cube-js
diff --git a/‎docs/access-control/index.md‎
Lines changed: 28 additions & 37 deletions b/‎docs/access-control/index.md‎
Lines changed: 28 additions & 37 deletions
diff --git a/‎docs/apis/index.md‎
Lines changed: 11 additions & 4 deletions b/‎docs/apis/index.md‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎docs/caching/index.md‎
Lines changed: 1 addition & 7 deletions b/‎docs/caching/index.md‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎docs/d3-analytics/index.md‎
Lines changed: 15 additions & 4 deletions b/‎docs/d3-analytics/index.md‎
Lines changed: 15 additions & 4 deletions
diff --git a/‎docs/data-modeling/add-views-folder.png‎
323 KB b/‎docs/data-modeling/add-views-folder.png‎
323 KB
diff --git a/‎docs/data-modeling/index.md‎
Lines changed: 30 additions & 37 deletions b/‎docs/data-modeling/index.md‎
Lines changed: 30 additions & 37 deletions
diff --git a/‎docs/data-modeling/review-changes.png‎
994 KB b/‎docs/data-modeling/review-changes.png‎
994 KB
diff --git a/‎docs/data-modeling/views-playground-button.png‎
258 KB b/‎docs/data-modeling/views-playground-button.png‎
258 KB
@@ -71,20 +71,22 @@ First, let's create our hardcoded user mappings in `cube.py`.  In practice, thes
 Make sure to update your user email in the first entry of the `USER_SECURITY_MAPPINGS` dictionary below with your workshop email address.  This will ensure you have full access to the data when logged in to D3 in the final workshop module.
 :::
 
-```python title="cube.py" {3-43}
+```python title="cube.py" {3-45}
 from cube import config 
 
 USER_SECURITY_MAPPINGS = {
     # YOUR USER - UPDATE WITH YOUR WORKSHOP EMAIL
     "wdc-2025-999@example.com": {
         "role": "global_admin",
-        "filter_type": "none"
+        "filter_type": "none",
+        "show_pii": "true"  # Admins can see PII data
     },
 
     # Global admin - sees everything
     "admin@tpch.com": {
         "role": "global_admin",
-        "filter_type": "none"
+        "filter_type": "none",
+        "show_pii": "true"  # Admins can see PII data
     },
 
     # Regional director - North America (Region 1)
@@ -134,7 +136,7 @@ def query_rewrite(query: dict, ctx: dict) -> dict:
     if not user_security:
         # Add impossible filter to return no data
         query['filters'].append({
-            'member': 'sales.c_custkey',
+            'member': 'customers.customer_key',
             'operator': 'equals',
             'values': ['-1']  # Non-existent customer
         })
@@ -236,6 +238,10 @@ In this example, we'll mask phone numbers for sales reps and regional directors,
 4. Extend the security context to lookup the user's PII access
 5. Add the `context_to_app_id` function to cache our model both with PII access and without PII access
 
+:::note
+If you save the model changes in between steps, you may see compile errors.  Just make all 5 changes and then save, or ignore the compile errors until you finish all 5 steps.
+:::
+
 ### Step 1: Update the Phone Dimension
 
 Update the existing phone dimension in your `customers` cube to include PII masking:
@@ -260,7 +266,7 @@ Update the existing phone dimension in your `customers` cube to include PII mask
 
 We also need to include the phone field in our sales view. Update your `sales` view definition to move the phone dimension from `excludes` to `includes`:
 
-```yaml  title="/model/views/sales.yml" {11}
+```yaml  title="/model/views/sales.yml" {11,13}
 ...
 
