Skip to content

Reports

Intro

Reports are a way for Looker Studio or potentially other sources to be embedded and shared within Envoy. The reports themselves

Model and Relationships

The Report model is the core of the reporting functionality. It has the following key relationships:

  • Tenants: Many-to-many relationship with the Tenant model.

The idea here is that a report can be associated with multiple tenants. This is useful for reports that are shared across multiple tenants. The tenants relationship is managed by the TenantsRelationManager. This action is only available to the landlord tenant.

  • Roles: Many-to-many relationship with the Role model.

The roles are used to control which users (through their roles) can access the report. The roles relationship is managed by the RolesRelationManager. This action is only available to the landlord tenant.

  • Author: Belongs-to relationship with the User model.

The author of the report is the user who created it for tracking purposes.

The Report model includes several scope methods to filter reports based on tenants, roles, and user permissions:

  • scopeForTenant
  • scopeForRole
  • scopeOfCurrentTenant
  • scopeOfCurrentRole

Observers

The ReportObserver handles events related to the Report model:

  • Sets the author of the report if not already set when creating.
  • Attaches the current tenant to the newly created report.

Filament Resources

The ReportResource class manages CRUD operations for reports in the Filament admin panel, including:

  • Form definition for creating and editing reports.
  • Table configuration for listing reports.
  • Actions like view, edit, delete, and detach.

Viewing Reports

The filament resource includes an infolist component that displays the report embed code. A custom entry component is used to display the embed code in an iframe. The entry sanitizes the embed code using the Purifier class to prevent XSS attacks.

Relation Managers

Two relation managers are used for the Report model:

  • TenantsRelationManager: Manages the relationship between reports and tenants. Multiple tenants can be attached to a report only from the landlord tenant.
  • RolesRelationManager: Manages the relationship between reports and roles. If a report is attached to multiple tenants, then the roles can only be attached and adjusted from the landlord tenant.

Permissions

There is a single permission for reports: Manage Reports. This permission allows users to create, update, and delete reports (and of course view them). This is a global permission, which can be assigned to any role. Roles are tenant scoped, so the permission is also tenant scoped.

Report Policies

The ReportPolicy class defines authorization rules for report-related actions:

  • View: Allows viewing if the user has the necessary role or management permissions.
  • Update: Allows updating if the user has report management permissions.
  • Delete: Allows deletion based on user permissions and tenant status.
  • Detach Tenant: Allows detaching a tenant if the user has report management permissions.

Using Reports in the App

It's recommended to use permissions rather than roles to define access. However, you can use the following methods if necessary:

User has report access check

You can use the canView() method on the Report model to validate access:

if ($report->canView($user)) { // User can view the report }

Additional Features

  1. Multi-tenancy: Reports can be associated with multiple tenants.
  2. Role-based Access: Reports are accessible based on user roles.
  3. Embed Code Purification: The getSafeEmbedCodeAttribute method ensures safe display of embed codes. The html is purified using the Purifier class before rendering.