Skip to content

Commit 8d64469

Browse files
authored
Merge pull request #974 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 2b154fb + 25fcdc1 commit 8d64469

2 files changed

Lines changed: 21 additions & 5 deletions

File tree

Modules/CIPPCore/Public/GraphHelper/Get-NormalizedError.ps1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ function Get-NormalizedError {
7373
'*AADSTS9002313*' { 'The credentials used to connect to the Graph API are not available, please retry. If this issue persists you may need to execute the SAM wizard.' }
7474
'*One or more platform(s) is/are not configured for the customer. Please configure the platform before trying to purchase a SKU.*' { 'One or more platform(s) is/are not configured for the customer. Please configure the platform before trying to purchase a SKU.' }
7575
"One or more added object references already exist for the following modified properties: 'members'." { 'This user is already a member of the selected group.' }
76+
'*is not present in the role definition of the current user*' { 'We do not have permissions to access this resource, try performing a CPV refresh in Application Settings -> Permissions. ' }
7677
default { $message }
7778

7879
}

Modules/CIPPCore/Public/Set-CIPPSAMAdminRoles.ps1

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,21 +17,34 @@ function Set-CIPPSAMAdminRoles {
1717

1818
$ActionLogs = [System.Collections.Generic.List[object]]::new()
1919

20+
# Default roles always assigned for all tenants
21+
$DefaultRoles = @(
22+
[PSCustomObject]@{ value = '17315797-102d-40b4-93e0-432062caca18'; label = 'Compliance Administrator' }
23+
)
24+
2025
$SAMRolesTable = Get-CIPPTable -tablename 'SAMRoles'
2126
$Roles = Get-CIPPAzDataTableEntity @SAMRolesTable
2227

2328
try {
24-
$SAMRoles = $Roles.Roles | ConvertFrom-Json -ErrorAction Stop
29+
$SAMRoles = @($Roles.Roles | ConvertFrom-Json -ErrorAction Stop)
2530
$Tenants = $Roles.Tenants | ConvertFrom-Json -ErrorAction Stop
2631
if ($Tenants.value) {
2732
$Tenants = $Tenants.value
2833
}
2934
} catch {
30-
$ActionLogs.Add('CIPP-SAM roles not configured')
31-
return $ActionLogs
35+
$SAMRoles = @()
36+
$Tenants = @()
37+
}
38+
39+
# Merge default roles with user-configured roles, avoiding duplicates
40+
$ExistingValues = @($SAMRoles | ForEach-Object { $_.value })
41+
foreach ($DefaultRole in $DefaultRoles) {
42+
if ($DefaultRole.value -notin $ExistingValues) {
43+
$SAMRoles = @($SAMRoles) + @($DefaultRole)
44+
}
3245
}
3346

34-
if (($SAMRoles | Measure-Object).count -gt 0 -and $Tenants -contains $TenantFilter -or $Tenants -contains 'AllTenants') {
47+
if (($SAMRoles | Measure-Object).Count -gt 0 -and ($Tenants -contains $TenantFilter -or $Tenants -contains 'AllTenants' -or ($Tenants | Measure-Object).Count -eq 0)) {
3548
$InitialRequests = @(
3649
[PSCustomObject]@{
3750
id = 'memberOf'
@@ -83,8 +96,10 @@ function Set-CIPPSAMAdminRoles {
8396
$Results | ForEach-Object {
8497
if ($_.status -eq 204) {
8598
$ActionLogs.Add("Added service principal to directory role $($_.id)")
99+
} elseif ($_.status -eq 404) {
100+
$ActionLogs.Add("Directory role $($_.id) does not exist in tenant, skipping")
86101
} else {
87-
$ActionLogs.Add("Failed to add service principal to directoryRole $($_.id)")
102+
$ActionLogs.Add("Failed to add service principal to directoryRole $($_.id): $($_ | ConvertTo-Json -Depth 5)")
88103
Write-Verbose ($_ | ConvertTo-Json -Depth 5)
89104
$HasFailures = $true
90105
}

0 commit comments

Comments
 (0)