       # Customer information via orders
@@ -273,6 +279,7 @@ We also need to include the phone field in our sales view. Update your `sales` v
           - customer_key
           - phone 
         excludes:
+          - phone # REMOVE THIS LINE
           - address
           - comment
 
@@ -321,17 +328,17 @@ def extend_context(req: dict) -> dict:
     # Check if securityContext exists, skip extending context if not
     if 'securityContext' not in req:
         return req
-    
-    # Get user from security context - handle both React app and D3 formats
+
+    # Get user from security context 
     security_context = req.get('securityContext', {})
-    # If D3 format (has cubeCloud key), extract username from cubeCloud.username
-    if 'cubeCloud' in security_context:
-        user_id = security_context.get('cubeCloud', {}).get('username')
-        # Update the user_id in the security context
-        req['securityContext']['user_id'] = user_id
-    else:
-        # For React app format, use existing user_id
-        user_id = security_context.get('user_id', 'anonymous')
+
+    # If user_id is not in the securityContext, extract it from cubeCloud.username
+    if 'user_id' not in security_context:
+        if 'cubeCloud' in security_context:
+            # Update the user_id in the security context
+            req['securityContext']['user_id'] = security_context.get('cubeCloud', {}).get('username')
+    
+    user_id = security_context.get('user_id', 'anonymous')
 
     # Look up user security settings
     user_security = USER_SECURITY_MAPPINGS.get(user_id, {})
@@ -381,26 +388,8 @@ In this section, we'll create two new views:
 
 First, we need to ensure user roles are available in the security context. Update your `extend_context` function in `cube.py` to include the user's role.  We'll also make our function more robust to handle both the React app and D3 formats of the security context:
 
-```python title="/cube.py" {9-19,26}
+```python title="/cube.py" {8}
 ...
-
-@config('extend_context')
-def extend_context(req: dict) -> dict:
-    # Check if securityContext exists, skip extending context if not
-    if 'securityContext' not in req:
-        return req
-    
-    # Get user from security context - handle both React app and D3 formats
-    security_context = req.get('securityContext', {})
-
-    # If D3 format (has cubeCloud key), extract username from cubeCloud.username
-    if 'cubeCloud' in security_context:
-        user_id = security_context.get('cubeCloud', {}).get('username')
-        # Update the user_id in the security context
-        req['securityContext']['user_id'] = user_id
-    else:
-        # For React app format, use existing user_id
-        user_id = security_context.get('user_id', 'anonymous')
 
     # Look up user security settings
     user_security = USER_SECURITY_MAPPINGS.get(user_id, {})
@@ -531,6 +520,9 @@ views:
 1. **Navigate to Playground**
 2. **Test each user type and observe available views**:
 
+![Hidden view verification for Director NA](./hidden_view.png)
+The padlock icon means this view (or cube or field) is not visible to the current user based on their security context through the APIs.
+
    **Admin User**:
    ```json
    { "user_id": "admin@tpch.com" }
@@ -556,8 +548,7 @@ views:
    - Sarah sees only her customers with masked phone numbers
    - Admin sees everything including real phone numbers
 
-![Hidden view verification for Director NA](./hidden_view.png)
-The padlock icon means this view (or cube or field) is not visible to the current user based on their security context through the APIs.
+
 
 ### Advanced: Combining View Visibility with Row-Level Security
 
@@ -646,7 +637,7 @@ Now that you've implemented comprehensive access control, let's save your work:
 
 **Step 2: Commit Your Changes**
 1. **Navigate to the Data Model page**
-2. **Review all your changes** - You should see modified files: `cube.py`, `globals.py`, `sales.yml`, `director_dashboard.yml`, `sales_team.yml`
+2. **Review all your changes** - You should see modified files: `customers.yml`, `cube.py`, `globals.py`, `sales.yml`, `director_dashboard.yml`, `sales_team.yml`
 3. **Click "Commit & Sync"**
 4. **Add a descriptive commit message**:
    ```
 
@@ -69,20 +69,25 @@ To make REST API calls, you'll need your Bearer token from Cube Cloud.  This JWT
 Keep your Bearer token secure! It grants access to your data based on the security context you provide.
 :::
 
+### Getting Your API Endpoint
+To make REST API calls, you'll need your Cube endpoint URL. This is available in the **Integrations** page under the **API Credentials** section.
+
+![Endpoint](./endpoint.png)
+
 :::tip Production vs Development API Endpoints
 Now that you've deployed your complete data model to production, you have access to different API endpoints:
 
