public/partial/users.psm1

function Search-User {
    <#
    .SYNOPSIS
    Function to search the blackberry uem api by username with pagination.
 
    .DESCRIPTION
    This function searches the Blackberry UEM API by username and returns one or more user objects with pagination.
    If the user does not exist it returns an empty array.
 
    .PARAMETER user
    The username to search for.
 
    .PARAMETER offset
    The starting point from where to fetch the next set of results.
 
    .EXAMPLE
    Search-UEMAPiUser -user 'stephaniem' -offset 5
 
    .EXAMPLE
    Search-UEMAPiUser -user 'stephan*' -offset 10
 
    .LINK
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_14_rest/resource_Users.html#resource_Users_getUsers_GET
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [string]$user,
        
        [Parameter(Mandatory = $false)]
        [int]$offset = 0
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.users-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users?query=username=$user&max=100&offset=$offset&sortBy=username%20DESC"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '400' {Write-Error "Invalid search query."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Get-UserByGuid {

    <#
    .SYNOPSIS
 
    Function to retrieve a user by it's GUID.
 
    .DESCRIPTION
 
    This function searches the Blackberry UEM API by GUID and returns the matching user.
 
    .PARAMETER user
    This must be the guid of the user in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    System.Object. With the user information.
 
    .EXAMPLE
 
    Get-UEMAPiUserByGuid -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getUserDetail_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.userdetail-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users/$user_guid"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '404' {Write-Error "User not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Remove-UserByGuid {

    <#
    .SYNOPSIS
 
    Function to remove a user by it's GUID.
 
    .DESCRIPTION
 
    This function removes the matching user from the Blackberry UEM API.
 
    .PARAMETER user
    This must be the guid of the user in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    System.Object. With the user information.
 
    .EXAMPLE
 
    Get-UEMAPiUserByGuid -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getUserDetail_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.user-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users/$user_guid"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Delete
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '409' {Write-Error "User has associated services or enrolled devices and cannot be removed."}
            '404' {Write-Error "User not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Get-UserDevices {

    <#
    .SYNOPSIS
 
    Function to search the blackberry uem api and get devices belonging to a specific user.
 
    .DESCRIPTION
 
    This function searches the Blackberry UEM API by userguid and returns one or more user devices.
    If the user does not exist it returns an empty array.
 
    .PARAMETER user
    This must be the username of the user in blackberry uem.
    This also accepts wildcarding like 'stephan*' which would return potentially multiple stephanies.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    System.Array. Returns an array of devices matching the user guid query.
 
    .EXAMPLE
 
    Get-UEMAPIUserDevices -user_guid $user.guid
 
    .EXAMPLE
 
    Get-UEMAPIUserDevices -user_guid 'cf60110b-d540-4b6c-b316-d83aa201344f'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_14_rest/resource_Users.html#resource_Users_getUserDevices_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [string]$user_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.userdevices-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }
    $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '404' {Write-Error "User or Device not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

#TODO
<#
function Set-BBUEMUserAssignedProfiles {
 
     
    .SYNOPSIS
 
    Function to Get assigned profile for a user by profile GUID.
 
    .DESCRIPTION
 
    Function to Get assigned profile for a user by profile GUID.
 
    .PARAMETER user_guid
    This must be the guid of the user in blackberry uem.
 
    .PARAMETER profile_guid
    This must be the guid of the profile in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    #TODO
 
    .EXAMPLE
 
    Get-BBUEMUserAssignedProfile -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc' -profile_guid $profile_guid
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getProfileAssignedByGuid_GET
 
     
 
    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,
 
        [Parameter(Mandatory = $true)]
        [System.Array]$profiles
    )
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.profileassignment-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }
 
    $api_url = $global:env:uem_environment + "/users/$user_guid/profiles"
 
    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Put
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '400' {Write-Error "Profile type not supported."}
            '404' {Write-Error "User or profile not found."}
            default {Write-Error "Authentication failed: $_"}
        }
    }
}
#>


function Get-UserAssignedProfile {

    <#
    .SYNOPSIS
 
    Function to Get assigned profile for a user by profile GUID.
 
    .DESCRIPTION
 
    Function to Get assigned profile for a user by profile GUID.
 
    .PARAMETER user_guid
    This must be the guid of the user in blackberry uem.
 
    .PARAMETER profile_guid
    This must be the guid of the profile in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    #TODO
 
    .EXAMPLE
 
    Get-BBUEMUserAssignedProfile -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc' -profile_guid $profile_guid
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getProfileAssignedByGuid_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$profile_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.profileassignment-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users/$user_guid/profiles/$profile_guid"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '400' {Write-Error "Profile type not supported."}
            '404' {Write-Error "User or profile not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Get-UserServices {

    <#
    .SYNOPSIS
 
    Function to retrieve services assigned to a user.
 
