diff --git a/includes/class-power-bi-endpoints.php b/includes/class-power-bi-endpoints.php
index 9d19803..c5dc149 100644
--- a/includes/class-power-bi-endpoints.php
+++ b/includes/class-power-bi-endpoints.php
@@ -40,6 +40,35 @@ private function setup_actions() {
//construct
private function __construct(){}
+ /**
+ * Get Embedded Token for report.
+ *
+ * @since 1.1.5
+ * @access public
+ * @return mixed
+ */
+ public function get_embedded_token($workspace_id, $report_id, $ms_token, $dataset_id) {
+ $username = (!empty(get_option('power_bi_settings')['powerbi_rls_effecitve_identity'])) ? get_option('power_bi_settings')['powerbi_rls_effecitve_identity'] : false;
+ $params = ['identities' => [['username' => $username, 'datasets' => [$dataset_id]],], "accessLevel" => "View", "datasetId" => $dataset_id];
+
+ $url = "https://api.powerbi.com/v1.0/myorg/groups/$workspace_id/reports/$report_id/GenerateToken";
+
+ $postdata = json_encode($params);
+
+ $ch = curl_init($url);
+ curl_setopt($ch, CURLOPT_POST, 1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_HTTPHEADER,
+ array(
+ "Content-Type: application/json",
+ "Authorization: Bearer $ms_token",));
+ $result = curl_exec($ch);
+ curl_close($ch);
+
+ return json_decode((string) $result);
+ }
+
/**
* Get Report Data to make api call.
*
@@ -50,6 +79,8 @@ private function __construct(){}
public function get_report_data($data){
if(!isset($data['post_id'])) return false;
$power_bi_credentials = get_option('power_bi_credentials');
+ $settings = get_option( 'power_bi_settings' );
+
$response = [];
if(!isset( $power_bi_credentials['access_token'])) return false;
$response['access_token'] = $power_bi_credentials['access_token'];
@@ -109,6 +140,13 @@ public function get_report_data($data){
$response['tile_id'] = esc_attr(get_post_meta( $post_id, '_power_bi_tile_id', true ));
$response['embed_url'] = $response['api_url'] . "embed?dashboardId=" . $response['dashboard_id'] . "&tileId=" . $response['tile_id'] . "&groupId=" . $response['group_id'];
}
+
+ if ( $settings['auth_type'] == 'service_principal' ) {
+ $result = $this->get_embedded_token($response['group_id'], $response['report_id'], $power_bi_credentials['access_token'], $response['dataset_id']);
+ $response['access_token'] = $result->token;
+ $response['embed_token'] = $result->token;
+ $response['token_type'] = 'Embed';
+ }
nocache_headers();
return new WP_REST_Response(!(empty($response)) ? $response : false);
}
diff --git a/includes/class-power-bi-oauth.php b/includes/class-power-bi-oauth.php
index c52ebc0..333d6da 100644
--- a/includes/class-power-bi-oauth.php
+++ b/includes/class-power-bi-oauth.php
@@ -41,8 +41,7 @@ private function setup_actions() {
public function add_token() {
$power_bi_credentials = get_option('power_bi_credentials');
-
- if( isset( $power_bi_credentials['access_token'] ) || isset( $power_bi_credentials['error'] ) ) {
+ if( is_array($power_bi_credentials) && isset( $power_bi_credentials['access_token'] ) || isset( $power_bi_credentials['error'] ) ) {
$token_credentials = $this->get_token();
update_option('power_bi_credentials', $token_credentials);
@@ -77,7 +76,63 @@ public function add_management_azure_token() {
}
}
- public function get_token() {
+ public function get_token_by_service_principal() {
+
+ $token_transient = get_transient( 't_token' );
+
+ if(! empty( $token_transient )) {
+ return $token_transient;
+ }
+
+ $user_credentials = get_option( 'power_bi_settings' );
+
+ $client_id = $user_credentials['power_bi_client_id'];
+ $client_secret = $user_credentials['power_bi_client_secret'];
+ $tenant_id = $user_credentials['power_bi_azure_tenant_id'];
+
+
+ $curl = curl_init();
+ if(!$curl) {
+ die("Embedded PowerBi could not initialize a cURL handle. Please have your hosting provider install curl");
+ }
+
+ curl_setopt_array($curl, array(
+ CURLOPT_URL => 'https://login.microsoftonline.com/' . $tenant_id . '/oauth2/token',
+ CURLOPT_RETURNTRANSFER => true,
+ CURLOPT_ENCODING => '',
+ CURLOPT_MAXREDIRS => 10,
+ CURLOPT_TIMEOUT => 0,
+ CURLOPT_FOLLOWLOCATION => true,
+ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
+ CURLOPT_POSTFIELDS => 'grant_type=client_credentials&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi&client_id=' . $client_id . '&client_secret=' . $client_secret . '',
+ CURLOPT_HTTPHEADER => array(
+ 'Content-Type: application/x-www-form-urlencoded',
+ ),
+ ));
+
+ $response = curl_exec($curl);
+
+ $err = curl_error($curl);
+
+ curl_close($curl);
+
+ if ($err) {
+ $err = json_decode($err, true);
+ return $err;
+ }
+
+ $token = json_decode($response, true);
+
+ if ( isset($token['error']) ) {
+ return $token;
+ }
+
+ set_transient( 't_token', $token, HOUR_IN_SECONDS );
+ return $token;
+
+ }
+
+ public function get_token_by_master_user() {
$token_transient = get_transient( 't_token' );
@@ -135,6 +190,19 @@ public function get_token() {
return $token;
}
+
+ public function get_token()
+ {
+ $settings = get_option( 'power_bi_settings' );
+
+ if ( $settings['auth_type'] == 'master_user' ) {
+ $token = (array)$this->get_token_by_master_user();
+ }
+ else if ( $settings['auth_type'] == 'service_principal' ) {
+ $token = (array)$this->get_token_by_service_principal();
+ }
+ return $token;
+ }
// Provided new get token request for https://management.azure.com/
function get_token_management_azure() {
diff --git a/includes/class-power-bi-settings.php b/includes/class-power-bi-settings.php
index 92bff04..1d5d313 100644
--- a/includes/class-power-bi-settings.php
+++ b/includes/class-power-bi-settings.php
@@ -75,6 +75,14 @@ public function settings_init( ) {
'power_bi'
);
+ add_settings_field(
+ 'powerbi_auth_type',
+ __( 'Auth type', 'power-bi' ),
+ 'powerbi_auth_type_render',
+ 'power_bi',
+ 'power_bi_section'
+ );
+
add_settings_field(
'power_bi_username',
__( 'User Name', 'power-bi' ),
@@ -107,6 +115,14 @@ public function settings_init( ) {
'power_bi_section'
);
+ add_settings_field(
+ 'powerbi_rls_effecitve_identity',
+ __( 'Username for Effective Identity (RLS)', 'power-bi' ),
+ 'powerbi_rls_effecitve_identity_render',
+ 'power_bi',
+ 'power_bi_section'
+ );
+
add_settings_field(
'power_bi_oauth_success',
__( 'Oauth Status', 'power-bi' ),
diff --git a/includes/functions-power-bi-settings.php b/includes/functions-power-bi-settings.php
index cb931fd..5364f27 100644
--- a/includes/functions-power-bi-settings.php
+++ b/includes/functions-power-bi-settings.php
@@ -28,7 +28,7 @@ function powerbi_mobile_breakpoint_render() {
function power_bi_username_render() {
$options = get_power_bi_plugin_settings();
?>
- '>
+ '>
- '>
+ '>
+ '>
+
+
+
+
+
+