feat: fix embed user permissions documentation (#161)

Documentation is now in sync with published documentation.

README.md

@@ -496,7 +496,7 @@ const exploreId = 'thelook::orders'
 const extensionId = 'extension::my-great-extension'
 ```
 
-- Edit the `demo/demo_user.json` file to be appropriate for the type of user you want to embed. Normally your backend service would use information about the user logged into your embedding application (e.g your customer portal) to inform Looker about important user properties that control data access controls. Note that the `demo/demo_user.json` file is also used for cookieless embedding. The one difference is that cookieless_embed will ignore the value of `force_logout_login` and will ALWAYs treat the value as `true`.
+- Edit the `demo/demo_user.json` file to be appropriate for the type of user you want to embed. Normally your backend service would use information about the user logged into your embedding application (e.g your customer portal) to inform Looker about important user properties that control data access controls. Note that the `demo/demo_user.json` file is also used for cookieless embedding. The one difference is that cookieless_embed will ignore the value of `force_logout_login` and will ALWAYs treat the value as `true`. See [documentation](https://cloud.google.com/looker/docs/single-sign-on-embedding) for detailed information on the content of the embed user definition.
 
 ```javascript
 {
@@ -515,23 +515,29 @@ const extensionId = 'extension::my-great-extension'
   "group_ids": [],
   // Permissions. See documentation for details. Required.
   // Can any combination of:
-  //   access_data
-  //   see_looks
-  //   see_user_dashboards
-  //   see_lookml_dashboards
-  //   explore
-  //   create_table_calculations
-  //   download_with_limit
-  //   download_without_limit
-  //   see_drill_overlay
-  //   see_sql
-  //   save_content
-  //   embed_browse_spaces
-  //   schedule_look_emails
-  //   send_to_sftp
-  //   send_to_s3
-  //   send_outgoing_webhook
-  //   schedule_external_look_emails
+  //   'access_data'
+  //   'see_lookml_dashboards'
+  //   'see_looks'
+  //   'see_user_dashboards'
+  //   'explore'
+  //   'create_table_calculations'
+  //   'create_custom_fields'
+  //   'can_create_forecast'
+  //   'save_content'
+  //   'send_outgoing_webhook'
+  //   'send_to_s3'
+  //   'send_to_sftp'
+  //   'schedule_look_emails'
+  //   'schedule_external_look_emails'
+  //   'send_to_integration'
+  //   'create_alerts'
+  //   'download_with_limit'
+  //   'download_without_limit'
+  //   'see_sql'
+  //   'clear_cache_refresh'
+  //   'see_drill_overlay'
+  //   'embed_browse_spaces'
+  //   'embed_save_shared_space'
   "permissions": [
     "access_data",
     "see_looks",

