Data download for private sites and devices - [Device-registry/Analytics/Analytics-api] #4755
Description
What were you trying to achieve?
- Individuals that own devices and sites termed as private sites and devices are unable to download data for these sites/devices through the analytics -> analytics data download API.
- When devices/sites are selected private/non-private, authorized individuals should be able to download their data.
What are the expected results?
- Individuals that own devices/sites, should be able to download their data.
What are the received results?
- Individuals that own devices/sites, should be able to download their data.
What are the steps to reproduce the issue?
- Selecting devices/sites that are private for data download, returns no data for private devices/sites.
Additional context
- Analytics api has a security measure where it checks if the shared devices/sites are private or public. It consumes a device registry endpoint for checking this.
- If public, the same ids are returned and if private, no ids are returned.
- Possible solutions would be adding the user that is trying to download the data. If the user is authorized to access the sites'/devices' data, then continue with the request. Otherwise only return data for the sites/devices that the user is authorized to access.
Systems Involved
- Device registry - Devices/Sites metadata
- Analytics - Frontend access for data download. Consumes the analytics api data download endpoint
- Analytics api - Backend system for data download