Public/Set-UnifiSiteAdmin.ps1

# {"cmd":"update-admin","admin":"6047ea436f6bb00c641fe5c2","name":"TestAdmin7","email":"mmccool7@tmgit.com","email_alert_enabled":false,"email_alert_grouping_enabled":false,"email_alert_grouping_delay":60,"push_alert_enabled":true}
# {"cmd":"set-admin-permissions","admin":"6047ea436f6bb00c641fe5c2","permissions":["API_DEVICE_ADOPT"]}
# {"cmd":"grant-super-admin","admin":"6047ea436f6bb00c641fe5c2","role":"nobody","permissions":["API_STAT_DEVICE_ACCESS_SUPER_SITE_PENDING","API_WIDGET_OS_STATS","API_DASHBOARD_EDIT","GLOBAL_READONLY_ADMIN_ACCESS"]}


#{"cmd":"update-admin","admin":"6047ea436f6bb00c641fe5c2","name":"TestAdmin99","x_password":"kljlkjekrjklejfi9oj39nfnvlnkljfdf","email":"mmccool99@tmgit.com","email_alert_enabled":false,"email_alert_grouping_enabled":false,"email_alert_grouping_delay":60,"push_alert_enabled":false}
function Set-UnifiSiteAdmin {
    [CmdletBinding(SupportsShouldProcess)]
    param(
        [Parameter(Mandatory=$true)]
            [string]$name, # site name
        [Parameter(Mandatory=$true)]
            [string]$ID, #acount id
        [string]$Username,
        [securestring]$Password,
        [string]$Email,
        [ValidateSet('admin','readonly', IgnoreCase=$false)]
            [string]$Role,
        [boolean]$EmailAlert,
        [boolean]$AlertGrouping,
        [int]$GroupingDelay,
        [boolean]$PushAlert,
        [boolean]$SuperAdmin,
        [boolean]$AdoptDevices,
        [boolean]$PendingDevices,
        [boolean]$DashboardEdit,
        [boolean]$SystemStats,
        [boolean]$GlobalReadOnly
    )
    # @{cmd ="update-admin"
    # admin = $ID
    # name = $Username
    # email = $email
    # email_alert_enabled = $EmailAlert
    # email_alert_grouping_enabled = $AlertGrouping
    # email_alert_grouping_delay = $GroupingDelay
    # push_alert_enabled = ""
    # }
    $URI = "$controller/api/s/$name/cmd/sitemgr"
    write-verbose $PSBoundParameters.Keys
    $admin = Get-UnifiSiteAdmin -name $name | where-object {$_._id -eq $ID}
    if ($null -eq $admin){
        write-error "Specified ID not found."
    }
    write-verbose $admin
    if ($PSBoundParameters.ContainsKey('Username')){
        $Admin.name = $Username
    }
    if ($PSBoundParameters.ContainsKey('Email')){
        $Admin.email = $Email
    }
    if ($PSBoundParameters.ContainsKey('Role')){
        $Admin.role = $Role
    }
    if ($PSBoundParameters.ContainsKey('EmailAlert')){
        $Admin.email_alert_enabled = $EmailAlert
    }
    if ($PSBoundParameters.ContainsKey('AlertGrouping')){
        $Admin.email_alert_grouping_enabled = $AlertGrouping
    }
    if ($PSBoundParameters.ContainsKey('GroupingDelay')){
        $Admin.email_alert_grouping_delay = $GroupingDelay
    }
    if ($PSBoundParameters.ContainsKey('PushAlert')){
        $Admin.push_alert_enabled = $PushAlert
    }

    #{"cmd":"update-admin",
    # "admin":"6047ea436f6bb00c641fe5c2",
    # "name":"TestAdmin7",
    # "email":"mmccool7@tmgit.com",
    # "email_alert_enabled":false,
    # "email_alert_grouping_enabled":false,
    # "email_alert_grouping_delay":60,
    # "push_alert_enabled":true}
    
