...
Currently, following are the list of Datasets supported within SB:
Custom reports such as the course progress exhaust or the user PII data - these are generated by data products that run on a daily/ on-demand basis
Portal based reports and charts - these are datasets generated from Druid, and power the charts shown on the ‘admin dashboard’ of the portal. These are generated based on the frequency of the reports as configured.
Other custom data files such Druid based Datasets/Reports (created via HE/APIs)
Custom datasets created as data products and configured manually
Ex: VDN reports, WFS, Collection Summary dataset
On-Demand Datasets
Expand | ||
---|---|---|
| ||
|
Dataset download considerations:
...
In order to enable different types of access, SB will support configurations that can make the datasets ‘PUBLIC’ or ‘PRIVATE’‘PROTECTED’. The type of access will determine whether a dataset can be accessed publicly using the API without any additional authorization, or whether it needs additional approval from admins for to validate the user before providing access.
...
Current Implementation
...
Roles which are supported in Admin Dashboard workflow
Report_Admin
Report_viewerViewer
Super_Admin - REPORTINSTANCE_ADMIN
Org_admin
Pages | REPORT_ADMIN <SUPER_ADMIN> | State REPORT_ADMIN | REPORT_VIEWER |
---|---|---|---|
List Page |
|
|
|
Report Detail Page |
|
|
|
...
visibility
type - varchar(10)
enum - [public, private, protected, parent]
Details - Link
accessPath
type - jsonb
Details - Link
showOnDashboardvisibilityFlags
type- booleanjsonb
Description - Whether to show/hide the report on admin dashboardspecific pages.
Current API Structure
...
title | GET- /report/get/:reportId |
---|
This API is associated with viewing and reading out the specific report on the Sunbird Platform. It returns only the metadata information for the report.
Response
...
language | json |
---|
...
Access Control Spec
Controls who can access a report based on certain rules.
This can be achieved using two attributes visibility and accessPath.
Visibility
It can be defined both at the report level or it's children (i.e table, chart, map etc ) within a report.
Visibility | Access |
---|---|
public (default) | Accessible by all users. Anyone can discover and consume these Reports. |
protected | Accessible only to a limited set of users based on a criteria defined by the access path attribute. Default can be user with REPORT_VIEWER role belonging to the same channel or tenant. |
private | Similar to “protected” - accessible only by the creator of the report. |
AccessPath
This attribute is applicable for Reports with “protected” or “private” visibility only. This attribute can be used to restrict the access based on or more of the following criteria: organisation, role, group, user id, and location.
AccessPath interface is as follows :-
**Note - All keys are optional. Also very fine grained accessPath may not be required in this case. Replicating the actual schema defined for ActionSets as is and to be re-used for datasets as well.
Code Block | ||
---|---|---|
| ||
interface IAccessPath {
organisation: Array<string> | string;
role: Array<string> | string;
channel: Array<string> | string;
group: Array<string> | string;
userType: Array<string> | string;
framework: Array<string> | string;
isSuperAdmin: Array<string> | string;
board: Array<string> | string;
userId: Array<string> | string;
userLocation: {
state: Array<string> | string;
district: Array<string> | string;
block: Array<string> | string;
};
...anyOtherAttribute: any
} |
...
Current API Structure
Expand | |||||
---|---|---|---|---|---|
| |||||
This API is associated with viewing and reading out the specific report on the Sunbird Platform. It returns only the metadata information for the report. Response
|
Datasource Schema :-
Code Block | |||||
---|---|---|---|---|---|
| |||||
interface
|
id -: job id responsible for generating the dataset
path -: endpoint which will download the dataset file - the path can be both parameterized and non parameterized . Portal backend populates the parameters using logged in user context details and downloads the respective file.
Proposed Solution
API to get Metadata + Data Files
There is a need to create API in report service that will provide access to the meta data as well as the report data files that are used to generate the reports in the 'Admin dashboards' page on the Sunbird portal with certain access controls.
Proposed API Structure to get the metadata + datasets.
METHOD - GET
URL: /report/datasets/get/:reportId
...
title | API to get meta data + datasets |
---|
...
language | json |
---|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Datasource Schema
Code Block | ||
---|---|---|
| ||
interface IDatasource { id: string path: |
...
string
} |
id: Job id for the dataset
path: Endpoint for downloading the dataset file(s) - the path can be both parameterized and non parameterized . Portal backend populates the parameters using logged in user context details and downloads the respective file.
...
Proposed Solution
API to get materialized data Files
There is a need to create API in report service that will provide access to the meta data as well as the report data files that are used to generate the reports in the 'Admin dashboards' page on the Sunbird portal with certain access controls.
Proposed API Structure to get the metadata + datasets.
METHOD - GET
URL: /report/datasets/get/:reportId?from=<>&to=<>&since=<>
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
Proposed response structure - to get meta + datasets.
Explaination -
Unauthorized Access - Status Code 401
|
Access Control Spec
Controls who can access a report based on certain rules.
This can be achieved using two attributes visibility and accessPath.
Visibility
It can be defined both at the report level or it's children (i.e table, chart, map etc ) within a report.
...
Visibility
...
Access
...
public (default)
...
Accessible by all users. Anyone can discover and consume these Reports.
...
protected
...
Accessible only to a limited set of users based on a criteria.
Default can be users belonging to the same organisation or tenant etc.
...
private
...
Similar to “protected” - accessible only to a limited set of users defined by the “access path” attribute.
...
parent
...
Accessible only from within the parent object, i.e access to the users is based on the visibility of the parent object.
Can be defined at chart, table or map defined within a parent report.
AccessPath
...
Code Block | ||
---|---|---|
| ||
interface IAccessPath {
organisation: Array<string> | string;
role: Array<string> | string;
tenant: Array<string> | string;
channel: Array<string> | string;
group: Array<string> | string;
userType: Array<string> | string;
framework: Array<string> | string;
isSuperAdmin: Array<string> | string;
board: Array<string> | string;
userId: Array<string> | string;
userLocation: {
state: Array<string> | string;
district: Array<string> | string;
block: Array<string> | string;
};
...anyOtherAttribute: any
} |
...
Explanation -
|
...
Search Report API
This API is associated with Searching Reports on the Sunbird Platform.
...
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
Example of Request payload with visibility and accessPath
Success Response - Status Code 200
Error Response - Status code 500
|
...