    .DESCRIPTION
 
    Function to retrieve services assigned to a user.
 
    .PARAMETER user_guid
    This must be the guid of the user in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    #TODO
 
    .EXAMPLE
 
    Get-BBUEMUserServices -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getServices_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.serviceassignments-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users/$user_guid/services"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '404' {Write-Error "User not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Get-UserDeviceByGuid {

    <#
    .SYNOPSIS
 
    Function to search the blackberry uem api and get a specific user device by guid.
 
    .DESCRIPTION
 
    Function to search the blackberry uem api and get a specific user device by guid.
 
    .PARAMETER user_guid
    This must be the guid of the user in blackberry uem.
 
    .PARAMETER user_guid
    This must be the guid of the device in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    System.Object. Returns a device object matching the user guid query.
 
    .EXAMPLE
 
    Get-BBUEMUserDeviceByGuid -user_guid $user.guid -device_guid $device_guid
 
    .EXAMPLE
 
    Get-UEMAPIUserDevices -user_guid 'cf60110b-d540-4b6c-b316-d83aa201344f'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_14_rest/resource_Users.html#resource_Users_getUserDevices_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [string]$user_guid,

        [Parameter(Mandatory = $true)]
        [string]$device_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.userdevice-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }
    $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices/$device_guid"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '404' {Write-Error "User or Device not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Get-UserApps {

    <#
    .SYNOPSIS
 
    Function to retrieve a user by it's GUID.
 
    .DESCRIPTION
 
    This function searches the Blackberry UEM API by GUID and returns the matching user.
 
    .PARAMETER user
    This must be the guid of the user in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    System.Object. With the user information.
 
    .EXAMPLE
 
    Get-UEMAPiUserByGuid -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getUserDeviceApplications_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.applicationassignments-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users/$user_guid/applications"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '400' {Write-Error "Invalid search query."}
            '404' {Write-Error "User not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Get-UserAppByGuid {

    <#
    .SYNOPSIS
 
    Function to retrieve a user by it's GUID.
 
    .DESCRIPTION
 
    This function searches the Blackberry UEM API by GUID and returns the matching user.
 
    .PARAMETER user
    This must be the guid of the user in blackberry uem.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    System.Object. With the user information.
 
    .EXAMPLE
 
    Get-UEMAPiUserByGuid -user_guid 'db7c8555-17c2-46b4-be55-86d567f4f7cc'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getUserDeviceApplication_GET
 
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$user_device_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$app_guid
    )
    Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
    $Headers = @{
        'Accept' = 'application/vnd.blackberry.userdevice.application-v1+json'
        'Authorization' = $global:env:uem_auth_token
    }

    $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices/$user_device_guid/applications/$app_guid"

    try {
        Invoke-IgnoreCertForPS5
        $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
        return $Response
    }
    catch {
        Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
            '404' {Write-Error "User, Device, or Application not found."}
            default {Write-Error "Authentication failed: $_"}
        } 
    }
}

function Invoke-UserDeviceApplicationCommand {

    <#
    .SYNOPSIS
 
    Function to send commands to act against specific application on the users phone.
 
    .DESCRIPTION
 
    This function has a set array of 5 commands it can pass to the phone. Please check out this endpoint
    /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}/applications/{appGuid}/commands
    for specifics on the available commands. Or look at the code below.
 
    .PARAMETER user_guid
    [System.Guid] This is the guid of the user who owns the device we will be acting against.
 
    .PARAMETER device_guid
    [System.Guid] This is the guid of the device we will be acting against.
 
    .PARAMETER application_guid
    [System.Guid] This is the guid of the application installed on the device we will be acting against.
 
    .PARAMETER command
    [string] This is command we will be sending to act against the application. The only valid commands
    at time of writing are: "LOCK_APPLICATION", "DELETE_APPLICATION","ATTEST_APPLICATION","BLOCK_APPLICATION","UNBLOCK_APPLICATION"
 
    .PARAMETER type
    [string] This is only passed if the "ATTEST_APPLICATION" command has been passed. Its possible values are:
    "SAFETYNET", "HARDWARE_KEY", "APP_INTEGRITY"
 
    .PARAMETER title
    [string] This is only passed if the 'BLOCK_APPLICATION' command has been passed.
 
    .PARAMETER body
    [string] This is only passed if the 'BLOCK_APPLICATION' command has been passed.
 
    .PARAMETER actionid
    [string] This is only passed if the 'BLOCK_APPLICATION' or 'UNBLOCK_APPLICATION' commands have been passed.
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    No idea yet, havent been able to test it.
 
