From 5f30bb56741ac04ee7442a4522b3b9cb6dea3610 Mon Sep 17 00:00:00 2001
From: Cody Hansen <codyhansen92@gmail.com>
Date: Wed, 4 Oct 2023 05:56:11 -1000
Subject: [PATCH 1/5] Added an extension table and a table to keep track of
 roles for extensions

---
 .gitignore                                    |  2 +
 .../tables/public_extension_roles.yaml        | 37 ++++++++++++
 .../AerieUI/tables/public_extensions.yaml     | 43 ++++++++++++++
 .../databases/AerieUI/tables/tables.yaml      |  2 +
 .../migrations/AerieUI/2_extensions/down.sql  | 19 +++++++
 .../migrations/AerieUI/2_extensions/up.sql    | 57 +++++++++++++++++++
 .../sql/ui/applied_migrations.sql             |  1 +
 deployment/postgres-init-db/sql/ui/init.sql   |  2 +
 .../sql/ui/tables/extension_roles.sql         | 18 ++++++
 .../sql/ui/tables/extensions.sql              | 36 ++++++++++++
 10 files changed, 217 insertions(+)
 create mode 100644 deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml
 create mode 100644 deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml
 create mode 100644 deployment/hasura/migrations/AerieUI/2_extensions/down.sql
 create mode 100644 deployment/hasura/migrations/AerieUI/2_extensions/up.sql
 create mode 100644 deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
 create mode 100644 deployment/postgres-init-db/sql/ui/tables/extensions.sql

diff --git a/.gitignore b/.gitignore
index fae1481dff..d13c73d04d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,6 +43,8 @@ node_modules
 deployment/postgres-init-db/sql/**/*.sql
 !deployment/postgres-init-db/sql/ui/init.sql
 !deployment/postgres-init-db/sql/ui/tables/view.sql
+!deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
+!deployment/postgres-init-db/sql/ui/tables/extensions.sql
 !deployment/postgres-init-db/sql/ui/tables/schema_migrations.sql
 !deployment/postgres-init-db/sql/ui/applied_migrations.sql
 