 **Production Endpoint** (recommended for this section):
 ```
-https://your-workspace.cubecloud.dev/cubejs-api/v1
+https://your-workspace.your-cloud-region.cubecloudapp.dev/cubejs-api/v1
 ```
 - Stable, deployed version of your data model
 - Full performance with production-scale resources (NOTE: just for this workshop, our prod environment is still scaled down to use dev-scale resources)
 - What real applications should use
 
 **Development Endpoint** (only when in Dev Mode):
 ```
-https://your-workspace.cubecloud.dev/dev-branch-name/cubejs-api/v1
+https://your-workspace.your-cloud-region.cubecloudapp.dev/dev-branch-or-user-name/cubejs-api/v1
 ```
 - Development-scale resources (smaller, slower)
 - For testing changes before deployment
@@ -93,9 +98,11 @@ https://your-workspace.cubecloud.dev/dev-branch-name/cubejs-api/v1
 
 ### Exercise: Your First API Call
 
-Now that you have your Bearer token, let's query TPCH's monthly revenue using the REST API. We'll use the GET method with URL-encoded query parameters - this is simpler for testing in the terminal.
+Let's query TPCH's monthly revenue using the REST API. We'll use the GET method with URL-encoded query parameters - this is simpler for testing in the terminal.
 
-Head to the **Integrations** page and click the **API Credentials** button, then the **REST API** tab. This will show you your endpoint URL and how to construct a query using curl.
+:::tip
+On the **Integrations** page and click the **API Credentials** button, then the **REST API** tab. This will show you your endpoint URL and how to construct a query using `curl`.
+:::
 
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
@@ -330,12 +330,6 @@ Add this to your `orders.yml` cube:
 
 **Save** your changes to the cube.
 
-**Dashboard possibilities:**
-- 📈 **Customer Segment Performance** - Compare segments over time
-- 📦 **Order Size Distribution** - Understand purchase patterns
-- ✅ **Order Status Monitoring** - Track fulfillment metrics
-- 👥 **Customer Value Analysis** - Identify high-value customers
-
 **Create the Customer Behavior View:**
 
 Before testing, create a view optimized for customer behavior analysis. Create a new file `customer_behavior.yml` in your `model/views` folder:
@@ -661,7 +655,7 @@ Now that you've implemented sophisticated caching with pre-aggregations, let's s
 
 **Step 2: Commit Your Changes**
 1. **Navigate to the Data Model page**
-2. **Review all your changes** - You should see all modified files from the entire workshop: data modeling, access control, and caching changes
+2. **Review all your changes** - You should see our modified files : `line_items.yml`, `orders.yml`, and `customer_behavior.yml`
 3. **Click "Commit & Sync"**
 4. **Add a descriptive commit message**:
    ```
 
@@ -42,16 +42,15 @@ Cube D3 is currently in private preview and may have some limitations or errors
 :::
 
 In Cube Cloud:
-1. **Navigate to D3** (click the Cube logo in the top left, then select "D3 AI")
-2. **Click Admin** in the left sidebar
+1. **Navigate to D3** (click the Cube logo in the top left, then select "D3 AI") The interface will look like it's still loading, but move on to the next step anyway.
+2. **Click Admin** at the bottom of the left sidebar
 3. In **Spaces**, click **Add Space**
 4. **Name your space** (e.g. "TPCH Analytics")
 5. In **Agents**, click **Add Agent**
 6. **Name your agent** (e.g. "TPCH Analyst")
-7. Select **"WDC 2025 Workshop"** as the **Semantic Model**
+7. Select **"WDC 2025"** as the **Semantic Model**
 8. Assign it to the **TPCH Analytics** space you just created
 9. Navigate **"Back to app"** to return to the D3 interface
-10. Make sure your Space is selected in the top dropdown menu.
 