    .EXAMPLE
 
    #This deletes all app data for an application.
    Invoke-UEMUserDeviceApplicationCommand -user_guid $uguid -device_guid $dguid -application_guid $aguid -command 'DELETE_APPLICATION'
 
    .EXAMPLE
     
    #This would block the passed application and display a message on the phone.
    Invoke-UEMUserDeviceApplicationCommand -user_guid $uguid -device_guid $dguid -application_guid $aguid -command 'BLOCK_APPLICATION' `
                                           -title $title -body 'You have had an application blocked' -actionid 'wc_blackberry_work_block'
 
    .EXAMPLE
     
    #This actually have no idea what attestation means.
    Invoke-UEMUserDeviceApplicationCommand -user_guid $uguid -device_guid $dguid -application_guid $aguid -command 'ATTEST_APPLICATION' -type "HARDWARE_KEY"
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_sendUserDeviceApplicationCommand_POST
 
    #>


    [CmdletBinding(DefaultParameterSetName = 'Default')]
    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$device_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$application_guid,

        [Parameter(Mandatory = $true, ParameterSetName = 'ATTEST_APPLICATION')]
        [Parameter(Mandatory = $true, ParameterSetName = 'BLOCK_APPLICATION')]
        [Parameter(Mandatory = $true, ParameterSetName = 'UNBLOCK_APPLICATION')]
        [Parameter(Mandatory = $true, ParameterSetName = 'Default')]
        [ValidateSet("LOCK_APPLICATION", "DELETE_APPLICATION","ATTEST_APPLICATION","BLOCK_APPLICATION","UNBLOCK_APPLICATION")]
        [string]$command,

        [Parameter(Mandatory = $true, ParameterSetName = 'ATTEST_APPLICATION')]
        [ValidateSet("SAFETYNET", "HARDWARE_KEY", "APP_INTEGRITY")]
        [string]$type,

        [Parameter(Mandatory = $true, ParameterSetName = 'BLOCK_APPLICATION')]
        [string]$title,

        [Parameter(Mandatory = $true, ParameterSetName = 'BLOCK_APPLICATION')]
        [string]$body,

        [Parameter(Mandatory = $true, ParameterSetName = 'BLOCK_APPLICATION')]
        [Parameter(Mandatory = $true, ParameterSetName = 'UNBLOCK_APPLICATION')]
        [string]$actionId
    )

    begin {
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $method = 'Post'
        $Headers = @{
            'Content-Type' = 'application/vnd.blackberry.command-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
        $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices/$device_guid/applications/$application_guid/commands"

        switch ($PsCmdlet.ParameterSetName) {
            "ATTEST_APPLICATION" {
                Write-Debug "Matched: ATTEST_APPLICATION"
                $RequestBody = New-UEMAttestApplicationRequestBody -type $type
            }
            "BLOCK_APPLICATION" {
                Write-Debug "Matched: BLOCK_APPLICATION"
                $RequestBody = New-UEMBlockApplicationRequestBody -actionId $actionId -title $title -body $body
            }
            "UNBLOCK_APPLICATION" {
                Write-Debug "Matched: UNBLOCK_APPLICATION"
                $RequestBody = New-UEMUnblockApplicationRequestBody -actionId $actionId
            }
            "Default" {
                Write-Debug "Matched: Default Parameter set"
                Write-debug "Command is: $($PSBoundParameters['Command'])"

                If($($PSBoundParameters['Command']) -eq "LOCK_APPLICATION"){
                    $RequestBody = New-UEMLockApplicationRequestBody
                }
                ElseIf($($PSBoundParameters['Command']) -eq "DELETE_APPLICATION"){
                    $RequestBody = New-UEMDeleteApplicationRequestBody
                }
            }
        }
    }
    process {
        try {

            Write-Debug "URI: $api_url"
            Write-Debug "Headers: $($headers | Out-String)"
            Write-Debug "Method: $method"
            Write-Debug "Body: $RequestBody"

            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method $method -Body $RequestBody
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '400' {Write-Error "Invalid request. For example, command not supported or invalid field semantics."}
                '404' {Write-Error "User, Device, or application not found."}
                default {Write-Error "$_"}
            } 
        }
    }
}

function Invoke-UserDeviceCommand {

    <#
    .SYNOPSIS
 
    Function to send commands to act against an entire device.
 
    .DESCRIPTION
 
    This function has a set array of 18 commands it can pass to the phone. Please check out this endpoint
    /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}/commands
    for specifics on the available commands. Or look at the code below. Currently there is not code coverage
    for all 18 commands. More can be added as needed.
 
    .PARAMETER user_guid
    [System.Guid] This is the guid of the user who owns the device we will be acting against.
 
    .PARAMETER device_guid
    [System.Guid] This is the guid of the device we will be acting against.
 
    .PARAMETER command
    [string] This is command we will be sending to act against the application. The only valid commands
    we support right now are: "DELETE_WORK_SPACE_DATA","REMOVE_DEVICE"
 
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    No idea yet, havent been able to test it.
 