diff --git a/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml b/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml
new file mode 100644
index 0000000000..401b525928
--- /dev/null
+++ b/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml
@@ -0,0 +1,37 @@
+table:
+  name: extension_roles
+  schema: public
+object_relationships:
+  - name: extensions
+    using:
+      foreign_key_constraint_on: extension_id
+select_permissions:
+  - role: aerie_admin
+    permission:
+      columns: '*'
+      filter: {}
+      allow_aggregations: true
+  - role: user
+    permission:
+      columns: '*'
+      filter: {}
+      allow_aggregations: true
+  - role: viewer
+    permission:
+      columns: '*'
+      filter: {}
+      allow_aggregations: true
+insert_permissions:
+  - role: aerie_admin
+    permission:
+      columns: [extension_id, role]
+      check: {}
+update_permissions:
+  - role: aerie_admin
+    permission:
+      columns: [extension_id, role]
+      filter: {}
+delete_permissions:
+  - role: aerie_admin
+    permission:
+      filter: {}
diff --git a/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml b/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml
new file mode 100644
index 0000000000..01739a5a9c
--- /dev/null
+++ b/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml
@@ -0,0 +1,43 @@
+table:
+  name: extensions
+  schema: public
+array_relationships:
+  - name: extension_roles
+    using:
+      foreign_key_constraint_on:
+        column: extension_id
+        table:
+          name: extension_roles
+          schema: public
+select_permissions:
+  - role: aerie_admin
+    permission:
+      columns: '*'
+      filter: {}
+      allow_aggregations: true
+  - role: user
+    permission:
+      columns: '*'
+      filter: {}
+      allow_aggregations: true
+  - role: viewer
+    permission:
+      columns: '*'
+      filter: {}
+      allow_aggregations: true
+insert_permissions:
+  - role: aerie_admin
+    permission:
+      columns: [description, label, url]
+      check: {}
+      set:
+        owner: "x-hasura-user-id"
+update_permissions:
+  - role: aerie_admin
+    permission:
+      columns: [description, label, url]
+      filter: {}
+delete_permissions:
+  - role: aerie_admin
+    permission:
+      filter: {}
diff --git a/deployment/hasura/metadata/databases/AerieUI/tables/tables.yaml b/deployment/hasura/metadata/databases/AerieUI/tables/tables.yaml
index 9c21739162..5adc44d7f2 100644
--- a/deployment/hasura/metadata/databases/AerieUI/tables/tables.yaml
+++ b/deployment/hasura/metadata/databases/AerieUI/tables/tables.yaml
@@ -1 +1,3 @@
+- "!include public_extension_roles.yaml"
+- "!include public_extensions.yaml"
 - "!include public_view.yaml"
diff --git a/deployment/hasura/migrations/AerieUI/2_extensions/down.sql b/deployment/hasura/migrations/AerieUI/2_extensions/down.sql
new file mode 100644
index 0000000000..1b3fa26b6b
--- /dev/null
+++ b/deployment/hasura/migrations/AerieUI/2_extensions/down.sql
@@ -0,0 +1,19 @@
+comment on column extension_roles.extension_id is null;
+comment on column extension_roles.role is null;
+comment on table extension_roles is null;
+
+drop table extension_roles;
+
+drop trigger extensions_set_timestamp on extensions;
+drop function extensions_set_updated_at();
+
+comment on column extensions.description is null;
+comment on column extensions.label is null;
+comment on column extensions.owner is null;
+comment on column extensions.url is null;
+comment on column extensions.updated_at is null;
+comment on table extensions is null;
+
+drop table extensions;
+
+call migrations.mark_migration_rolled_back('2');
diff --git a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
new file mode 100644
index 0000000000..a59ee8d7d3
--- /dev/null
+++ b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
@@ -0,0 +1,57 @@
+create table extensions (
+  description text,
+  id integer generated always as identity,
+  label text not null,
+  owner text,
+  url text not null,
+  updated_at timestamptz not null default now(),
+
+  constraint extension_primary_key primary key (id)
+);
+
+comment on table extensions is e''
+  'External extension APIs the user can call from within Aerie UI.';
+comment on column extensions.description is e''
+  'An optional description of the external extension.';
+comment on column extensions.label is e''
+  'The name of the extension that is displayed in the UI.';
+comment on column extensions.owner is e''
+  'The user who owns the extension.';
+comment on column extensions.url is e''
+  'The URL of the API to be called.';
+comment on column extensions.updated_at is e''
+  'The time the extension was last updated.';
+
+create or replace function extensions_set_updated_at()
+  returns trigger
+  security definer
+  language plpgsql as $$begin
+  new.updated_at = now();
+  return new;
+end$$;
+
+create trigger extensions_set_timestamp
+  before update on extensions
+  for each row
+execute function extensions_set_updated_at();
+
+create table extension_roles (
+  extension_id  integer not null,
+  id integer generated always as identity,
+  role text not null,
+
+  constraint extension_roles_primary_key primary key (id),
+  constraint extension_roles_to_extension
+    foreign key (extension_id)
+      references "extensions"
+      on delete cascade
+);
+
+comment on table extension_roles is e''
+  'A mapping of extensions to what roles can access them.';
+comment on column extension_roles.extension_id is e''
+  'The extension that the role is defined for.';
+comment on column extension_roles.role is e''
+  'The role that is allowed to access the extension.';
+
+call migrations.mark_migration_applied('2');
diff --git a/deployment/postgres-init-db/sql/ui/applied_migrations.sql b/deployment/postgres-init-db/sql/ui/applied_migrations.sql
index 6191790699..83e3e220cc 100644
--- a/deployment/postgres-init-db/sql/ui/applied_migrations.sql
+++ b/deployment/postgres-init-db/sql/ui/applied_migrations.sql
@@ -4,3 +4,4 @@ This file denotes which migrations occur "before" this version of the schema.
 