 ## Exercise: Interacting with D3
 
@@ -62,6 +61,18 @@ Ask D3 a simple question about your data:
 What is our total revenue this year?
 ```
 
+:::tip
+Don't see any data?  Make sure you updated your cube.py file with your username (email address) in the `USER_SECURITY_MAPPINGS` section.  This allows D3 to recognize you as an admin and access the data.
+```USER_SECURITY_MAPPINGS = {
+    # YOUR USER - UPDATE WITH YOUR WORKSHOP EMAIL
+    "wdc-2025-044@example.com": {
+        "role": "global_admin",
+        "filter_type": "none",
+        "show_pii": "true"  # Admins can see PII data
+    },
+```
+:::
+
 Notice on the right side, D3 shows you the **Semantic Views** you have access to.  If you click on them, you can see the same fields we added to the views in our prior modules.
 
 As the agent processes your request, it will generate a response and display the results in a table or chart format. You can also see the underlying **Semantic SQL** query that was generated.  Click on the **Semantic SQL** tab to view it.
 
@@ -53,7 +53,7 @@ You should see a time series of order counts.  Check out the tabs for **SQL API*
 
 Now click on the **Generated SQL** tab - this is the query that Cube generates which goes back to our PostgreSQL database.  
 
-Let's **add another field to the query**.  From the `regions` cube, click the `name` field.  Now check those API tabs again.  The "Semantic SQL" (what we see on the **SQL API** tab) is simple - you're just asking for fields without worrying about the join logic which we've already defined and is now part of the data model.  
+Let's **add another field to the query**.  From the `customer_regions` cube, click the `name` field.  Now check those API tabs again.  The "Semantic SQL" (what we see on the **SQL API** tab) is simple - you're just asking for fields without worrying about the join logic which we've already defined and is now part of the data model.  
 
 On the **Generated SQL** tab, the query is now much more complex as the joins traverse a few tables to go from `orders` -> `customers` -> `nations` -> `regions` but as a semantic layer end user, we are able to simply re-use the logic that was already setup ahead of time. 
 
@@ -171,8 +171,11 @@ In development mode, you'll see a separate API endpoint for testing:
 # Production API (for live apps)
 https://your-workspace.cubecloud.dev/cubejs-api/v1
 
-# Development API (for testing changes)  
-https://your-workspace.cubecloud.dev/dev-branch-name/cubejs-api/v1
+# Non-Prod Branch API (for testing changes)  
+https://your-workspace.cubecloud.dev/branch-name/cubejs-api/v1
+
+# Dev Mode Branch API (for testing changes)  
+https://your-workspace.cubecloud.dev/branch-name/user-name/cubejs-api/v1
 ```
 
 ### Making Changes Safely
@@ -513,7 +516,9 @@ Create business-friendly categories by adding binning dimensions.  Instead of de
 Create a business-critical metric using subqueries and measure dependencies. Let's build **Average Customer Value (ACV)** in the customers cube:
 
 **Step 1: Add a subquery dimension to customers.yml**
-```yaml title="model/cubes/customers.yml" {7-12}
+```yaml title="model/cubes/customers.yml" {9-14}
+...
+    dimensions:
 ...
 
       - name: comment
@@ -696,9 +701,11 @@ You simply define a view that includes all the measures and related dimensions y
 
 ## Creating a Sales View
 
-To create a view, it's a best practice define it in a separate YAML file. **Important**: Generally you'll use the lowest granularity cube with the measures you want in the view - typically one tied to a fact table as your base. In our case, that's `line_items` since it contains the actual sales transactions:
+To create a view, it's a best practice to define it in a separate YAML file in the `views` directory to help keep them organized. Since we don't have that yet, let's create it now. Hover over the `/model` directory in the Cube Cloud IDE and click the **...** menu, then the **Add Directory** button. Name the folder `views`.
 