docs/index.html

@@ -227,9 +227,9 @@ <h3>Step 2 - Customize the Demo settings for your Looker instance</h3>
 <pre><code class="language-javascript"><span class="hl-7">// The address of your Looker instance. Required.</span><br/><span class="hl-7">// Include the port if it is necessary when accessing looker in a browser</span><br/><span class="hl-7">// Do NOT include the protocol</span><br/><span class="hl-4">const</span><span class="hl-1"> </span><span class="hl-9">lookerHost</span><span class="hl-1"> = </span><span class="hl-3">&#39;mycompany.looker.com&#39;</span><br/><br/><span class="hl-7">// A dashboard that the user can see. Set to &#39;-&#39; or &#39;0&#39; to disable dashboard demo.</span><br/><span class="hl-7">// dashboardId can be a numeric id or a slug string.</span><br/><span class="hl-4">const</span><span class="hl-1"> </span><span class="hl-9">dashboardId</span><span class="hl-1"> = </span><span class="hl-5">1</span><br/><br/><span class="hl-7">// A Look that the user can see. Set to 0 to disable look demo.</span><br/><span class="hl-7">// lookId must be numeric. Slugs are NOT supported.</span><br/><span class="hl-4">const</span><span class="hl-1"> </span><span class="hl-9">lookId</span><span class="hl-1"> = </span><span class="hl-5">1</span><br/><br/><span class="hl-7">// An Explore that the user can see. Set to &#39;-&#39; to disable explore demo.</span><br/><span class="hl-4">const</span><span class="hl-1"> </span><span class="hl-9">exploreId</span><span class="hl-1"> = </span><span class="hl-3">&#39;thelook::orders&#39;</span><br/><br/><span class="hl-7">// An Extension that the user can see. Set to &#39;-&#39; to disable extension demo.</span><br/><span class="hl-7">// Requires Looker 7.12 and extensions framework.</span><br/><span class="hl-4">const</span><span class="hl-1"> </span><span class="hl-9">extensionId</span><span class="hl-1"> = </span><span class="hl-3">&#39;extension::my-great-extension&#39;</span>
 </code></pre>
 <ul>
-<li>Edit the <code>demo/demo_user.json</code> file to be appropriate for the type of user you want to embed. Normally your backend service would use information about the user logged into your embedding application (e.g your customer portal) to inform Looker about important user properties that control data access controls. Note that the <code>demo/demo_user.json</code> file is also used for cookieless embedding. The one difference is that cookieless_embed will ignore the value of <code>force_logout_login</code> and will ALWAYs treat the value as <code>true</code>.</li>
+<li>Edit the <code>demo/demo_user.json</code> file to be appropriate for the type of user you want to embed. Normally your backend service would use information about the user logged into your embedding application (e.g your customer portal) to inform Looker about important user properties that control data access controls. Note that the <code>demo/demo_user.json</code> file is also used for cookieless embedding. The one difference is that cookieless_embed will ignore the value of <code>force_logout_login</code> and will ALWAYs treat the value as <code>true</code>. See <a href="https://cloud.google.com/looker/docs/single-sign-on-embedding">documentation</a> for detailed information on the content of the embed user definition.</li>
 </ul>
-<pre><code class="language-javascript"><span class="hl-1">{</span><br/><span class="hl-1">  </span><span class="hl-7">// External embed user ID. IDs are not shared with regular users. Required</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;external_user_id&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;user1&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// First and last name. Optional</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;first_name&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;Pat&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;last_name&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;Embed&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// Duration before session expires, in seconds. Required.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;session_length&quot;</span><span class="hl-1">: </span><span class="hl-5">3600</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// Enforce logging in with these permissions. Recommended.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;force_logout_login&quot;</span><span class="hl-1">: </span><span class="hl-4">true</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// External embed group ID. Optional.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;external_group_id&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;group1&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// Looker Group IDs. Optional</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;group_ids&quot;</span><span class="hl-1">: [],</span><br/><span class="hl-1">  </span><span class="hl-7">// Permissions. See documentation for details. Required.</span><br/><span class="hl-1">  </span><span class="hl-7">// Can any combination of:</span><br/><span class="hl-1">  </span><span class="hl-7">//   access_data</span><br/><span class="hl-1">  </span><span class="hl-7">//   see_looks</span><br/><span class="hl-1">  </span><span class="hl-7">//   see_user_dashboards</span><br/><span class="hl-1">  </span><span class="hl-7">//   see_lookml_dashboards</span><br/><span class="hl-1">  </span><span class="hl-7">//   explore</span><br/><span class="hl-1">  </span><span class="hl-7">//   create_table_calculations</span><br/><span class="hl-1">  </span><span class="hl-7">//   download_with_limit</span><br/><span class="hl-1">  </span><span class="hl-7">//   download_without_limit</span><br/><span class="hl-1">  </span><span class="hl-7">//   see_drill_overlay</span><br/><span class="hl-1">  </span><span class="hl-7">//   see_sql</span><br/><span class="hl-1">  </span><span class="hl-7">//   save_content</span><br/><span class="hl-1">  </span><span class="hl-7">//   embed_browse_spaces</span><br/><span class="hl-1">  </span><span class="hl-7">//   schedule_look_emails</span><br/><span class="hl-1">  </span><span class="hl-7">//   send_to_sftp</span><br/><span class="hl-1">  </span><span class="hl-7">//   send_to_s3</span><br/><span class="hl-1">  </span><span class="hl-7">//   send_outgoing_webhook</span><br/><span class="hl-1">  </span><span class="hl-7">//   schedule_external_look_emails</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;permissions&quot;</span><span class="hl-1">: [</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;access_data&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;see_looks&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;see_user_dashboards&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;explore&quot;</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;save_content&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;embed_browse_spaces&quot;</span><br/><span class="hl-1">  ],</span><br/><span class="hl-1">  </span><span class="hl-7">// Model access permissions. Required.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;models&quot;</span><span class="hl-1">: [</span><span class="hl-3">&quot;powered_by&quot;</span><span class="hl-1">, </span><span class="hl-3">&quot;thelook&quot;</span><span class="hl-1">],</span><br/><span class="hl-1">  </span><span class="hl-7">// User attributes. Optional.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;user_attributes&quot;</span><span class="hl-1">: { </span><span class="hl-3">&quot;locale&quot;</span><span class="hl-0">:</span><span class="hl-1"> </span><span class="hl-3">&quot;en_US&quot;</span><span class="hl-1"> },</span><br/><span class="hl-1">  </span><span class="hl-7">// Access filters. Optional.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;access_filters&quot;</span><span class="hl-1">: { </span><span class="hl-3">&quot;powered_by&quot;</span><span class="hl-0">:</span><span class="hl-1"> { </span><span class="hl-3">&quot;products.brand&quot;</span><span class="hl-0">:</span><span class="hl-1"> </span><span class="hl-3">&quot;Allegra K&quot;</span><span class="hl-1"> } }</span><br/><span class="hl-1">}</span>
+<pre><code class="language-javascript"><span class="hl-1">{</span><br/><span class="hl-1">  </span><span class="hl-7">// External embed user ID. IDs are not shared with regular users. Required</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;external_user_id&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;user1&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// First and last name. Optional</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;first_name&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;Pat&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;last_name&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;Embed&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// Duration before session expires, in seconds. Required.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;session_length&quot;</span><span class="hl-1">: </span><span class="hl-5">3600</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// Enforce logging in with these permissions. Recommended.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;force_logout_login&quot;</span><span class="hl-1">: </span><span class="hl-4">true</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// External embed group ID. Optional.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;external_group_id&quot;</span><span class="hl-1">: </span><span class="hl-3">&quot;group1&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">  </span><span class="hl-7">// Looker Group IDs. Optional</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;group_ids&quot;</span><span class="hl-1">: [],</span><br/><span class="hl-1">  </span><span class="hl-7">// Permissions. See documentation for details. Required.</span><br/><span class="hl-1">  </span><span class="hl-7">// Can any combination of:</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;access_data&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;see_lookml_dashboards&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;see_looks&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;see_user_dashboards&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;explore&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;create_table_calculations&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;create_custom_fields&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;can_create_forecast&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;save_content&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;send_outgoing_webhook&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;send_to_s3&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;send_to_sftp&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;schedule_look_emails&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;schedule_external_look_emails&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;send_to_integration&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;create_alerts&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;download_with_limit&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;download_without_limit&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;see_sql&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;clear_cache_refresh&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;see_drill_overlay&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;embed_browse_spaces&#39;</span><br/><span class="hl-1">  </span><span class="hl-7">//   &#39;embed_save_shared_space&#39;</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;permissions&quot;</span><span class="hl-1">: [</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;access_data&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;see_looks&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;see_user_dashboards&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;explore&quot;</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;save_content&quot;</span><span class="hl-1">,</span><br/><span class="hl-1">    </span><span class="hl-3">&quot;embed_browse_spaces&quot;</span><br/><span class="hl-1">  ],</span><br/><span class="hl-1">  </span><span class="hl-7">// Model access permissions. Required.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;models&quot;</span><span class="hl-1">: [</span><span class="hl-3">&quot;powered_by&quot;</span><span class="hl-1">, </span><span class="hl-3">&quot;thelook&quot;</span><span class="hl-1">],</span><br/><span class="hl-1">  </span><span class="hl-7">// User attributes. Optional.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;user_attributes&quot;</span><span class="hl-1">: { </span><span class="hl-3">&quot;locale&quot;</span><span class="hl-0">:</span><span class="hl-1"> </span><span class="hl-3">&quot;en_US&quot;</span><span class="hl-1"> },</span><br/><span class="hl-1">  </span><span class="hl-7">// Access filters. Optional.</span><br/><span class="hl-1">  </span><span class="hl-3">&quot;access_filters&quot;</span><span class="hl-1">: { </span><span class="hl-3">&quot;powered_by&quot;</span><span class="hl-0">:</span><span class="hl-1"> { </span><span class="hl-3">&quot;products.brand&quot;</span><span class="hl-0">:</span><span class="hl-1"> </span><span class="hl-3">&quot;Allegra K&quot;</span><span class="hl-1"> } }</span><br/><span class="hl-1">}</span>
 </code></pre>
 
