Permissions added for user management (#68)

teamviewer · Nov 22, 2023 · f7b31d1 · f7b31d1
1 parent 018f690
commit f7b31d1
Show file tree

Hide file tree

Showing 10 changed files with 105 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,13 +11,14 @@
 - Adds `Export-TeamViewerSystemInformation` to create zip file for support.
 - Adds `Set-TeamViewerPSProxy` and `Remove-TeamViewerPSProxy` to set proxy to access WebAPI.
 - Adds `Get-TeamViewerInstallationDirectory` to return installation directory.
+- Adds `Get-TeamViewerCustomModuleId` to return custom module ID.
+- Adds `Get-TeamViewerLogFilePath` to return log file paths for different logs present.
 - Adds `Remove-TeamViewerPolicyFromManagedDevice` to remove policies from managed devices.
 
 ### Changed
 
 - Extends `Invoke-TeamViewerPackageDownload` with MSI package type.
 - Removes `-RemovePolicy` switch from `Set-TeamViewerManagedDevice`.
-- Removes `-Permissions` switch from `Get-TeamViewerUser`, `New-TeamViewerUser` and `Remove-TeamViewerUser`.
 - Modifies general module folder structure.
 
 ### Fixed

diff --git a/Cmdlets/Private/ConvertTo-TeamViewerUser.ps1 b/Cmdlets/Private/ConvertTo-TeamViewerUser.ps1
@@ -23,6 +23,7 @@ function ConvertTo-TeamViewerUser {
 
         if ($PropertiesToLoad -Eq 'All') {
             $properties += @{
+                Permissions = $InputObject.permissions -split ','
                 Active         = $InputObject.active
                 LastAccessDate = $InputObject.last_access_date | ConvertTo-DateTime
             }

diff --git a/Cmdlets/Public/Get-TeamViewerUser.ps1 b/Cmdlets/Public/Get-TeamViewerUser.ps1
@@ -20,6 +20,10 @@ function Get-TeamViewerUser {
         [string[]]
         $Email,
 
+        [Parameter(ParameterSetName = "FilteredList")]
+        [string[]]
+        $Permissions,
+
         [Parameter()]
         [ValidateSet('All', 'Minimal')]
         $PropertiesToLoad = 'All'
@@ -28,9 +32,9 @@ function Get-TeamViewerUser {
     $parameters = @{ }
     switch ($PropertiesToLoad) {
         'All' {
-            $parameters.full_list = $true 
+            $parameters.full_list = $true
         }
-        'Minimal' { 
+        'Minimal' {
         }
     }
 
@@ -49,6 +53,9 @@ function Get-TeamViewerUser {
             if ($Email) {
                 $parameters['email'] = ($Email -join ',')
             }
+            if ($Permissions) {
+                $parameters['permissions'] = ($Permissions -join ',')
+            }
         }
     }
 

diff --git a/Cmdlets/Public/New-TeamViewerUser.ps1 b/Cmdlets/Public/New-TeamViewerUser.ps1
@@ -28,6 +28,10 @@ function New-TeamViewerUser {
         [securestring]
         $SsoCustomerIdentifier,
 
+        [Parameter()]
+        [array]
+        $Permissions,
+
         [Parameter()]
         [ValidateScript( { $_ | Resolve-TeamViewerLanguage } )]
         [cultureinfo]
@@ -56,6 +60,7 @@ function New-TeamViewerUser {
         email    = $Email
         name     = $Name
         language = $Culture | Resolve-TeamViewerLanguage
+        permissions = $Permissions -join ','
     }
 
     if ($Password -And -Not $WithoutPassword) {

diff --git a/Cmdlets/Public/Set-TeamViewerUser.ps1 b/Cmdlets/Public/Set-TeamViewerUser.ps1
@@ -34,6 +34,10 @@ function Set-TeamViewerUser {
         [securestring]
         $SsoCustomerIdentifier,
 
