IT/EgnytePermissions
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

migrate to new repo

Browse Source
This commit is contained in:
Erik Eckert 2023-09-14 10:56:07 -06:00
commit d59730017e
3 changed files with 242 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
API Tokens/Get_Bearer_Token.ps1 Normal file
View File

@ -0,0 +1,52 @@
<#
Script to generate bearer token for Egnyte API. Bearer token is then used in future reqeusts.
#>
$BasePath = 'https://mpe.egnyte.com'
$OAuthPath = $BasePath + '/puboauth/token'
# Get path to store bearer.token file.
if (!($Tokenfolderpath)) {
Add-Type -AssemblyName System.Windows.Forms
$FileBrowser = New-Object System.Windows.Forms.FolderBrowserDialog
$FileBrowser.Description = 'Locate bearer.token file'
$FileBrowser.UseDescriptionForTitle
$null = $FileBrowser.ShowDialog()
$Tokenfolderpath = $FileBrowser.SelectedPath
}
$key_path = $Tokenfolderpath + '\Egnyte Key.token'
$Secret_path = $Tokenfolderpath + '\Egnyte Secret.token'
$client_id = get-content -Path $key_path | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
$client_secret = get-content -Path $Secret_path | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
if (!($EG_User)) {
$EG_User = read-host -Prompt "Enter your Egnyte (non-sso) username. The API will impersonate this user:"
}
if (!($EG_Password)) {
$EG_Password = read-host -Prompt "Enter your Egnyte (non-sso) Password" -MaskInput
}
$eg_grant_type = 'grant_type=password'
$EG_Scopes = 'Egnyte.permission Egnyte.filesystem'
$eg_auth_token = "client_id=$client_id&client_secret=$client_secret&username=$EG_User&password=$EG_Password&$eg_grant_type&scope=$eg_scopes" #| ConvertTo-SecureString -AsPlainText
$eg_header = @{
'Content-Type' = 'application/x-www-form-urlencoded'
'Connection' = 'close'
'grant_type' = 'password'
}
# Send actual request
$eg_auth_response = Invoke-WebRequest -Uri $OAuthPath -HttpVersion 1.1 -Method Post -body $eg_auth_token -Headers $eg_header
$eg_bearer_token = ($eg_auth_response.Content | ConvertFrom-Json).access_token
#Save Bearer Token to file for furture use
$TokenPath = $Tokenfolderpath + '\' + $env:COMPUTERNAME + '-' + $env:USERNAME + ' Bearer.token'
$eg_bearer_token | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Set-Content -Path $TokenPath

26
API Tokens/Revoke-OldToken.ps1 Normal file
View File

@ -0,0 +1,26 @@
$token1 = Get-content -Path .\bearer.token
$client_secret = 'MAhCqnVAUUq7RvR73wMd5FB9dUP3hhfwGCB7jrXcG8g9gzCQ3a'
$token = 'token=' + $token1 + '&client_secret=' + $client_secret
$BasePath = 'https://mpe.egnyte.com'
$RevokePath = $BasePath + '/pubapi/v1/tokens/revoke'
$eg_header = @{
'Content-Type' = 'application/x-www-form-urlencoded'
'Connection' = 'close'
'Authorization' = 'Bearer ' + $token1
}
# $body = @{
# $
# }
$Revoke_Response = Invoke-WebRequest -Uri $RevokePath -HttpVersion 1.1 -Method Post -body $token -Headers $eg_header
if ($Revoke_Response.StatusCode -eq 200) {
write-output "token revoked successfully, deleting"
remove-item .\bearer.token
}

