function Get-DefaultIntunePolicyObjectTypes
{
    @(
        "DeviceConfiguration",
        "SettingsCatalog",
        "AdministrativeTemplates",
        "CompliancePolicies",
        "EndpointSecurity",
        "PolicySets"
    )
}

function Get-IntuneManagementProjectRoot
{
    Split-Path -Parent $PSScriptRoot
}

function Resolve-HeadlessSettingsPath
{
    param([string]$SettingsFile)

    if($SettingsFile)
    {
        return $SettingsFile
    }

    Join-Path ([IO.Path]::GetTempPath()) "IntuneManagement.Settings.json"
}

function New-TemporaryBatchFile
{
    param([string]$Prefix)

    Join-Path ([IO.Path]::GetTempPath()) ("IntuneManagement.{0}.{1}.json" -f $Prefix, [guid]::NewGuid().ToString())
}

function Test-AuthParameters
{
    param(
        [string]$Secret,
        [string]$Certificate
    )

    if((-not $Secret) -and (-not $Certificate))
    {
        throw "Specify -Secret or -Certificate."
    }
}

function Invoke-IntuneHeadlessBatch
{
    param(
        [Parameter(Mandatory = $true)]
        [string]$TenantId,

        [Parameter(Mandatory = $true)]
        [string]$AppId,

        [string]$Secret,

        [string]$Certificate,

        [Parameter(Mandatory = $true)]
        [psobject]$BatchConfig,

        [string]$SettingsFile,

        [string]$BatchFile
    )

    Test-AuthParameters -Secret $Secret -Certificate $Certificate

    $projectRoot = Get-IntuneManagementProjectRoot
    $startScript = Join-Path $projectRoot "Start-IntuneManagement.ps1"

    if(-not (Test-Path $startScript))
    {
        throw "Could not find Start-IntuneManagement.ps1 in $projectRoot"
    }

    $settingsPath = Resolve-HeadlessSettingsPath $SettingsFile

    $deleteBatchFile = $false
    if(-not $BatchFile)
    {
        $BatchFile = New-TemporaryBatchFile "Batch"
        $deleteBatchFile = $true
    }

    try
    {
        $BatchConfig | ConvertTo-Json -Depth 20 | Out-File -LiteralPath $BatchFile -Encoding utf8 -Force

        $invokeParams = @{
            Silent = $true
            JSonSettings = $true
            JSonFile = $settingsPath
            TenantId = $TenantId
            AppId = $AppId
            SilentBatchFile = $BatchFile
        }

        if($Secret)
        {
            $invokeParams.Secret = $Secret
        }
        else
        {
            $invokeParams.Certificate = $Certificate
        }

        & $startScript @invokeParams
    }
    finally
    {
        if($deleteBatchFile -and (Test-Path $BatchFile))
        {
            Remove-Item -LiteralPath $BatchFile -Force -ErrorAction SilentlyContinue
        }
    }
}

function Export-IntunePolicies
{
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [string]$TenantId,

        [Parameter(Mandatory = $true)]
        [string]$AppId,

        [string]$Secret,

        [string]$Certificate,

        [Parameter(Mandatory = $true)]
        [string]$ExportPath,

        [string]$SettingsFile,

        [string]$BatchFile,

        [string]$NameFilter = "",

        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),

        [switch]$IncludeAssignments,

        [switch]$AddCompanyName
    )

    $batchConfig = [PSCustomObject]@{
        BulkExport = @(
            [PSCustomObject]@{ Name = "txtExportPath"; Value = $ExportPath },
            [PSCustomObject]@{ Name = "txtExportNameFilter"; Value = $NameFilter },
            [PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
            [PSCustomObject]@{ Name = "chkExportAssignments"; Value = $IncludeAssignments.IsPresent },
            [PSCustomObject]@{ Name = "chkAddCompanyName"; Value = $AddCompanyName.IsPresent },
            [PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
        )
    }

