<#
Script to add Satey to Each folder under /Shared/HR Folder where folder name = Safety. 

#>


##Relative path to the same folder as the script 
$pathForLogs = "logs.txt"

# get Bearer Token
if (!($token1)) {
    # Get path to store bearer.token file. 
    Add-Type -AssemblyName System.Windows.Forms
    $FileBrowser = New-Object System.Windows.Forms.OpenFileDialog
    $null = $FileBrowser.ShowDialog()
    $token1 = Get-content -Path $FileBrowser.FileName | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText 
}

#Log successful start
$currentTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$message = "[$currentTime] Script started"
$message | Out-File -FilePath $pathForLogs -Append

# Set constants
# LIST FILE / FOLDER resource '/pubapi/v1/fs/{Full Path to File/Folder}'
$BasePath = 'https://mpe.egnyte.com'
$BaseFolderpath = '/Shared/H-Human Resources'
$resourceURI = '/pubapi/v1/fs' + $BaseFolderpath
$fs_header = @{
    'Authorization' = 'Bearer ' + $token1
    'Content-Type'  = 'application/json'
}

if ($null -eq $last_refresh -or $last_refresh -le (Get-Date).AddHours(-1)) {
    $refreshdata = 'Y' # auto-refresh data after 1 hour old
}
# variable to track queries per second from Egnyte
$Global_QPS = 0
$Global_QPS_limit = 10

function shouldISleep {
    if ($Global_QPS -gt ($Global_QPS_limit - 3)) {
        return $true
    }
    else {
        return $false
    }
}

function EGGroup-SetFolderPermission {
    param (
        $FolderPathToChange,
        $GroupPermissionsName,
        $GroupPermissionLevel
    )
    if (shouldISleep) {
        Write-Host -ForegroundColor DarkGray "API QPS Limit Approaching - Throttling - Current Value: $Global_QPS"
        Start-Sleep 1
    }
    $path_1 = ($FolderPathToChange).Replace('#', '%23')
    Write-Host -ForegroundColor Yellow "Processing" $path_1

    $resourceURI = '/pubapi/v2/perms' + $path_1
    $uri = $BasePath + $resourceURI

    $req_body = [PSCustomObject]@{
        groupPerms = 
        @{
            $GroupPermissionsName = $GroupPermissionLevel
        }
                
    } | ConvertTo-Json

    #Send the API request
    $sub_response = Invoke-WebRequest -uri $uri -Headers $fs_header -Body $req_body -Method Post

    $Global_QPS = $sub_response.headers.'x-accesstoken-qps-current'

    if ($sub_response.StatusCode -ne 204) {
        $currentTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
        $errorMessage = "[$currentTime] An error occurred (status code not 204)"
        $errorMessage | Out-File -FilePath $pathForLogs -Append
        Write-Host "ERROR" -ForegroundColor DarkRed
    }
}


# Get's folder list from egnyte - first layer
$uri = $BasePath + $resourceURI

if (!($fs_response) -or $refreshdata -eq 'Y' ) {
    # Onyly hit the API if needed
    $fs_response = Invoke-WebRequest -Uri $uri -Headers $fs_header
    $Global_QPS = $fs_response.headers.'x-accesstoken-qps-current'
    $last_refresh = get-date
}

$fs_folder_data = $fs_response.Content | ConvertFrom-Json 


foreach ($office_folder in $fs_folder_data.folders) {
    write-host -ForegroundColor Green "Processing" $office_folder.name
    $Paths = @(($office_folder.path + '/Current Employees'), ($office_folder.path + '/Past Employees'))

    
    foreach ($path in $paths) {
        write-host -ForegroundColor Blue "Processing" $path

        # Determine Office Admin Group
        switch ($office_folder.name) {
            'Lethbridge' { $Office_short_code = 'LB' }   
            'Calgary' { $Office_short_code = 'CG' }   
            'Edmonton' { $Office_short_code = 'ED' }   
            'Grande Prairie' { $Office_short_code = 'GP' }   
            'Red Deer' { $Office_short_code = 'RD' }   
            'Medicine Hat' { $Office_short_code = 'MH' }   
            'Regina' { $Office_short_code = 'RG' }   
            'Saskatoon' { $Office_short_code = 'SK' }   
            'Winnipeg' { $Office_short_code = 'WP' }   
            'Vancouver' { $Office_short_code = 'VC' }   
            # Lethbridge { $Office_short_code = 'LB' }   
        
        }

        $resourceURI = '/pubapi/v1/fs' + $path
        $uri = $BasePath + $resourceURI

        if (!($response) -or $refreshdata -eq 'Y' ) {
            # Only hit the API if needed
            # Start-Sleep -Seconds 2
            $response = Invoke-WebRequest -Uri $uri -Headers $fs_header
            $Global_QPS = $response.headers.'x-accesstoken-qps-current'
            $last_refresh = get-date
        }
        $path_folder_list = ($response.content | convertfrom-json).folders
        
        $path_folder_list.path | ForEach-Object {
        
            # Education, Internal Forms, Safety and Performance folders need custom permissions
            # Education
            $EG_Group = $Office_short_code + ' Admin'
            $EG_Permission = 'Editor'
            $EG_Path = $_ + '/Education'
            EGGroup-SetFolderPermission $EG_Path $EG_Group $EG_Permission

            #Internal Forms
            $EG_Path = $_ + '/Internal Forms'
            EGGroup-SetFolderPermission $EG_Path $EG_Group $EG_Permission

            # Safety
            $EG_Group = 'Safety Liason - ' + $office_folder.name
            $EG_Permission = 'Full'
            $EG_Path = $_ + '/Safety'
            EGGroup-SetFolderPermission $EG_Path $EG_Group $EG_Permission
        }
    }
}

$currentTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$message = "[$currentTime] Script completed successfully"
$message | Out-File -FilePath $pathForLogs -Append