($Data.ServicePlans) }
63+
64+
$Entry.tenantCount++
65+
$Used = 0; [int]::TryParse([string]$Data.CountUsed, [ref]$Used) | Out-Null
66+
$Total = 0; [int]::TryParse([string]$Data.TotalLicenses, [ref]$Total) | Out-Null
67+
$Entry.totalAssigned += $Used
68+
$Entry.totalAvailable += $Total
69+
$Entry.tenants.Add([PSCustomObject]@{
70+
tenant = [string]$Row.Tenant
71+
used = $Used
72+
total = $Total
73+
})
74+
}
75+
76+
$Aggregated = $BySku.Values | Sort-Object -Property tenantCount -Descending | Select-Object -First $Limit
77+
78+
# Shape into the same envelope as other types so the frontend can use match.Data
79+
$Results = foreach ($Item in $Aggregated) {
80+
[PSCustomObject]@{
81+
Tenant = ''
82+
Type = 'Licenses'
83+
RowKey = "Licenses-$($Item.skuId)"
84+
Data = $Item
85+
}
86+
}
87+
}
3488
default {
3589
$Results = Search-CIPPDbData -SearchTerms $SearchTerms -Types 'Users' -Limit $Limit -Properties 'id', 'userPrincipalName', 'displayName' -TenantFilter $TenantFilter
3690
}

0 commit comments

Comments
 (0)