    Invoke-IntuneHeadlessBatch `
        -TenantId $TenantId `
        -AppId $AppId `
        -Secret $Secret `
        -Certificate $Certificate `
        -BatchConfig $batchConfig `
        -SettingsFile $SettingsFile `
        -BatchFile $BatchFile
}

function Import-IntunePolicies
{
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [string]$TenantId,

        [Parameter(Mandatory = $true)]
        [string]$AppId,

        [string]$Secret,

        [string]$Certificate,

        [Parameter(Mandatory = $true)]
        [string]$ImportPath,

        [string]$SettingsFile,

        [string]$BatchFile,

        [string]$NameFilter = "",

        [ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
        [string]$ImportType = "alwaysImport",

        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),

        [switch]$IncludeAssignments,

        [switch]$IncludeScopeTags,

        [switch]$ReplaceDependencyIds
    )

    $batchConfig = [PSCustomObject]@{
        BulkImport = @(
            [PSCustomObject]@{ Name = "txtImportPath"; Value = $ImportPath },
            [PSCustomObject]@{ Name = "txtImportNameFilter"; Value = $NameFilter },
            [PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
            [PSCustomObject]@{ Name = "chkImportScopes"; Value = $IncludeScopeTags.IsPresent },
            [PSCustomObject]@{ Name = "chkImportAssignments"; Value = $IncludeAssignments.IsPresent },
            [PSCustomObject]@{ Name = "chkReplaceDependencyIDs"; Value = $ReplaceDependencyIds.IsPresent },
            [PSCustomObject]@{ Name = "cbImportType"; Value = $ImportType },
            [PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
        )
    }

    Invoke-IntuneHeadlessBatch `
        -TenantId $TenantId `
        -AppId $AppId `
        -Secret $Secret `
        -Certificate $Certificate `
        -BatchConfig $batchConfig `
        -SettingsFile $SettingsFile `
        -BatchFile $BatchFile
}

function Invoke-IntunePolicyAction
{
    [CmdletBinding(DefaultParameterSetName = 'Export')]
    param(
        [Parameter(Mandatory = $true)]
        [ValidateSet("Export","Import")]
        [string]$Action,

        [Parameter(Mandatory = $true)]
        [string]$TenantId,

        [Parameter(Mandatory = $true)]
        [string]$AppId,

        [string]$Secret,

        [string]$Certificate,

        [string]$SettingsFile,

        [string]$BatchFile,

        [string]$NameFilter = "",

        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),

        [string]$ExportPath,

        [string]$ImportPath,

        [ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
        [string]$ImportType = "alwaysImport",

        [switch]$IncludeAssignments,

        [switch]$AddCompanyName,

        [switch]$IncludeScopeTags,

        [switch]$ReplaceDependencyIds
    )

    switch($Action)
    {
        "Export"
        {
            if(-not $ExportPath) { throw "Export requires -ExportPath." }
            Export-IntunePolicies `
                -TenantId $TenantId `
                -AppId $AppId `
                -Secret $Secret `
                -Certificate $Certificate `
                -ExportPath $ExportPath `
                -SettingsFile $SettingsFile `
                -BatchFile $BatchFile `
                -NameFilter $NameFilter `
                -ObjectTypes $ObjectTypes `
                -IncludeAssignments:$IncludeAssignments `
                -AddCompanyName:$AddCompanyName
        }
        "Import"
        {
            if(-not $ImportPath) { throw "Import requires -ImportPath." }
            Import-IntunePolicies `
                -TenantId $TenantId `
                -AppId $AppId `
                -Secret $Secret `
                -Certificate $Certificate `
                -ImportPath $ImportPath `
                -SettingsFile $SettingsFile `
                -BatchFile $BatchFile `
                -NameFilter $NameFilter `
                -ImportType $ImportType `
                -ObjectTypes $ObjectTypes `
                -IncludeAssignments:$IncludeAssignments `
                -IncludeScopeTags:$IncludeScopeTags `
                -ReplaceDependencyIds:$ReplaceDependencyIds
        }
    }
}