Functions/workflow-service/Add-vROWorkflowPermission.psm1

function Add-vROWorkflowPermission {
<#
    .SYNOPSIS
    Add a Permission to a vRO Workflow
    
    .DESCRIPTION
    Add a Permission to a vRO Workflow
    
    .PARAMETER Id
    Workflow Id

    .PARAMETER Principal
    Specify the Permission Principal. Needs to be in the format user@domain or domain\user

    .PARAMETER Rights
    Specify the Permission Rights

    .INPUTS
    System.String

    .OUTPUTS
    System.Management.Automation.PSObject.
    
    .EXAMPLE
    Add-vROWorkflowPermission -Id '3f92d2dc-a9fa-4323-900b-ef97196184ea' -Principal vRO_Users@vrademo.local -Rights 'View','Execute','Inspect'

    .EXAMPLE
    $Permissions = Get-vROWorkflowPermission -Id '3f92d2dc-a9fa-4323-900b-ef97196184ea'
    Get-vROWorkflow -Id '5af6c1fd-3d12-4418-8542-0afad165cc08' | Add-vROWorkflowPermission -Principal $Permissions[0].Principal -Rights $Permissions[0].Rights
#>

[CmdletBinding(SupportsShouldProcess,ConfirmImpact="Low")][OutputType('System.Management.Automation.PSObject')]

    Param (

    [parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [ValidateNotNullOrEmpty()]
    [String[]]$Id,
    
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [String]$Principal,  
    
    [parameter(Mandatory=$true)]
    [ValidateSet("View","Execute","Inspect","Edit","Admin")]
    [String[]]$Rights
    )

    begin {

        # --- Break out the Username and Domain from the Principal
        if ($Principal -match "@"){

            $Username = ($Principal -split "@")[0]
            $Domain = ($Principal -split "@")[1]
        }
        elseif ($Principal -match "\\"){

            $Username = ($Principal -split "\\")[1]
            $Domain = ($Principal -split "\\")[0]
        }
        else {

            throw "Principal needs to be in the format user@domain or domain\user"
        }

        # --- Convert Rights to API required digit(s)
        $APIRights = @()

        switch ($Rights)
        {
            "View" {$APIRights += "r"}
            "Execute" {$APIRights += "x"}
            "Inspect" {$APIRights += "i"}
            "Edit" {$APIRights += "c"}
            "Admin" {$APIRights += "a"}

            Default {}
        }
    }

    process {

        foreach ($WorkflowId in $Id){
                
            try {

                if ($PSCmdlet.ShouldProcess($WorkflowId)){

                    # --- Create JSON Body
                    $Body = @"
    {
      "permissions": [
        {
          "permission": {
            "principal": "$($Domain)\\$($Username)",
            "rights": "$($APIRights -join "")"
          }
        }
      ]
    }
"@

                    # --- Send REST call and process results
                    $URI = "/vco/api/workflows/$($WorkflowId)/permissions"

                    Invoke-vRORestMethod -Method POST -Uri $URI -Body $Body -Verbose:$VerbosePreference | Out-Null
        
                    # --- Output the Successful Result
                    Get-vROWorkflowPermission -Id $WorkflowId | Where-Object {$_.Principal -match $Username}
                }
            }
            catch [Exception]{

                throw
            }
        }
    }

    end {

    }
}