+        [Parameter(ParameterSetName = 'ByParameters')]
+        [array]
+        $Permissions,
+
         [Parameter(Mandatory = $true, ParameterSetName = 'ByProperties')]
         [hashtable]
         $Property,
@@ -73,6 +77,9 @@ function Set-TeamViewerUser {
                 $body['sso_customer_id'] = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
                 [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr) | Out-Null
             }
+            if ($Permissions) {
+                $body['permissions'] = $Permissions -join ','
+            }
             if($AssignRoleId){
                 $body['assignUserRoleIds'] = @($AssignRoleId)
             }
@@ -81,7 +88,9 @@ function Set-TeamViewerUser {
             }
         }
         'ByProperties' {
-            @('active', 'email', 'name', 'password', 'sso_customer_id') | Where-Object { $Property[$_] } | ForEach-Object { $body[$_] = $Property[$_] }
+            @('active', 'email', 'name', 'password', 'sso_customer_id', 'permissions') | `
+                Where-Object { $Property[$_] } | `
+                ForEach-Object { $body[$_] = $Property[$_] }
         }
     }
 

diff --git a/Docs/Help/Get-TeamViewerUser.md b/Docs/Help/Get-TeamViewerUser.md
@@ -16,7 +16,8 @@ Retrieve users of a TeamViewer company.
 ### FilteredList (Default)
 
 ```powershell
-Get-TeamViewerUser -ApiToken <SecureString> [-Name <String>] [-Email <String[]>] [-PropertiesToLoad <Object>] [<CommonParameters>]
+Get-TeamViewerUser -ApiToken <SecureString> [-Name <String>] [-Email <String[]>] [-Permissions <String[]>]
+ [-PropertiesToLoad <Object>] [<CommonParameters>]
 ```
 
 ### ByUserId
@@ -123,6 +124,23 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Permissions
+
+Optional permissions filter that can be used to only list users that have
+certain permissions. Multiple values can be given.
+
+```yaml
+Type: String[]
+Parameter Sets: FilteredList
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -PropertiesToLoad
 
 Can be used to retrieve all available properties of a user or just a stripped-down minimal set of user properties.

diff --git a/Docs/Help/New-TeamViewerUser.md b/Docs/Help/New-TeamViewerUser.md
@@ -17,14 +17,14 @@ Create a new TeamViewer company user.
 
 ```powershell
 New-TeamViewerUser -ApiToken <SecureString> -Email <String> -Name <String> -Password <SecureString> [-RoleId <String>][-IgnorePredefinedRole <switch>]
- [-SsoCustomerIdentifier <SecureString>] [-Culture <CultureInfo>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-SsoCustomerIdentifier <SecureString>][-Permissions <Array>][-Culture <CultureInfo>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### WithoutPassword
 
 ```powershell
 New-TeamViewerUser -ApiToken <SecureString> -Email <String> -Name <String> [-WithoutPassword][-IgnorePredefinedRole <switch>]
- [-SsoCustomerIdentifier <SecureString>] [-Culture <CultureInfo>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-SsoCustomerIdentifier <SecureString>][-Permissions <Array>][-Culture <CultureInfo>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -157,6 +157,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Permissions
+
+Optional list of permissions to give to the new user.
+
+```yaml
+Type: Array
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -SsoCustomerIdentifier
 
 Optional TeamViewer SSO customer identifier. If given, the user will be created

diff --git a/Docs/Help/Set-TeamViewerUser.md b/Docs/Help/Set-TeamViewerUser.md
@@ -17,7 +17,7 @@ Change properties of a TeamViewer company user.
 
 ```powershell
 Set-TeamViewerUser -ApiToken <SecureString> -User <Object> [-Active <Boolean>] [-Email <String>][-AssignRoleId <String[]>][-UnassignRoleId <String[]>]
- [-Name <String>] [-Password <SecureString>] [-SsoCustomerIdentifier <SecureString>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-Name <String>] [-Password <SecureString>] [-SsoCustomerIdentifier <SecureString>] [-Permissions <Array>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### ByProperties
@@ -173,6 +173,23 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Permissions
+
+Updated set of permissions of the company user.
+Please see the TeamViewer API documentation for a list of valid values.
+
+```yaml
+Type: Array
+Parameter Sets: ByParameters
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -AssignRoleId
 
 Role assigned to the user.
@@ -209,7 +226,7 @@ Accept wildcard characters: False
 
 Change policy information using a hashtable object.
 Valid hashtable keys are:
-`active`, `email`, `name`, `password`, `sso_customer_id`
+`active`, `email`, `name`, `password`, `sso_customer_id`, `permissions`
 
