diff --git a/includes/class-power-bi-endpoints.php b/includes/class-power-bi-endpoints.php index 9d19803..c5dc149 100644 --- a/includes/class-power-bi-endpoints.php +++ b/includes/class-power-bi-endpoints.php @@ -40,6 +40,35 @@ private function setup_actions() { //construct private function __construct(){} + /** + * Get Embedded Token for report. + * + * @since 1.1.5 + * @access public + * @return mixed + */ + public function get_embedded_token($workspace_id, $report_id, $ms_token, $dataset_id) { + $username = (!empty(get_option('power_bi_settings')['powerbi_rls_effecitve_identity'])) ? get_option('power_bi_settings')['powerbi_rls_effecitve_identity'] : false; + $params = ['identities' => [['username' => $username, 'datasets' => [$dataset_id]],], "accessLevel" => "View", "datasetId" => $dataset_id]; + + $url = "https://api.powerbi.com/v1.0/myorg/groups/$workspace_id/reports/$report_id/GenerateToken"; + + $postdata = json_encode($params); + + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPHEADER, + array( + "Content-Type: application/json", + "Authorization: Bearer $ms_token",)); + $result = curl_exec($ch); + curl_close($ch); + + return json_decode((string) $result); + } + /** * Get Report Data to make api call. * @@ -50,6 +79,8 @@ private function __construct(){} public function get_report_data($data){ if(!isset($data['post_id'])) return false; $power_bi_credentials = get_option('power_bi_credentials'); + $settings = get_option( 'power_bi_settings' ); + $response = []; if(!isset( $power_bi_credentials['access_token'])) return false; $response['access_token'] = $power_bi_credentials['access_token']; @@ -109,6 +140,13 @@ public function get_report_data($data){ $response['tile_id'] = esc_attr(get_post_meta( $post_id, '_power_bi_tile_id', true )); $response['embed_url'] = $response['api_url'] . "embed?dashboardId=" . $response['dashboard_id'] . "&tileId=" . $response['tile_id'] . "&groupId=" . $response['group_id']; } + + if ( $settings['auth_type'] == 'service_principal' ) { + $result = $this->get_embedded_token($response['group_id'], $response['report_id'], $power_bi_credentials['access_token'], $response['dataset_id']); + $response['access_token'] = $result->token; + $response['embed_token'] = $result->token; + $response['token_type'] = 'Embed'; + } nocache_headers(); return new WP_REST_Response(!(empty($response)) ? $response : false); } diff --git a/includes/class-power-bi-oauth.php b/includes/class-power-bi-oauth.php index c52ebc0..333d6da 100644 --- a/includes/class-power-bi-oauth.php +++ b/includes/class-power-bi-oauth.php @@ -41,8 +41,7 @@ private function setup_actions() { public function add_token() { $power_bi_credentials = get_option('power_bi_credentials'); - - if( isset( $power_bi_credentials['access_token'] ) || isset( $power_bi_credentials['error'] ) ) { + if( is_array($power_bi_credentials) && isset( $power_bi_credentials['access_token'] ) || isset( $power_bi_credentials['error'] ) ) { $token_credentials = $this->get_token(); update_option('power_bi_credentials', $token_credentials); @@ -77,7 +76,63 @@ public function add_management_azure_token() { } } - public function get_token() { + public function get_token_by_service_principal() { + + $token_transient = get_transient( 't_token' ); + + if(! empty( $token_transient )) { + return $token_transient; + } + + $user_credentials = get_option( 'power_bi_settings' ); + + $client_id = $user_credentials['power_bi_client_id']; + $client_secret = $user_credentials['power_bi_client_secret']; + $tenant_id = $user_credentials['power_bi_azure_tenant_id']; + + + $curl = curl_init(); + if(!$curl) { + die("Embedded PowerBi could not initialize a cURL handle. Please have your hosting provider install curl"); + } + + curl_setopt_array($curl, array( + CURLOPT_URL => 'https://login.microsoftonline.com/' . $tenant_id . '/oauth2/token', + CURLOPT_RETURNTRANSFER => true, + CURLOPT_ENCODING => '', + CURLOPT_MAXREDIRS => 10, + CURLOPT_TIMEOUT => 0, + CURLOPT_FOLLOWLOCATION => true, + CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, + CURLOPT_POSTFIELDS => 'grant_type=client_credentials&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi&client_id=' . $client_id . '&client_secret=' . $client_secret . '', + CURLOPT_HTTPHEADER => array( + 'Content-Type: application/x-www-form-urlencoded', + ), + )); + + $response = curl_exec($curl); + + $err = curl_error($curl); + + curl_close($curl); + + if ($err) { + $err = json_decode($err, true); + return $err; + } + + $token = json_decode($response, true); + + if ( isset($token['error']) ) { + return $token; + } + + set_transient( 't_token', $token, HOUR_IN_SECONDS ); + return $token; + + } + + public function get_token_by_master_user() { $token_transient = get_transient( 't_token' ); @@ -135,6 +190,19 @@ public function get_token() { return $token; } + + public function get_token() + { + $settings = get_option( 'power_bi_settings' ); + + if ( $settings['auth_type'] == 'master_user' ) { + $token = (array)$this->get_token_by_master_user(); + } + else if ( $settings['auth_type'] == 'service_principal' ) { + $token = (array)$this->get_token_by_service_principal(); + } + return $token; + } // Provided new get token request for https://management.azure.com/ function get_token_management_azure() { diff --git a/includes/class-power-bi-settings.php b/includes/class-power-bi-settings.php index 92bff04..1d5d313 100644 --- a/includes/class-power-bi-settings.php +++ b/includes/class-power-bi-settings.php @@ -75,6 +75,14 @@ public function settings_init( ) { 'power_bi' ); + add_settings_field( + 'powerbi_auth_type', + __( 'Auth type', 'power-bi' ), + 'powerbi_auth_type_render', + 'power_bi', + 'power_bi_section' + ); + add_settings_field( 'power_bi_username', __( 'User Name', 'power-bi' ), @@ -107,6 +115,14 @@ public function settings_init( ) { 'power_bi_section' ); + add_settings_field( + 'powerbi_rls_effecitve_identity', + __( 'Username for Effective Identity (RLS)', 'power-bi' ), + 'powerbi_rls_effecitve_identity_render', + 'power_bi', + 'power_bi_section' + ); + add_settings_field( 'power_bi_oauth_success', __( 'Oauth Status', 'power-bi' ), diff --git a/includes/functions-power-bi-settings.php b/includes/functions-power-bi-settings.php index cb931fd..5364f27 100644 --- a/includes/functions-power-bi-settings.php +++ b/includes/functions-power-bi-settings.php @@ -28,7 +28,7 @@ function powerbi_mobile_breakpoint_render() { function power_bi_username_render() { $options = get_power_bi_plugin_settings(); ?> - '> + '> - '> + '> + '> + + + + + +