public/complete/roles.psm1

Function Get-AdminRoles {

    <#
    .SYNOPSIS
    Function to Get a list of all admin roles in the system.
 
    .DESCRIPTION
    Function to Get a list of all admin roles in the system.
 
    .EXAMPLE
    Get-AdminRoles
 
    .LINK
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Roles.html#resource_Roles_getAdminRoles_GET
    #>


    Param(
    )

    begin{
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $method = 'Get'
        $Headers = @{
            'Accept' = 'application/vnd.blackberry.adminroles-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
    
        $api_url = $global:env:uem_environment + "/roles/admin"
    
        Write-Debug "URI: $api_url"
        Write-Debug "Headers: $headers"
        Write-Debug "Method: $method"
    }

    process{
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method $method
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                default {Write-Error "$_"}
            } 
        }
    }
}

Function Get-AdminRole {

    <#
    .SYNOPSIS
    Function to Get an admin role by GUID.
 
    .DESCRIPTION
    Function to Get an admin role by GUID.
 
    .PARAMETER guid
    GUID of the admin role.
 
    .EXAMPLE
    Get-AdminRole -guid 'f011e00e-88b8-431f-8e15-bed23d266d0c'
 
    .LINK
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Roles.html#resource_Roles_getAdminRole_GET
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [string] $guid
    )

    begin{
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $method = 'Get'
        $Headers = @{
            'Accept' = 'application/vnd.blackberry.adminrole-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
    
        $api_url = $global:env:uem_environment + "/roles/admin/$guid"
    
        Write-Debug "URI: $api_url"
        Write-Debug "Headers: $headers"
        Write-Debug "Method: $method"
    }

    process{
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method $method
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '404'   {Write-Error "Admin role not found."}
                default {Write-Error "$_"}
            } 
        }
    }
}

Function Get-AdminRoleUsers {

    <#
    .SYNOPSIS
    Function to Get a list of users assigned to the given Admin Role.
 
    .DESCRIPTION
    Function to Get a list of users assigned to the given Admin Role.
 
    .PARAMETER guid
    GUID of the admin role.
 
    .EXAMPLE
    Get-AdminRoleUsers -guid 'f011e00e-88b8-431f-8e15-bed23d266d0c'
 
    .LINK
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Roles.html#resource_Roles_getAdminUsers_GET
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid] $guid
    )

    begin{
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $method = 'Get'
        $Headers = @{
            'Accept' = 'application/vnd.blackberry.users-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
    
        $api_url = $global:env:uem_environment + "/roles/admin/$guid/users"
    
        Write-Debug "URI: $api_url"
        Write-Debug "Headers: $headers"
        Write-Debug "Method: $method"
    
    }

    process{
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method $method
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '404'   {Write-Error "Admin role not found."}
                default {Write-Error "$_"}
            } 
        }
    }
}

Function Remove-AdminRoleFromUser {

    <#
    .SYNOPSIS
    Function to Remove the specific admin role from the specific user.
 
    .DESCRIPTION
    Function to Remove the specific admin role from the specific user.
 
    .PARAMETER admin_role_guid
    GUID of the admin role
 
    .PARAMETER user_guid
    GUID of the user to update
 
    .EXAMPLE
    Remove-AdminRoleFromUser -admin_role_guid 'a8fafde0-c6b9-4e56-8109-2b9bc0d3c6b1' -user_guid 'f337f066-e53e-44cf-be43-c25738e3fcc8'
 
    .LINK
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Roles.html#resource_Roles_removeAdminRole_DELETE
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid] $admin_role_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid] $user_guid
    )

    begin{
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $method = 'Delete'
        $Headers = @{
            'Accept' = 'application/vnd.blackberry.users-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
    
        $api_url = $global:env:uem_environment + "/roles/admin/$admin_role_guid/users/$user_guid"
    
        Write-Debug "URI: $api_url"
        Write-Debug "Headers: $headers"
        Write-Debug "Method: $method"
    }

    process{
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method $method
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '404'   {Write-Error "Admin role not found."}
                '409'   {Write-Error "Unable to remove last security admin."}
                default {Write-Error "$_"}
            } 
        }
    }
}

Function Add-AdminRoleToUser {

    <#
    .SYNOPSIS
    Function to Assign (add or replace) the given user's Admin role with the specific Admin Role.
 
    .DESCRIPTION
    Function to Assign (add or replace) the given user's Admin role with the specific Admin Role.
 
    .PARAMETER admin_role_guid
    GUID of the admin role
 
    .PARAMETER user_guid
    GUID of the user to update
 
    .EXAMPLE
    Add-AdminRoleToUser -admin_role_guid 'c4c28a00-08be-4835-aa41-4c830f9f1079' -user_guid '9d61240a-e753-4483-93c2-75ef9e73ebfa'
 
    .LINK
    https://developer.blackberry.com/files/bws/reference/blackberry_uem_12_18_rest/resource_Roles.html#resource_Roles_assignAdminRole_PUT
    #>


    Param(
        [Parameter(Mandatory = $true)]
        [System.Guid] $admin_role_guid,

        [Parameter(Mandatory = $true)]
        [System.Guid] $user_guid
    )

    begin{
        Write-Debug "Entering Function: $($MyInvocation.MyCommand)"
        $method = 'Put'
        $Headers = @{
            'Content-Type' = 'application/vnd.blackberry.users-v1+json'
            'Authorization' = $global:env:uem_auth_token
        }
    
        $api_url = $global:env:uem_environment + "/roles/admin/$admin_role_guid/users/$user_guid"
    
        Write-Debug "URI: $api_url"
        Write-Debug "Headers: $headers"
        Write-Debug "Method: $method"
    }

    process{
        try {
            Invoke-IgnoreCertForPS5
            $Response = Invoke-RestMethod -Uri $api_url -Headers $Headers -Method Put
            return $Response
        }
        catch {
            Switch -Wildcard ($_.Exception.Response.StatusCode.value__) {
                '404'   {Write-Error "Admin role not found."}
                '409'   {Write-Error "Unable to remove last security admin."}
                default {Write-Error "$_"}
            } 
        }
    }
}