-Hover over the `/model/views` directory in the Cube Cloud IDE and click the **...*** menu, then the **New File** button. Name the file `sales.yml` and add the following content:
+![Add views folder](./add-views-folder.png)
+
+Now let's add a new file for our new view. Hover over the `/model/views` directory in the Cube Cloud IDE and click the **...** menu, then the **New File** button. Name the file `sales.yml` and add the following content: 
 
 ```yaml title="model/views/sales.yml"
 views:
@@ -781,6 +788,8 @@ views:
           - region_key
 ```
 
+**Important**: Generally you'll use the lowest granularity cube with the measures you want in the view - typically one tied to a fact table as your base. In our case, that's `line_items` since it contains the actual sales transactions.
+
 ## What This Enables
 
 With this view, end users can:
@@ -831,26 +840,7 @@ With this view, end users can:
 3. **Clean Schema**: Only relevant, business-friendly fields
 4. **Accurate Metrics**: Revenue and quantity calculations are precise
 
-## Complete Model Files
-
-### 📁 Starter Files
-**Location**: `static/cube-models/starter/`
-
-Contains:
-- Basic cubes with dimensions and count measures
-- Most joins (missing one for exercise)
-- Foundation for building upon
-
-### 📁 Data Modeling Complete  
-**Location**: `static/cube-models/data-modeling/`
-
-Contains:
-- All revenue measures
-- Subquery dimensions
-- Binning dimensions  
-- Multi-level measure dependencies
-- Complete join relationships
-- **Sales View** - Denormalized cube perfect for dashboards and reporting
+This data model is well on its way to power dashboards, reports, and applications with consistent, reliable business metrics.
 
 ## Deploying Your Sales View to Production
 
@@ -859,15 +849,20 @@ Now that you've built a comprehensive sales view with all the business metrics,
 ### Final Exercise: Commit your Changes
 
 **Step 1: Review Your Changes**
-1. **Ensure you're in Development Mode** - Look for the "Dev Mode" indicator
+1. **Ensure you're still in Development Mode** - Look for the "Dev Mode" indicator
 2. **Test your sales view** one final time in the Playground:
    - Query `sales.total_sales_amount` by `sales.region`
    - Query `sales.parts_brand` with `sales.total_quantity`
    - Verify all field names and calculations are correct
 
+![Views Playground Button](./views-playground-button.png)
+
 **Step 2: Commit Your Development Branch**
 1. **Navigate to the Data Model page**
 2. **Review all your changes** - You should see modified files and changes highlighted on the **Changes** diff tab
+
+![Review Changes](./review-changes.png)
+
 3. **Click Commit & Sync**
 4. **Add a descriptive commit message**:
    ```
@@ -889,19 +884,17 @@ Congratulations! You've successfully:
 ✅ **Learned Cube's development workflow** - Safe, isolated development with Git integration  
 ✅ **Enhanced the orders cube** - Added revenue metrics and business logic  
 ✅ **Built complex relationships** - Subqueries, joins, and measure dependencies  
-✅ **Created a comprehensive sales view** - Line item grain with rich dimensional context  
-✅ **Deployed to production** - Your changes are now live and ready for applications  
+✅ **Created a comprehensive sales view** - Line item grain with rich dimensional context   
 
-### Business-Friendly Data Model
+## Complete Model Files
+If you need to reference our starting or ending model state, here are the links to the files:
 
-Your sales view now provides:
-- **🎯 Correct granularity**: Line item level for accurate transaction analysis
-- **📊 Key business metrics**: Revenue, quantity, discounts with proper calculations
-- **🌐 Rich context**: Product, customer, supplier, and geographic dimensions
-- **🔗 Clean relationships**: Proper join paths preventing fan-out issues
-- **📝 Business-friendly naming**: Intuitive field names and aliases
+### 📁 Starter Files
+**Location**: [1-starter](https://github.com/cube-js/cube-workshop/tree/main/static/cube-models/1-starter)
+
+### 📁 Data Modeling Complete  
+**Location**: [2-data-modeling](https://github.com/cube-js/cube-workshop/tree/main/static/cube-models/2-data-modeling)
 
-This data model is well on its way to power dashboards, reports, and applications with consistent, reliable business metrics.
 
 ---