ski
June 27, 2023, 9:33pm
1
Product: PowerShell Universal
Version: 4.0.2
Hi,
I am creating a series of small web apps that interact with our identity management system and am wondering if this is the way to do it or there is a better way. One app, the password generator does not require authentication, the others do and only accounts in the correct groups can get access to a them (e.g. GetStudentPassword is only available to accounts in the getstudentpassword group). I use PSU endpoints to run scripts that use Invoke -Restmethod to run scripts in our identity management system and then display the results on PSU pages. I am using the built in Navigation menu and hope to figure out a way to only show apps that the user has access to. Is this possible using roles mapped to Azure groups or do I have to create a dashboard dynamically once I figure out which groups a user is in? Thanks for your advice.
adam
June 28, 2023, 11:29am
2
You can use dynamic navigation to only include certain groups of users for the pages navigation.
$Navigation = {
New-UDListItem -Label "Home - $(Get-Date)"
New-UDListItem -Label "Getting Started" -Children {
if ($Roles -contains 'Administrator')
{
New-UDListItem -Label "Installation" -Href '/installation'
}
Protect-UDSection -Role "Administrator" -Content {
New-UDListItem -Label "Usage" -Href '/usage'
}
New-UDListItem -Label "FAQs" -Href '/faqs'
New-UDListItem -Label "System Requirements" -Href'/requirements'
New-UDListItem -Label "Purchasing" -Href '/purchasing'
}
}
$Pages = @()
$Pages += New-UDPage -Name 'Test' -Content {
New-UDTypography -Text "Hello"
} -NavigationLayout permanent -LoadNavigation $Navigation
$Pages += New-UDPage -Name 'Test2' -Content {
New-UDTypography -Text "Hello"
} -NavigationLayout permanent -LoadNavigation $Navigation
New-UDApp -Title "Hello, World!" -Pages $Pages
You can either use the $Roles variable directly or use Protect-UDSection to conditionally return parts of the navigation menu.
We have had good luck with using protect-udsection for having a dynamic nav menu based on roles.
$Navigation = {
New-UDListItem -Label "Welcome! $User" -Icon (New-UDIcon -Icon user)
Protect-UDSection -Role $BoardingRoles -Children {
New-UDListItem -Label "Boarding" -Icon (New-UDIcon -Icon User) -Children {
New-UDListItem -Label "User Lookup" -OnClick { Invoke-UDRedirect -Url '/ADUser' }
New-UDListItem -Label "Offboard" -OnClick { Invoke-UDRedirect -Url '/offboard' }
} -Open:$($Roles -contains "Boarding")
}
Protect-UDSection -Role $ReqestRoles -Children {
New-UDListItem -Label "Request" -Icon (New-UDIcon -Icon AddressBook) -OnClick {
Invoke-UDRedirect -Url '/request'
}
}
New-UDListItem -Label "Tools" -Icon (New-UDIcon -Icon Toolbox) -Children {
New-UDListItem -Label "Delete TS Profile" -OnClick { Invoke-UDRedirect -Url '/TSProfile' }
New-UDListItem -Label "Lookup AD User" -OnClick { Invoke-UDRedirect -Url '/ADUser' }
}
New-UDListItem -Label "Links" -Icon (New-UDIcon -Icon Link) -Children {
New-UDListItem -Label "Service Desk" -OnClick {
Invoke-UDRedirect -OpenInNewWindow -Url ''
}
New-UDListItem -Label "Git Repo" -OnClick {
Invoke-UDRedirect -OpenInNewWindow -Url
}
New-UDListItem -Label "Api Docs" -OnClick {
Invoke-UDRedirect -OpenInNewWindow -Url "$HostName/swagger/index.html?urls.primaryName="
}
}
Protect-UDSection -Role 'Administrator' -Children {
New-UDListItem -Icon (New-UDIcon -Icon Computer) -Label "Find Users devices" -OnClick {
Invoke-UDRedirect -Url '/devices'
}
}
}
Then in the pages section you can control the roles as follows
# Store pages in an empty array
$Pages = @()
<# Request #>
$Pages += New-UDPage -Name 'Request' -Content { . "$UDScriptRoot\Request\Printer.ps1" } -Role $ReqestRoles