 ```yaml
 Type: Hashtable

diff --git a/Tests/Public/Get-TeamViewerUser.Tests.ps1 b/Tests/Public/Get-TeamViewerUser.Tests.ps1
@@ -52,6 +52,12 @@ Describe 'Get-TeamViewerUser' {
             $Body -And $Body['email'] -eq '[email protected],[email protected]' }
     }
 
+    It 'Should allow to filter by permissions' {
+        Get-TeamViewerUser -ApiToken $testApiToken -Permissions 'p1', 'p2', 'p3'
+        Assert-MockCalled Invoke-TeamViewerRestMethod -Times 1 -Scope It -ParameterFilter {
+            $Body -And $Body['permissions'] -eq 'p1,p2,p3' }
+    }
+
     It 'Should allow to retrieve all properties' {
         Get-TeamViewerUser -ApiToken $testApiToken -PropertiesToLoad 'All'
 

diff --git a/Tests/Public/Set-TeamViewerUser.Tests.ps1 b/Tests/Public/Set-TeamViewerUser.Tests.ps1
@@ -33,23 +33,36 @@ Describe 'Set-TeamViewerUser' {
         $testPassword = 'Test1234' | ConvertTo-TestPassword
         $testSsoCustomerId = 'SsoTest' | ConvertTo-TestPassword
 
-        Set-TeamViewerUser -ApiToken $testApiToken -User 'u1234' -Name 'Updated User Name' -Email '[email protected]' -Password $testPassword -SsoCustomerIdentifier $testSsoCustomerId -Active $false
+        Set-TeamViewerUser `
+            -ApiToken $testApiToken `
+            -User 'u1234' `
+            -Name 'Updated User Name' `
+            -Email '[email protected]' `
+            -Password $testPassword `
+            -SsoCustomerIdentifier $testSsoCustomerId `
+            -Permissions 'ManageAdmins', 'ManageUsers' `
+            -Active $false
 
         $mockArgs.Body | Should -Not -BeNullOrEmpty
         $body = [System.Text.Encoding]::UTF8.GetString($mockArgs.Body) | ConvertFrom-Json
         $body.name | Should -Be 'Updated User Name'
         $body.email | Should -Be '[email protected]'
         $body.password | Should -Be 'Test1234'
         $body.sso_customer_id | Should -Be 'SsoTest'
+        $body.permissions | Should -Be 'ManageAdmins,ManageUsers'
         $body.active | Should -BeFalse
     }
 
     It 'Should accept user properties as hashtable' {
-        Set-TeamViewerUser -ApiToken $testApiToken -User 'u1234' -Property @{
+        Set-TeamViewerUser `
+            -ApiToken $testApiToken `
+            -User 'u1234' `
+            -Property @{
             name            = 'Updated User Name'
             email           = '[email protected]'
             password        = 'Test1234'
             sso_customer_id = 'SsoTest'
+            permissions     = 'ManageAdmins,ManageUsers'
             active          = $false
         }
 
@@ -59,6 +72,7 @@ Describe 'Set-TeamViewerUser' {
         $body.email | Should -Be '[email protected]'
         $body.password | Should -Be 'Test1234'
         $body.sso_customer_id | Should -Be 'SsoTest'
+        $body.permissions | Should -Be 'ManageAdmins,ManageUsers'
         $body.active | Should -BeFalse
     }