    .EXAMPLE
 
    #This deletes all app data for an application.
    Invoke-UEMUserDeviceApplicationCommand -user_guid $uguid -device_guid $dguid -application_guid $aguid -command 'DELETE_APPLICATION'
 
    .EXAMPLE
     
    #This would delete only work data on the device.
    Invoke-UEMUserDeviceApplicationCommand -user_guid $uguid -device_guid $dguid -command 'DELETE_WORK_SPACE_DATA'
 
    .EXAMPLE
     
    #This would remove a device from UEM without waiting for a response from the device.
    Invoke-UEMUserDeviceApplicationCommand -user_guid $uguid -device_guid $dguid -command 'REMOVE_DEVICE'
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_sendUserDeviceCommand_POST
 
    #>


    [CmdletBinding(DefaultParameterSetName = 'Default')]
    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$device_guid,

        [Parameter(Mandatory = $true)]
        [ValidateSet("DELETE_WORK_SPACE_DATA","REMOVE_DEVICE")]
        [string]$command
    )

    begin {
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $Headers = @{
            'Content-type' = 'application/vnd.blackberry.command-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
        $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices/$device_guid/commands"

        switch ($command) {
            "DELETE_WORK_SPACE_DATA" {
                $RequestBody = New-UEMDeleteWorkSpaceDataRequestBody
            }
            "REMOVE_DEVICE" {
                $RequestBody = New-UEMRemoveDeviceRequestBody
            }
        }
    }
    process {
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Post -Body $RequestBody
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '400' {Write-Error "Invalid request. For example, command not supported or invalid field semantics."}
                '404' {Write-Error "User or Device not found."}
                default {Write-Error "Authentication failed: $_"}
            } 
        }
    }
}

function Get-UserDeviceCommandStatus {

    <#
    .SYNOPSIS
 
    Function to retrieve status of command that has been sent to a device.
 
    .DESCRIPTION
 
    This function has a set array of 18 commands it can pass to the phone. Please check out this endpoint
    /{tenantGuid}/api/v1/users/{userGuid}/userDevices/{userDeviceGuid}/commands
    for specifics on the available commands. Or look at the code below. Currently there is not code coverage
    for all 18 commands. More can be added as needed.
 
    .PARAMETER user_guid
    [System.Guid] This is the guid of the user who owns the device we will be acting against.
 
    .PARAMETER device_guid
    [System.Guid] This is the guid of the device we will be acting against.
 
    .PARAMETER command_guid
    [System.Guid] This is the guid of the command we will be searching for.
 
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    No idea yet, havent been able to test it.
 
    .EXAMPLE
 
    #This deletes all app data for an application.
    Get-UEMUserDeviceCommandStatus -user_guid $uguid -device_guid $dguid -command_guid $cguid
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getUserDeviceCommandStatus_GET
 
    #>


    [CmdletBinding(DefaultParameterSetName = 'Default')]
    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$device_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$command_guid
    )

    begin {
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $Headers = @{
            'Accept' = 'application/vnd.blackberry.command-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
        $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices/$device_guid/commands/$command_guid"

    }
    process {
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '400' {Write-Error "Invalid request. For example, command not supported or invalid field semantics."}
                '404' {Write-Error "User, Device, or Device Command not found."}
                default {Write-Error "Authentication failed: $_"}
            } 
        }
    }
}

function Get-UserDeviceProfiles {

    <#
    .SYNOPSIS
 
    Function to retrieve effective device profiles for a device.
 
    .DESCRIPTION
 
    Get effective profiles for a user device. The effective profiles are the profiles
    that will actually get delivered to the user device. A profile that is assigned to
    a user directly, via a user group, or via a device group may not actually get delivered
    to the user device, for example due to OS and version compatibility.
 
    .PARAMETER user_guid
    [System.Guid] This is the guid of the user who owns the device we will be acting against.
 
    .PARAMETER device_guid
    [System.Guid] This is the guid of the device we will be acting against.
 
 
    .INPUTS
 
    None.
 
    .OUTPUTS
 
    No idea yet, havent been able to test it.
 
    .EXAMPLE
 
    Get-UEMUserDeviceProfile -user_guid $uguid -device_guid $dguid
 
    .LINK
 
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Users.html#resource_Users_getUserDeviceProfiles_GET
 
    #>


    [CmdletBinding(DefaultParameterSetName = 'Default')]
    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid]$user_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid]$device_guid
    )
    begin {
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $Headers = @{
            'Accept' = 'application/vnd.blackberry.profiles-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
        $api_url = $global:env:uem_environment + "/users/$user_guid/userDevices/$device_guid/profiles"

    }
    process {
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Get
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '404' {Write-Error "User or Device not found."}
                default {Write-Error "Authentication failed: $_"}
            } 
        }
    }
}