105 lines
3.1 KiB
PHP
105 lines
3.1 KiB
PHP
<?php
|
|
|
|
namespace App\Console\Commands;
|
|
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Console\Command;
|
|
|
|
class ReclassifyEnrollmentConfigurations extends Command
|
|
{
|
|
/**
|
|
* The name and signature of the console command.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $signature = 'intune:reclassify-enrollment-configurations {--tenant=} {--write : Write changes (default is dry-run)}';
|
|
|
|
/**
|
|
* The console command description.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $description = 'Reclassify enrollment configuration items (e.g. ESP) that were synced under the wrong policy type.';
|
|
|
|
/**
|
|
* Execute the console command.
|
|
*/
|
|
public function handle(): int
|
|
{
|
|
$tenant = $this->resolveTenantOrNull();
|
|
$dryRun = ! (bool) $this->option('write');
|
|
|
|
$query = PolicyVersion::query()
|
|
->with('policy')
|
|
->where('policy_type', 'enrollmentRestriction');
|
|
|
|
if ($tenant) {
|
|
$query->where('tenant_id', $tenant->id);
|
|
}
|
|
|
|
$candidates = $query->get();
|
|
|
|
$changedVersions = 0;
|
|
$changedPolicies = 0;
|
|
|
|
foreach ($candidates as $version) {
|
|
$snapshot = is_array($version->snapshot) ? $version->snapshot : [];
|
|
$odataType = $snapshot['@odata.type'] ?? null;
|
|
$configurationType = $snapshot['deviceEnrollmentConfigurationType'] ?? null;
|
|
|
|
$isEsp = (is_string($odataType) && strcasecmp($odataType, '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration') === 0)
|
|
|| (is_string($configurationType) && $configurationType === 'windows10EnrollmentCompletionPageConfiguration');
|
|
|
|
if (! $isEsp) {
|
|
continue;
|
|
}
|
|
|
|
$this->line(sprintf(
|
|
'ESP detected: policy_version=%s policy=%s tenant_id=%s',
|
|
(string) $version->getKey(),
|
|
$version->policy_id ? (string) $version->policy_id : 'n/a',
|
|
(string) $version->tenant_id,
|
|
));
|
|
|
|
if ($dryRun) {
|
|
continue;
|
|
}
|
|
|
|
$version->forceFill([
|
|
'policy_type' => 'windowsEnrollmentStatusPage',
|
|
'platform' => $version->platform ?: 'all',
|
|
])->save();
|
|
$changedVersions++;
|
|
|
|
if ($version->policy instanceof Policy && $version->policy->policy_type === 'enrollmentRestriction') {
|
|
$version->policy->forceFill([
|
|
'policy_type' => 'windowsEnrollmentStatusPage',
|
|
])->save();
|
|
$changedPolicies++;
|
|
}
|
|
}
|
|
|
|
$this->info('Done.');
|
|
$this->info('PolicyVersions changed: '.$changedVersions);
|
|
$this->info('Policies changed: '.$changedPolicies);
|
|
$this->info('Mode: '.($dryRun ? 'dry-run' : 'write'));
|
|
|
|
return Command::SUCCESS;
|
|
}
|
|
|
|
private function resolveTenantOrNull(): ?Tenant
|
|
{
|
|
$tenantOption = $this->option('tenant');
|
|
|
|
if (! $tenantOption) {
|
|
return null;
|
|
}
|
|
|
|
return Tenant::query()
|
|
->forTenant($tenantOption)
|
|
->firstOrFail();
|
|
}
|
|
}
|