Business Requirement
Sunbird generates a number of datasets for reporting purposes. Some of these are downloaded by users via the UI (the Course progress exhaust, for example), whereas others are used by the Sunbird portal to generate reports and charts, which can then be viewed by users.
There is a need stated for making all such datasets that are generated by SB to be made accessible via APIs. This will permit for these datasets to be pulled via APIs by the adopters, for usage in whatever additional manner they see fit - and enable them to create custom reports/ visualisations of their own.
Dataset generation within SB currently happens for:
Custom reports such as the course progress exhaust or the user PII data - these are generated by data products that run on a daily/ on-demand basis
Portal based reports and charts - these are datasets generated from Druid, and power the charts shown on the ‘admin dashboard’ of the portal. These are generated based on the frequency of the reports as configured.
Other custom data files such as Consent files and master data files (geo data, for example)
Dataset download considerations:
Sunbird should enable an adopter to provision for data security - and allow access to datasets based on the nature of the data they contain. Consequently, a dataset that is not considered sensitive may be made available for public access, whereas sensitive data may require to be protected.
In order to enable different types of access, SB will support configurations that can make the datasets ‘PUBLIC’ or ‘PRIVATE’ - as the adopter may choose - this will determine whether a dataset can be accessed publicly using the API without any additional authorisation, or whether it needs additional approval from admins for access.
Problem Statement
As part of opening of DIKSHA Infrastructure to wider ecosystem, there is a need to provide access to open anonymized data to third party ecosystem players to develop custom solutions on top of DIKSHA.
Current Implementation
Currently, Sunbird Observation supports Reports Service API to list and access all published reports. However, only metadata of a report is accessible through this API. There are associated data files that contain the detailed data of a given report. These are currently not accessible through API.
There is an internal endpoint at the portal backend layer which downloads the respective datasets from the azure reports container. This endpoint is accessible only by the logged in person(session based) having roles (REPORT_ADMIN , REPORT_VIEWER, ORG_ADMIN).
Moreover, there is a slug based validation so that they do not access other tenant’s data.
For parameterized reports, respective endpoints are injected based on the logged in user’s context.
As part of current implementation datasets cannot be accessed by non logged in person or any third party.
Supported parameters
$slug
$channel
$state
$board
Current Api Structure
Datasource Schema :-
id -: job_id
path -: endpoint to the portal-backend layer which download the dataset file - the path can be both parameterized and non parameterized . Portal backend populates the parameters using logged in user context details and downloads the respective file.
Proposed Solution
API to get Metadata + Data Files
There is a need to create API in report service that will provide access to the meta data as well as the report data files that are used to generate the reports in the 'Admin dashboards' page on the Sunbird portal with certain access controls.
Proposed API Structure to get the metadata + datasets.
METHOD - GET
URL: /report/datasets/get/:reportId
Access Control Spec
Controls who can access a report based on certain rules.
This can be achieved using two attributes visibility and accessPath.
Visibility
It can be defined both at the report level or it's children (i.e table, chart, map etc ) within a report.
Visibility | Access |
---|---|
public (default) | Accessible by all users. Anyone can discover and consume these Reports. |
protected | Accessible only to a limited set of users based on a criteria. Default can be users belonging to the same organisation or tenant etc. |
private | Similar to “protected” - accessible only to a limited set of users defined by the “access path” attribute. |
parent | Accessible only from within the parent object, i.e access to the users is based on the visibility of the parent object. Can be defined at chart, table or map defined within a parent report. |
AccessPath
This attribute is applicable for Reports with “protected” or “private” visibility only. This attribute can be used to restrict the access based on or more of the following criteria: organisation, role, group, user id, and location.
AccessPath interface is as follows :-
**Note - All keys are optional.
interface IAccessPath { organisation: Array<string> | string; role: Array<string> | string; tenant: Array<string> | string; channel: Array<string> | string; group: Array<string> | string; userType: Array<string> | string; framework: Array<string> | string; isSuperAdmin: Array<string> | string; board: Array<string> | string; userId: Array<string> | string; userLocation: { state: Array<string> | string; district: Array<string> | string; block: Array<string> | string; }; ...anyOtherAttribute: any }
API to get list of Reports
This API is associated with Searching Reports on the Sunbird Platform.
METHOD - POST
URL - /report/list