 <a href="#step-3---build-and-run-the-demo" id="step-3---build-and-run-the-demo" style="color: inherit; text-decoration: none;">

server/types.ts

@@ -23,26 +23,37 @@
  SOFTWARE.
 
  */
-
+/**
+ * @see https://cloud.google.com/looker/docs/single-sign-on-embedding#permissions
+ */
 export type LookerUserPermission =
   | 'access_data'
+  | 'see_lookml_dashboards'
   | 'see_looks'
   | 'see_user_dashboards'
-  | 'see_lookml_dashboards'
   | 'explore'
   | 'create_table_calculations'
+  | 'create_custom_fields'
+  | 'can_create_forecast'
+  | 'save_content'
+  | 'send_outgoing_webhook'
+  | 'send_to_s3'
+  | 'send_to_sftp'
+  | 'schedule_look_emails'
+  | 'schedule_external_look_emails'
+  | 'send_to_integration'
+  | 'create_alerts'
   | 'download_with_limit'
   | 'download_without_limit'
-  | 'see_drill_overlay'
   | 'see_sql'
-  | 'save_content'
+  | 'clear_cache_refresh'
+  | 'see_drill_overlay'
   | 'embed_browse_spaces'
-  | 'schedule_look_emails'
-  | 'send_to_sftp'
-  | 'send_to_s3'
-  | 'send_outgoing_webhook'
-  | 'schedule_external_look_emails'
+  | 'embed_save_shared_space'
 
+/**
+ * @see https://cloud.google.com/looker/docs/single-sign-on-embedding#embed-url
+ */
 export interface LookerEmbedUser {
   external_user_id: string
   first_name?: string