    #Update Admin
    $UpdateAdmin=@{
        cmd = 'update-admin'
        admin = $admin._id
        name = $admin.name
        email = $admin.email
        email_alert_enabled = $admin.email_alert_enabled
        email_alert_grouping_enabled = $admin.email_alert_grouping_enabled
        email_alert_grouping_delay = $admin.email_alert_grouping_delay
        push_alert_enabled = $admin.push_alert_enabled
    }
    if ($PSBoundParameters.ContainsKey('Password')){
        #Creating a dummy PSCredentials object just so we can safely use the password securestring.
        [pscredential]$DummyCredential=New-Object System.Management.Automation.PSCredential ('Dummy', $Password)
        $UpdateAdmin | Add-Member -MemberType NoteProperty -Name 'x_password' -Value $DummyCredential.GetNetworkCredential().password
    }

    # Update Admin command
    $body = New-UnifiCommand $UpdateAdmin
    write-verbose $body
    if ($PSCmdlet.ShouldProcess($admin.name,'update-admin')){
        $UpdateResponse=Invoke-POSTRestAPICall -url $URI -payload $body
    }

    #{"cmd":"update-admin",
    # "admin":"6047ea436f6bb00c641fe5c2",
    # "name":"TestAdmin99",
    # "x_password":"kljlkjekrjklejfi9oj39nfnvlnkljfdf",
    # "email":"mmccool99@tmgit.com",
    # "email_alert_enabled":false,
    # "email_alert_grouping_enabled":false,
    # "email_alert_grouping_delay":60,
    # "push_alert_enabled":false}
    


    # Create arraylist of current permissions
    $SitePermissions= new-object system.collections.arraylist($null)
    if ($null -ne $admin.permissions){
        $SitePermissions.addRange($admin.permissions)
    }
    # if specified, update the permissions list.
    if ($PSBoundParameters.ContainsKey('AdoptDevices')){
        if (($AdoptDevices -eq $true) -AND ($SitePermissions -notcontains "API_DEVICE_ADOPT")){
            [void]$SitePermissions.add("API_DEVICE_ADOPT")
        }
        if ($AdoptDevices -eq $false){
            [void]$SitePermissions.Remove("API_DEVICE_ADOPT")
        }
    }
    #{"cmd":"set-admin-permissions","admin":"6047ea436f6bb00c641fe5c2","permissions":["API_DEVICE_ADOPT"]}
    # Create the command to send to the unifi controller.
    if ($admin.is_super -eq $false){
        $SetAdminPermissions=@{
            cmd = 'set-admin-permissions'
            admin = $admin._id
            permissions = $SitePermissions.ToArray()
        }
        $body = New-UnifiCommand $SetAdminPermissions
        write-verbose $body
        if ($PSCmdlet.ShouldProcess($admin.name,'set-admin-permissions')){
            $AdminPermissionsResponse=Invoke-POSTRestAPICall -url $URI -payload $body
        }

        # Add any missing value needed in order to set the super admin permissions.
        if (($admin | get-member -type "NoteProperty").name -notcontains "super_site_role"){
            $admin | Add-Member -MemberType NoteProperty -name "super_site_role" -value "nobody"
        }
    }
    # Now work on the superadmin permissions

