Functions/SafeMembers/Set-PASSafeMember.ps1

# .ExternalHelp psPAS-help.xml
function Set-PASSafeMember {
    [CmdletBinding(SupportsShouldProcess)]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$SafeName,

        [Alias('UserName')]
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$MemberName,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [datetime]$MembershipExpirationDate,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UseAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$RetrieveAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ListAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$AddAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UpdateAccountContent,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UpdateAccountProperties,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'CPM'
        )]
        [boolean]$InitiateCPMAccountManagementOperations,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'CPM'
        )]
        [boolean]$SpecifyNextAccountContent,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$RenameAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$DeleteAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$UnlockAccounts,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ManageSafe,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ManageSafeMembers,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$BackupSafe,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ViewAuditLog,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$ViewSafeMembers,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateRange(0, 2)]
        [int]$RequestsAuthorizationLevel,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$AccessWithoutConfirmation,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$CreateFolders,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$DeleteFolders,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$MoveAccountsAndFolders
    )

    BEGIN {

        #array for parameter names which appear in the top-tier of the JSON object
        $keysToKeep = [Collections.Generic.List[String]]@(
            'MembershipExpirationDate', 'Permissions'
        )

    }#begin

    PROCESS {

        #Create URL for request
        $URI = "$Script:BaseURI/WebServices/PIMServices.svc/Safes/$($SafeName |

            Get-EscapedString)/Members/$($MemberName | Get-EscapedString)"


        #Get passed parameters to include in request body
        $boundParameters = $PSBoundParameters | Get-PASParameter

        If ($PSBoundParameters.ContainsKey('MembershipExpirationDate')) {

            #Convert ExpiryDate to string in Required format
            $Date = (Get-Date $MembershipExpirationDate -Format MM/dd/yyyy).ToString()

            #Include date string in request
            $boundParameters['MembershipExpirationDate'] = $Date

        }

        #Add permissions array to request in correct order
        [array]$boundParameters['Permissions'] = $boundParameters | ConvertTo-SortedPermission -Gen1

        #Create JSON for body of request
        $body = @{

            'member' = $boundParameters | Get-PASParameter -ParametersToKeep $keysToKeep

            #Ensure all levels of object are output
        } | ConvertTo-Json -Depth 3

        if ($PSCmdlet.ShouldProcess($SafeName, "Update Safe Permissions for '$MemberName'")) {

            #Send request to webservice
            $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -WebSession $Script:WebSession

            If ($null -ne $result) {

                #format output
                $result.member | Select-Object MembershipExpirationDate,

                @{Name = 'Permissions'; 'Expression' = {

                        $result.member.permissions | ConvertFrom-KeyValuePair }

                } | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe.Member -PropertyToAdd @{

                    'UserName' = $MemberName
                    'SafeName' = $SafeName

                }

            }

        }

    }#process

    END { }#end

}