Functions/SafeMembers/Set-PASSafeMember.ps1

# .ExternalHelp psPAS-help.xml
function Set-PASSafeMember {
    [CmdletBinding(SupportsShouldProcess)]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$SafeName,

        [Alias("UserName")]
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$MemberName,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [datetime]$MembershipExpirationDate,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UseAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$RetrieveAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ListAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$AddAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UpdateAccountContent,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UpdateAccountProperties,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = "CPM"
        )]
        [boolean]$InitiateCPMAccountManagementOperations,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = "CPM"
        )]
        [boolean]$SpecifyNextAccountContent,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$RenameAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$DeleteAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UnlockAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ManageSafe,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ManageSafeMembers,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$BackupSafe,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ViewAuditLog,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ViewSafeMembers,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateRange(0, 2)]
        [int]$RequestsAuthorizationLevel,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$AccessWithoutConfirmation,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$CreateFolders,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$DeleteFolders,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$MoveAccountsAndFolders
    )

    BEGIN {

        #array for parameter names which appear in the top-tier of the JSON object
        $keysToKeep = [Collections.Generic.List[String]]@(
            'MembershipExpirationDate', 'Permissions'
        )

    }#begin

    PROCESS {

        #Create URL for request
        $URI = "$Script:BaseURI/WebServices/PIMServices.svc/Safes/$($SafeName |

            Get-EscapedString)/Members/$($MemberName | Get-EscapedString)"


        #Get passed parameters to include in request body
        $boundParameters = $PSBoundParameters | Get-PASParameter

        If ($PSBoundParameters.ContainsKey("MembershipExpirationDate")) {

            #Convert ExpiryDate to string in Required format
            $Date = (Get-Date $MembershipExpirationDate -Format MM/dd/yyyy).ToString()

            #Include date string in request
            $boundParameters["MembershipExpirationDate"] = $Date

        }

        #Add permissions array to request in correct order
        [array]$boundParameters["Permissions"] = $boundParameters | ConvertTo-SortedPermission

        #Create JSON for body of request
        $body = @{

            "member" = $boundParameters | Get-PASParameter -ParametersToKeep $keysToKeep

            #Ensure all levels of object are output
        } | ConvertTo-Json -Depth 3

        if ($PSCmdlet.ShouldProcess($SafeName, "Update Safe Permissions for '$MemberName'")) {

            #Send request to webservice
            $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -WebSession $Script:WebSession

            If ($null -ne $result) {

                #format output
                $result.member | Select-Object MembershipExpirationDate,

                @{Name = "Permissions"; "Expression" = {

                        $result.member.permissions | ConvertFrom-KeyValuePair }

                } | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe.Member -PropertyToAdd @{

                    "UserName" = $MemberName
                    "SafeName" = $SafeName

                }

            }

        }

    }#process

    END { }#end

}