    # Create arraylist of current permissions
    $SuperPermissions= new-object system.collections.arraylist($null)
    if ($null -ne $admin.super_site_permissions){
        $SuperPermissions.addRange($admin.super_site_permissions)
    }
    # if specified, update the permissions list.
    if ($PSBoundParameters.ContainsKey('PendingDevices')){
        $key='API_STAT_DEVICE_ACCESS_SUPER_SITE_PENDING'
        if (($PendingDevices -eq $true) -AND ($SuperPermissions -notcontains $key)){
            [void]$SuperPermissions.add($key)
        }
        if ($PendingDevices -eq $false){
            [void]$SuperPermissions.Remove($key)
        }
    }
    if ($PSBoundParameters.ContainsKey('DashboardEdit')){
        $key='API_DASHBOARD_EDIT'
        if (($DashboardEdit -eq $true) -AND ($SuperPermissions -notcontains $key)){
            [void]$SuperPermissions.add($key)
        }
        if ($DashboardEdit -eq $false){
            [void]$SuperPermissions.Remove($key)
        }
    }
    if ($PSBoundParameters.ContainsKey('SystemStats')){
        $key='API_WIDGET_OS_STATS'
        if (($SystemStats -eq $true) -AND ($SuperPermissions -notcontains $key)){
            [void]$SuperPermissions.add($key)
        }
        if ($SystemStats -eq $false){
            [void]$SuperPermissions.Remove($key)
        }
    }
    if ($PSBoundParameters.ContainsKey('GlobalReadOnly')){
        $key='GLOBAL_READONLY_ADMIN_ACCESS'
        if (($GlobalReadOnly -eq $true) -AND ($SuperPermissions -notcontains $key)){
            [void]$SuperPermissions.add($key)
        }
        if ($GlobalReadOnly -eq $false){
            [void]$SuperPermissions.Remove($key)
        }
    }
    if ($PSBoundParameters.ContainsKey('SuperAdmin')){
        if ($SuperAdmin -eq $true){
            # $admin.super_site_role = 'admin'
            # $SuperPermissions=new-object system.collections.arraylist($null)
            Grant-UnifiSuperAdmin -ID $admin._id
            $admin.is_super=$true
        }
        if ($SuperAdmin -eq $false){
            Revoke-UnifiSuperAdmin -ID $admin._id
            $admin.super_site_role = 'nobody'
            $admin.is_super=$false
        }
    }
    if ($admin.is_super -eq $false){
        $SetSuperAdminPermissions=@{
            cmd = 'grant-super-admin'
            admin = $admin._id
            role = $admin.super_site_role
            permissions = $SuperPermissions.ToArray()
        }
        $body = New-UnifiCommand $SetSuperAdminPermissions
        write-verbose $body
        if ($PSCmdlet.ShouldProcess($admin.name,'grant-super-admin')){
            $UpdateSAPermissionsResponse=Invoke-POSTRestAPICall -url $URI -payload $body
        }
    }

        # {"cmd":"grant-super-admin",
    # "admin":"6047ea436f6bb00c641fe5c2",
    # "role":"nobody",
    # "permissions":[
    # "API_STAT_DEVICE_ACCESS_SUPER_SITE_PENDING",
    # "API_WIDGET_OS_STATS",
    # "API_DASHBOARD_EDIT",
    # "GLOBAL_READONLY_ADMIN_ACCESS"]}




        <#
        .SYNOPSIS
        Updates settings for a site administrator.

        .DESCRIPTION
        Updates settings for a site administrator. This command will update any supplied settings for the specified administrator.

        .PARAMETER Name
        Short name for the site. This is the 'name' value from the Get-UnifiSite command.

        .PARAMETER ID
        Unique id value for the administrator account. This value is listed as _id value in the Get-UnifiSiteAdmin command.

        .PARAMETER Username
        Name for the specified admin.

        .PARAMETER Password
        SecureString value for a new password for the specified account. This is for local accounts only.

        .PARAMETER Email
        Email address for the admin user.

        .PARAMETER Role
        Specify if the account will be an 'admin' or 'readonly' account.

        .PARAMETER EmailInvite
        Switch to specify that this user should be sent an email invite to manage the site rather than creating the credentials manually.

        .PARAMETER SSO
        Switch to specify that this account will have remote access through a Unifi SSO account. Without this switch, direct access to the controller will be needed.

        .PARAMETER SuperAdmin
        Switch to specify that this account will be a SuperAdmin with access to all sites rather than limited to the site specified.

        .PARAMETER ForcePasswordChange
        Prompts for a new password upon initial logon.

        .PARAMETER AdoptDevices
        Allows for device adoptions.

        .PARAMETER PendingDevices
        Allows for viewing of pending devices.

        .PARAMETER DashboardEdit
        Allows for editing dashboard.

        .PARAMETER SystemStats
        Allows for viewing system statistics.

        .PARAMETER GlobalReadOnly
        Assigns readonly rights for all other sites.


        .INPUTS
        None.

        .OUTPUTS
        System.Object
    #>

}