 call migrations.mark_migration_applied('0');
 call migrations.mark_migration_applied('1');
+call migrations.mark_migration_applied('2');
diff --git a/deployment/postgres-init-db/sql/ui/init.sql b/deployment/postgres-init-db/sql/ui/init.sql
index e60884b8ad..8c462d7add 100644
--- a/deployment/postgres-init-db/sql/ui/init.sql
+++ b/deployment/postgres-init-db/sql/ui/init.sql
@@ -4,5 +4,7 @@ begin;
   \ir applied_migrations.sql
 
   -- Tables.
+  \ir tables/extensions.sql
+  \ir tables/extension_roles.sql
   \ir tables/view.sql
 end;
diff --git a/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql b/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
new file mode 100644
index 0000000000..a92ab5124f
--- /dev/null
+++ b/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
@@ -0,0 +1,18 @@
+create table extension_roles (
+  extension_id  integer not null,
+  id integer generated always as identity,
+  role text not null,
+
+  constraint extension_roles_primary_key primary key (id),
+  constraint extension_roles_to_extension
+    foreign key (extension_id)
+      references "extensions"
+      on delete cascade
+);
+
+comment on table extension_roles is e''
+  'A mapping of extensions to what roles can access them.';
+comment on column extension_roles.extension_id is e''
+  'The extension that the role is defined for.';
+comment on column extension_roles.role is e''
+  'The role that is allowed to access the extension.';
diff --git a/deployment/postgres-init-db/sql/ui/tables/extensions.sql b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
new file mode 100644
index 0000000000..776ddc81bc
--- /dev/null
+++ b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
@@ -0,0 +1,36 @@
+create table extensions (
+  description text,
+  id integer generated always as identity,
+  label text not null,
+  owner text,
+  url text not null,
+  updated_at timestamptz not null default now(),
+
+  constraint extension_primary_key primary key (id)
+);
+
+comment on table extensions is e''
+  'External extension APIs the user can call from within Aerie UI.';
+comment on column extensions.description is e''
+  'An optional description of the external extension.';
+comment on column extensions.label is e''
+  'The name of the extension that is displayed in the UI.';
+comment on column extensions.owner is e''
+  'The user who owns the extension.';
+comment on column extensions.url is e''
+  'The URL of the API to be called.';
+comment on column extensions.updated_at is e''
+  'The time the extension was last updated.';
+
+create or replace function extensions_set_updated_at()
+returns trigger
+security definer
+language plpgsql as $$begin
+  new.updated_at = now();
+  return new;
+end$$;
+
+create trigger set_timestamp
+  before update on extensions
+  for each row
+execute function extensions_set_updated_at();

From 64f6b233d447446b1b0b7004a3dcab50e14e7696 Mon Sep 17 00:00:00 2001
From: Cody Hansen <codyhansen92@gmail.com>
Date: Wed, 11 Oct 2023 05:38:43 -1000
Subject: [PATCH 2/5] Renamed extensions trigger to match migration

---
 deployment/postgres-init-db/sql/ui/tables/extensions.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/postgres-init-db/sql/ui/tables/extensions.sql b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
index 776ddc81bc..86960a982c 100644
--- a/deployment/postgres-init-db/sql/ui/tables/extensions.sql
+++ b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
@@ -30,7 +30,7 @@ language plpgsql as $$begin
   return new;
 end$$;
 
-create trigger set_timestamp
+create trigger extensions_set_timestamp
   before update on extensions
   for each row
 execute function extensions_set_updated_at();

From 18b771f1b82d0b12d4f920909deab5cff7487ec9 Mon Sep 17 00:00:00 2001
From: Cody Hansen <codyhansen92@gmail.com>
Date: Fri, 13 Oct 2023 11:51:16 -1000
Subject: [PATCH 3/5] Removed comment is null from extensions down.sql and
 removed trigger security definer