164
Permissions/HR_Permissions.ps1 Normal file
View File

@ -0,0 +1,164 @@
<#
Script to add Satey to Each folder under /Shared/HR Folder where folder name = Safety.
#>
##Relative path to the same folder as the script
$pathForLogs = "logs.txt"
# get Bearer Token
if (!($token1)) {
# Get path to store bearer.token file.
Add-Type -AssemblyName System.Windows.Forms
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog
$null = $FileBrowser.ShowDialog()
$token1 = Get-content -Path $FileBrowser.FileName | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
}
#Log successful start
$currentTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$message = "[$currentTime] Script started"
$message | Out-File -FilePath $pathForLogs -Append
# Set constants
# LIST FILE / FOLDER resource '/pubapi/v1/fs/{Full Path to File/Folder}'
$BasePath = 'https://mpe.egnyte.com'
$BaseFolderpath = '/Shared/H-Human Resources'
$resourceURI = '/pubapi/v1/fs' + $BaseFolderpath
$fs_header = @{
'Authorization' = 'Bearer ' + $token1
'Content-Type' = 'application/json'
}
if ($null -eq $last_refresh -or $last_refresh -le (Get-Date).AddHours(-1)) {
$refreshdata = 'Y' # auto-refresh data after 1 hour old
}
# variable to track queries per second from Egnyte
$Global_QPS = 0
$Global_QPS_limit = 10
function shouldISleep {
if ($Global_QPS -gt ($Global_QPS_limit - 3)) {
return $true
}
else {
return $false
}
}
function EGGroup-SetFolderPermission {
param (
$FolderPathToChange,
$GroupPermissionsName,
$GroupPermissionLevel
)
if (shouldISleep) {
Write-Host -ForegroundColor DarkGray "API QPS Limit Approaching - Throttling - Current Value: $Global_QPS"
Start-Sleep 1
}
$path_1 = ($FolderPathToChange).Replace('#', '%23')
Write-Host -ForegroundColor Yellow "Processing" $path_1
$resourceURI = '/pubapi/v2/perms' + $path_1
$uri = $BasePath + $resourceURI
$req_body = [PSCustomObject]@{
groupPerms =
@{
$GroupPermissionsName = $GroupPermissionLevel
}
} | ConvertTo-Json
#Send the API request
$sub_response = Invoke-WebRequest -uri $uri -Headers $fs_header -Body $req_body -Method Post
$Global_QPS = $sub_response.headers.'x-accesstoken-qps-current'
if ($sub_response.StatusCode -ne 204) {
$currentTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$errorMessage = "[$currentTime] An error occurred (status code not 204)"
$errorMessage | Out-File -FilePath $pathForLogs -Append
Write-Host "ERROR" -ForegroundColor DarkRed
}
}
# Get's folder list from egnyte - first layer
$uri = $BasePath + $resourceURI
if (!($fs_response) -or $refreshdata -eq 'Y' ) {
# Onyly hit the API if needed
$fs_response = Invoke-WebRequest -Uri $uri -Headers $fs_header
$Global_QPS = $fs_response.headers.'x-accesstoken-qps-current'
$last_refresh = get-date
}
$fs_folder_data = $fs_response.Content | ConvertFrom-Json
foreach ($office_folder in $fs_folder_data.folders) {
write-host -ForegroundColor Green "Processing" $office_folder.name
$Paths = @(($office_folder.path + '/Current Employees'), ($office_folder.path + '/Past Employees'))
foreach ($path in $paths) {
write-host -ForegroundColor Blue "Processing" $path
# Determine Office Admin Group
switch ($office_folder.name) {
'Lethbridge' { $Office_short_code = 'LB' }
'Calgary' { $Office_short_code = 'CG' }
'Edmonton' { $Office_short_code = 'ED' }
'Grande Prairie' { $Office_short_code = 'GP' }
'Red Deer' { $Office_short_code = 'RD' }
'Medicine Hat' { $Office_short_code = 'MH' }
'Regina' { $Office_short_code = 'RG' }
'Saskatoon' { $Office_short_code = 'SK' }
'Winnipeg' { $Office_short_code = 'WP' }
'Vancouver' { $Office_short_code = 'VC' }
# Lethbridge { $Office_short_code = 'LB' }
}
$resourceURI = '/pubapi/v1/fs' + $path
$uri = $BasePath + $resourceURI
if (!($response) -or $refreshdata -eq 'Y' ) {
# Only hit the API if needed
# Start-Sleep -Seconds 2
$response = Invoke-WebRequest -Uri $uri -Headers $fs_header
$Global_QPS = $response.headers.'x-accesstoken-qps-current'
$last_refresh = get-date
}
$path_folder_list = ($response.content | convertfrom-json).folders
$path_folder_list.path | ForEach-Object {
# Education, Internal Forms, Safety and Performance folders need custom permissions
# Education
$EG_Group = $Office_short_code + ' Admin'
$EG_Permission = 'Editor'
$EG_Path = $_ + '/Education'
EGGroup-SetFolderPermission $EG_Path $EG_Group $EG_Permission
#Internal Forms
$EG_Path = $_ + '/Internal Forms'
EGGroup-SetFolderPermission $EG_Path $EG_Group $EG_Permission
# Safety
$EG_Group = 'Safety Liason - ' + $office_folder.name
$EG_Permission = 'Full'
$EG_Path = $_ + '/Safety'
EGGroup-SetFolderPermission $EG_Path $EG_Group $EG_Permission
}
}
}
$currentTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$message = "[$currentTime] Script completed successfully"
$message | Out-File -FilePath $pathForLogs -Append