Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,16 @@

All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org).

## [3.0.2] - 12-06-2026

### Changed
- Support '-' in permission names
- Made permission name and role name independant
- Minor fixes

### Fixed
- Issue #8

## [3.0.1] - 01-05-2026

### Added
Expand Down
5 changes: 1 addition & 4 deletions readme.md → README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<br />
<p align="center">
<img src="https://www.tools4ever.nl/connector-logos/intus-logo.png">
<img src="https://github.com/Tools4everBV/HelloID-Conn-Prov-Target-Intus-Inplanning/blob/main/Logo.png?raw=true">
</p>


Expand Down Expand Up @@ -140,9 +140,6 @@ $lookupValues = @{
> [!TIP]
> _For more information on how to configure a HelloID PowerShell connector, please refer to our [documentation](https://docs.helloid.com/en/provisioning/target-systems/powershell-v2-target-systems.html) pages_.

> [!TIP]
> _If you need help, feel free to ask questions on our [forum](https://forum.helloid.com/forum/helloid-connectors/provisioning/1481-helloid-conn-prov-target-intus)_

## HelloID docs

The official HelloID documentation can be found at: https://docs.helloid.com/
Expand Down
2 changes: 1 addition & 1 deletion create.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ try {
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
}
catch {
if (-not($_.ErrorDetails.Message -match '211 - Object does not exist')) {
if (-not($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
Expand Down
2 changes: 1 addition & 1 deletion disable.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ try {
}
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
} catch {
if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
Expand Down
2 changes: 1 addition & 1 deletion enable.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ try {
}
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
} catch {
if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
Expand Down
3 changes: 3 additions & 0 deletions permissions/permissions.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ try {
@{
RoleName = 'Leidinggevende'
},
@{
RoleName = 'Consignatiedienst Cluster A'
},
@{
RoleName = 'ADMIN'
}
Expand Down
39 changes: 24 additions & 15 deletions permissions/subPermissions.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,40 @@
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12

# Script Mapping lookup values and permission mapping
$permissionMapping = @(
@{
$permissionMapping = @{
'Planner' = @{
role = 'Planner'
resourceGroup = 'Planner {{LocationOwn}}'
exchangeGroup = 'Company'
shiftGroup = 'Company'
worklocationGroup = 'Root'
userGroup = 'Root'
},
@{
}
'Leidinggevende' = @{
role = 'Leidinggevende'
resourceGroup = '{{CostCenterOwn}}'
exchangeGroup = 'Company'
shiftGroup = 'Company'
worklocationGroup = 'Root'
userGroup = 'Root'
},
@{
}
'Consignatiedienst Cluster A' = @{
role = 'Consignatiedienst'
resourceGroup = 'Cluster A'
exchangeGroup = 'Company'
shiftGroup = 'Company'
worklocationGroup = 'Root'
userGroup = 'Root'
}
'ADMMIN' = @{
role = 'ADMIN'
resourceGroup = 'ADMIN'
exchangeGroup = 'ADMIN'
shiftGroup = 'ADMIN'
worklocationGroup = 'Root'
userGroup = 'Root'
}
)
}

# Lookup values which are used in the mapping to determine {{REPLACEMENT}}
$lookupValues = @{
Expand Down Expand Up @@ -145,7 +153,7 @@ try {
}

if ($actionContext.Operation -ne 'revoke' ) {
$subPermission = $permissionMapping | Where-Object { $_.role -eq $actionContext.References.Permission.Reference }
$subPermission = $permissionMapping[$actionContext.References.Permission.Reference]
if ($null -eq $subPermission) {
throw "Permission [$($actionContext.References.Permission.Reference)] does not have a valid script mapping defined"
}
Expand Down Expand Up @@ -174,7 +182,7 @@ try {
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
}
catch {
if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
$correlatedAccount = $null
}
}
Expand Down Expand Up @@ -214,7 +222,7 @@ try {
$mappedProperty = ($contract | Select-Object $lookupValue).$lookupValue
$null = Resolve-ReplaceHolderValue -ReplaceVariable $replaceVariable.Key -MappedProperty $mappedProperty -Contract $contract -DesiredPermission $desiredPermission
}
$desiredPermissionUniqueKey = "$($actionContext.References.Permission.Reference)-$($desiredPermission.ResourceGroup)"
$desiredPermissionUniqueKey = "$($desiredPermission.Role)&&$($desiredPermission.ResourceGroup)"
$desiredPermissions[$desiredPermissionUniqueKey] = $desiredPermission
}
}
Expand All @@ -223,7 +231,7 @@ try {
# Processing Static permissions body without placeholder(s)
else {
$desiredPermission = $subPermission.PSObject.Copy()
$desiredPermissionUniqueKey = "$($actionContext.References.Permission.Reference)-$($desiredPermission.ResourceGroup)"
$desiredPermissionUniqueKey = "$($desiredPermission.Role)&&$($desiredPermission.ResourceGroup)"
$desiredPermissions[$desiredPermissionUniqueKey] = $desiredPermission
}

Expand All @@ -239,13 +247,14 @@ try {
if ($actionContext.DryRun -eq $true) {
Write-Information "[DryRun] Grant access to permission $($permission.Name), will be executed during enforcement"
}

$existingRole = $currentRoles | Where-Object { $_.role -eq $permission.Value.role -and $_.resourceGroup -eq $permission.Value.resourceGroup }
if (-not $existingRole) {
$null = $currentRoles.Add($permission.value)
}
elseif ($existingRole.count -eq 1) {
$currentRoles.Remove($existingRole)
$currentRoles.Add($permission.value)
$null = $currentRoles.Remove($existingRole)
$null = $currentRoles.Add($permission.value)
}

$outputContext.AuditLogs.Add([PSCustomObject]@{
Expand All @@ -259,8 +268,8 @@ try {

# Process and calculate current permissions Revoke
foreach ($permission in $currentPermissions.GetEnumerator()) {
$roleName = $permission.Name -split '-' | Select-Object -First 1
$resourceGroup = $permission.Name -split '-' | Select-Object -Last 1
$roleName = $permission.Name -split '&&' | Select-Object -First 1
$resourceGroup = $permission.Name -split '&&' | Select-Object -Last 1
if (-not $desiredPermissions.ContainsKey($permission.Name)) {
if ($actionContext.DryRun -eq $true) {
Write-Information "[DryRun] Revoke access to permission $($permission.Name), will be executed during enforcement"
Expand Down
2 changes: 1 addition & 1 deletion update.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ try {
}
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
} catch {
if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
Expand Down
Loading