---
 .../hasura/migrations/AerieUI/2_extensions/down.sql   | 11 -----------
 .../hasura/migrations/AerieUI/2_extensions/up.sql     |  1 -
 .../postgres-init-db/sql/ui/tables/extensions.sql     |  1 -
 3 files changed, 13 deletions(-)

diff --git a/deployment/hasura/migrations/AerieUI/2_extensions/down.sql b/deployment/hasura/migrations/AerieUI/2_extensions/down.sql
index 1b3fa26b6b..b760368160 100644
--- a/deployment/hasura/migrations/AerieUI/2_extensions/down.sql
+++ b/deployment/hasura/migrations/AerieUI/2_extensions/down.sql
@@ -1,19 +1,8 @@
-comment on column extension_roles.extension_id is null;
-comment on column extension_roles.role is null;
-comment on table extension_roles is null;
-
 drop table extension_roles;
 
 drop trigger extensions_set_timestamp on extensions;
 drop function extensions_set_updated_at();
 
-comment on column extensions.description is null;
-comment on column extensions.label is null;
-comment on column extensions.owner is null;
-comment on column extensions.url is null;
-comment on column extensions.updated_at is null;
-comment on table extensions is null;
-
 drop table extensions;
 
 call migrations.mark_migration_rolled_back('2');
diff --git a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
index a59ee8d7d3..7b4cb7ad84 100644
--- a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
+++ b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
@@ -24,7 +24,6 @@ comment on column extensions.updated_at is e''
 
 create or replace function extensions_set_updated_at()
   returns trigger
-  security definer
   language plpgsql as $$begin
   new.updated_at = now();
   return new;
diff --git a/deployment/postgres-init-db/sql/ui/tables/extensions.sql b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
index 86960a982c..fce6b5c9d4 100644
--- a/deployment/postgres-init-db/sql/ui/tables/extensions.sql
+++ b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
@@ -24,7 +24,6 @@ comment on column extensions.updated_at is e''
 
 create or replace function extensions_set_updated_at()
 returns trigger
-security definer
 language plpgsql as $$begin
   new.updated_at = now();
   return new;

From 2588af222ea7e950cb4dcc439923ff22adc23a26 Mon Sep 17 00:00:00 2001
From: Cody Hansen <codyhansen92@gmail.com>
Date: Fri, 13 Oct 2023 12:38:21 -1000
Subject: [PATCH 4/5] More PR feedback changes

---
 .gitignore                                                 | 7 +------
 .../databases/AerieUI/tables/public_extension_roles.yaml   | 2 +-
 .../databases/AerieUI/tables/public_extensions.yaml        | 2 +-
 deployment/hasura/migrations/AerieUI/2_extensions/up.sql   | 7 ++++---
 .../postgres-init-db/sql/ui/tables/extension_roles.sql     | 1 +
 deployment/postgres-init-db/sql/ui/tables/extensions.sql   | 6 +++---
 6 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index d13c73d04d..a103054aed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,12 +41,7 @@ node_modules
 
 # Ignore any SQL files copied from build tasks
 deployment/postgres-init-db/sql/**/*.sql
-!deployment/postgres-init-db/sql/ui/init.sql
-!deployment/postgres-init-db/sql/ui/tables/view.sql
-!deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
-!deployment/postgres-init-db/sql/ui/tables/extensions.sql
-!deployment/postgres-init-db/sql/ui/tables/schema_migrations.sql
-!deployment/postgres-init-db/sql/ui/applied_migrations.sql
+!deployment/postgres-init-db/sql/ui
 
 # Ignore Gradle project-specific cache directory
 .gradle
diff --git a/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml b/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml
index 401b525928..668ba7a755 100644
--- a/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml
+++ b/deployment/hasura/metadata/databases/AerieUI/tables/public_extension_roles.yaml
@@ -2,7 +2,7 @@ table:
   name: extension_roles
   schema: public
 object_relationships:
-  - name: extensions
+  - name: extension
     using:
       foreign_key_constraint_on: extension_id
 select_permissions:
diff --git a/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml b/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml
index 01739a5a9c..6932ed610b 100644
--- a/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml
+++ b/deployment/hasura/metadata/databases/AerieUI/tables/public_extensions.yaml
@@ -35,7 +35,7 @@ insert_permissions:
 update_permissions:
   - role: aerie_admin
     permission:
-      columns: [description, label, url]
+      columns: [description, label, owner, url]
       filter: {}
 delete_permissions:
   - role: aerie_admin
diff --git a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
index 7b4cb7ad84..56c3f4a50a 100644
--- a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
+++ b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
@@ -1,12 +1,12 @@
 create table extensions (
-  description text,
   id integer generated always as identity,
+  description text,
   label text not null,
   owner text,
   url text not null,
   updated_at timestamptz not null default now(),
 
