From 70e275b73ca3a4730477d3b4afe8fd39f6072773 Mon Sep 17 00:00:00 2001
From: Illya Havsiyevych <44289086+illya-havsiyevych@users.noreply.github.com>
Date: Fri, 15 Mar 2024 18:04:07 +0200
Subject: [PATCH] PowerBI Entitlements

---
 .../quanthub_core/src/PowerBIEmbedConfigs.php | 53 ++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/modules/quanthub_core/src/PowerBIEmbedConfigs.php b/modules/quanthub_core/src/PowerBIEmbedConfigs.php
index 0ab7e56..f32aecc 100644
--- a/modules/quanthub_core/src/PowerBIEmbedConfigs.php
+++ b/modules/quanthub_core/src/PowerBIEmbedConfigs.php
@@ -119,11 +119,52 @@ public function getPowerBiAccessToken() {
     return $oidc_response->access_token;
   }
 
+  /**
+   * Get PowerBI dataset details.
+   */
+  public function getPowerBiDataset($token, $datasetId) {
+    $powerbiAPIURL = 'https://api.powerbi.com/v1.0/myorg/groups/' . $this->getWorkspaceID() . '/datasets/' . $datasetId;
+
+    try {
+      $request = $this->httpClient->request(
+        'GET',
+        $powerbiAPIURL,
+        [
+          'headers' => [
+            'Authorization' => 'Bearer ' . $token,
+            'Cache-Control' => 'no-cache',
+          ],
+          'connect_timeout' => 30,
+          'allow_redirects' => [
+            'max' => 10,
+          ],
+        ]
+      );
+    }
+    catch (\Exception $e) {
+      $this->loggerFactory->error('getPowerBiDataset: ' . $e->getMessage());
+      return NULL;
+    }
+
+    $datasetResponse = json_decode($request->getBody(), TRUE);
+    return $datasetResponse;
+  }
+
   /**
    * Get PowerBI Embed Token.
    */
   public function getPowerBiEmbedToken($token, $reportId, $datasetIds) {
     $powerbiAPIURL = 'https://api.powerbi.com/v1.0/myorg/GenerateToken';
+    $powerbiUser = getenv('POWERBI_PUBLIC_USER');
+    $powerbiRole = getenv('POWERBI_PUBLIC_ROLE');
+
+    $entitledDatasets = [];
+    foreach ($datasetIds as $datasetId) {
+      $response = $this->getPowerBiDataset($token, $datasetId);
+      if ($response['isEffectiveIdentityRequired'] && $response['isEffectiveIdentityRolesRequired']) {
+        $entitledDatasets[] = $datasetId;
+      }
+    }
 
     $datasets = [];
     foreach ($datasetIds as $datasetId) {
@@ -131,15 +172,25 @@ public function getPowerBiEmbedToken($token, $reportId, $datasetIds) {
         'id' => $datasetId,
         'xmlaPermissions' => 'ReadOnly',
       ];
-
     }
 
     $payload = [
+      'accessLevel' => 'View',
       'datasets' => $datasets,
       'reports' => [['id' => $reportId]],
       'targetWorkspaces' => [['id' => $this->getWorkspaceID()]],
     ];
 
+    if (count($entitledDatasets) > 0) {
+      $payload['identities'] = [
+        [
+          'username' => $powerbiUser,
+          'roles' => [$powerbiRole],
+          'datasets' => $entitledDatasets,
+        ],
+      ];
+    }
+
     $payload_json = json_encode($payload);
 
     try {