Public/Roles/New-DSRole.ps1
function New-DSRole { <# .SYNOPSIS Creates a new role. .DESCRIPTION Creates a new role and pre-validate offlineMode value, if supplied. .EXAMPLE $newRoleData = @{ displayName = "Test" description = "This is a test role" canAdd = $true canDelete = $false offlineMode = 3 allowDragAndDrop = $false } $res = New-DSRole @newRoleData -Verbose #> [CmdletBinding()] param( [ValidateSet([ServerUserType]::Builtin, [ServerUserType]::Domain, [ServerUserType]::AzureAD)] [string]$AuthenticationType = [ServerUserType]::Builtin, [ValidateNotNullOrEmpty()] [string]$displayName, [string]$description, [bool]$isAdministrator, [bool]$allowDragAndDrop, [bool]$canAdd, [bool]$canEdit, [bool]$canDelete, [bool]$canImport, [bool]$canExport, [bool]$denyAddInRoot, [int]$offlineMode, [string]$domainName = $null ) BEGIN { Write-Verbose '[New-DSRole] Beginning...' $URI = "$Script:DSBaseURI/api/security/role/save?csToXml=1" if ([string]::IsNullOrWhiteSpace($Global:DSSessionToken)) { throw 'Session invalid. Please call New-DSSession.' } if ($offlineMode) { if ($offlineMode -notin @('0', '2', '3')) { throw 'Offline mode invalid. Should be 0 (Disabled), 2 (Read-only) or 3 (Read-write).' } } } PROCESS { $newRoleData = @{ userAccount = @{ fullName = $description } userSecurity = @{ name = $displayName isAdministrator = $isAdministrator authenticationType = 0 canAdd = $canAdd canEdit = $canEdit canDelete = $canDelete repositoryEntities = @() #TODO maybe? Would require fetching all vaults and looking through them to see if it exists domainName = $domainName customSecurityEntity = @{ allowDragAndDrop = $allowDragAndDrop canImport = $canImport canExport = $canExport offlineMode = $offlineMode denyAddInRoot = $denyAddInRoot } } } $newRoleData.userSecurity.authenticationType = switch ($AuthenticationType) { ([ServerUserType]::Builtin) { 0 } ([ServerUserType]::Domain) { 3 } ([ServerUserType]::AzureAD) { 8 } } $params = @{ Uri = $URI Method = 'PUT' Body = (ConvertTo-Json $newRoleData) } $res = Invoke-DS @params return $res } END { $res.isSuccess ? (Write-Verbose '[New-DSRole] Completed Successfully.') : (Write-Verbose '[New-DSRole] Ended with errors...') } } |