-  constraint extension_primary_key primary key (id)
+  constraint extensions_primary_key primary key (id)
 );
 
 comment on table extensions is e''
@@ -22,7 +22,7 @@ comment on column extensions.url is e''
 comment on column extensions.updated_at is e''
   'The time the extension was last updated.';
 
-create or replace function extensions_set_updated_at()
+create function extensions_set_updated_at()
   returns trigger
   language plpgsql as $$begin
   new.updated_at = now();
@@ -43,6 +43,7 @@ create table extension_roles (
   constraint extension_roles_to_extension
     foreign key (extension_id)
       references "extensions"
+      on update cascade
       on delete cascade
 );
 
diff --git a/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql b/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
index a92ab5124f..07b3495a87 100644
--- a/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
+++ b/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
@@ -7,6 +7,7 @@ create table extension_roles (
   constraint extension_roles_to_extension
     foreign key (extension_id)
       references "extensions"
+      on update cascade
       on delete cascade
 );
 
diff --git a/deployment/postgres-init-db/sql/ui/tables/extensions.sql b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
index fce6b5c9d4..8753df55c6 100644
--- a/deployment/postgres-init-db/sql/ui/tables/extensions.sql
+++ b/deployment/postgres-init-db/sql/ui/tables/extensions.sql
@@ -1,12 +1,12 @@
 create table extensions (
-  description text,
   id integer generated always as identity,
+  description text,
   label text not null,
   owner text,
   url text not null,
   updated_at timestamptz not null default now(),
 
-  constraint extension_primary_key primary key (id)
+  constraint extensions_primary_key primary key (id)
 );
 
 comment on table extensions is e''
@@ -22,7 +22,7 @@ comment on column extensions.url is e''
 comment on column extensions.updated_at is e''
   'The time the extension was last updated.';
 
-create or replace function extensions_set_updated_at()
+create function extensions_set_updated_at()
 returns trigger
 language plpgsql as $$begin
   new.updated_at = now();

From c54e4f90f7af489d4086bb7fa704c2d8bf8611a0 Mon Sep 17 00:00:00 2001
From: Cody Hansen <codyhansen92@gmail.com>
Date: Fri, 13 Oct 2023 12:48:34 -1000
Subject: [PATCH 5/5] Missed moving the extension_roles pk first

---
 deployment/hasura/migrations/AerieUI/2_extensions/up.sql      | 2 +-
 deployment/postgres-init-db/sql/ui/tables/extension_roles.sql | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
index 56c3f4a50a..70f0d16791 100644
--- a/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
+++ b/deployment/hasura/migrations/AerieUI/2_extensions/up.sql
@@ -35,8 +35,8 @@ create trigger extensions_set_timestamp
 execute function extensions_set_updated_at();
 
 create table extension_roles (
-  extension_id  integer not null,
   id integer generated always as identity,
+  extension_id  integer not null,
   role text not null,
 
   constraint extension_roles_primary_key primary key (id),
diff --git a/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql b/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
index 07b3495a87..dc6e4bd8d7 100644
--- a/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
+++ b/deployment/postgres-init-db/sql/ui/tables/extension_roles.sql
@@ -1,6 +1,6 @@
 create table extension_roles (
-  extension_id  integer not null,
   id integer generated always as identity,
+  extension_id  integer not null,
   role text not null,
 
   constraint extension_roles_primary_key primary key (id),