feat(hasura): add role-based select_permissions for escrows and apartments

[Shadow-MMN]

Adds select_permissions for tenant and landlord roles on apartments and escrows tables in the Hasura metadata.

Apartments

• Tenant — sees all available, non-deleted listings (browse flow).
• Landlord — sees own listings including soft-deleted ones.

Escrows

• Tenant — sees escrows where their wallet matches sender_address.
• Landlord — sees escrows where their wallet matches receiver_address
  OR they own the apartment via apartment_id → owner_id.

Uses _exists._table to correlate wallet addresses through user_wallets without requiring a foreign key relationship.

Blocked by — replacement of x-hasura-admin-secret with JWT role claims in apps/frontend/src/config/apollo.ts (Batch N).

Closes #198

Summary by CodeRabbit

• New Features
  • Implemented role-based data access controls for apartments and escrow records, enabling tenant and landlord users to view only relevant data based on their relationship to the properties and transactions.

[coderabbitai]

Warning

Review limit reached

@Shadow-MMN, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 53 minutes and 59 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c8d8a666-a1b3-47d4-9609-8774202dddc4

📥 Commits

Reviewing files that changed from the base of the PR and between abbcf58 and 80542a7.

📒 Files selected for processing (1)

• infra/hasura/metadata/tenants/safetrust/databases/tables/public_escrows.yaml

📝 Walkthrough

Walkthrough

Two Hasura metadata YAML files gain select_permissions blocks. public_apartments.yaml adds rules for tenant (non-deleted, available rows) and landlord (owner-only rows). public_escrows.yaml adds rules for tenant (sender wallet match) and landlord (receiver wallet or apartment ownership match), each with explicit column allowlists.

Changes

Role-based select permissions for apartments and escrows

Layer / File(s)	Summary
Apartments select_permissions (tenant and landlord) infra/hasura/metadata/tenants/safetrust/databases/tables/public_apartments.yaml	tenant role permits rows where deleted_at is null and is_available is true; landlord role permits rows where owner_id equals X-Hasura-User-Id. Both roles share the same column allowlist.
Escrows select_permissions (tenant and landlord) infra/hasura/metadata/tenants/safetrust/databases/tables/public_escrows.yaml	tenant role filters via _exists on user_wallets matching sender_address to X-Hasura-User-Id; landlord role filters via _exists on user_wallets matching receiver_address or apartments.owner_id matching X-Hasura-User-Id. Both roles have explicit column allowlists.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• #198 (feat(hasura): design role-based select_permissions for escrows and apartments tables): This PR directly implements the tenant and landlord select_permissions for public.apartments and public.escrows specified in that issue, resolving all three open product questions about visibility rules.

Possibly related PRs

• safetrustcr/dApp-SafeTrust#196: Established the apartments.owner and escrows.apartment object relationships in the same Hasura metadata files that this PR now layers select_permissions onto.

Suggested reviewers

• sotoJ24

Poem

🐇 Hoppity-hop through the metadata maze,
Two tables now guarded through role-based haze.
Tenants see listings that shine and are free,
Landlords see only the homes that they own with glee.
Escrows now filtered by wallet and deed —
The rabbit secured every query you need! 🏠✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding role-based select_permissions for the escrows and apartments tables in Hasura.
Linked Issues check	✅ Passed	The PR fully addresses the coding requirements from issue #198: implementing select_permissions for both apartments and escrows tables with tenant and landlord roles, including all specified row filters and column allowlists.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to implementing role-based select_permissions for the apartments and escrows tables as specified in issue #198; no unrelated changes are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@infra/hasura/metadata/tenants/safetrust/databases/tables/public_escrows.yaml`:
- Around line 8-71: In the public_escrows.yaml file, the select_permissions for
both tenant and landlord roles are using incorrect Hasura v2 syntax for
column-to-column comparisons within _exists filters. Replace the _eq operators
with _ceq (column equal) operator and use the ["$", "column_name"] syntax for
root table column references. Specifically: in the tenant role's user_wallets
_exists filter, change wallet_address _eq sender_address to wallet_address _ceq
["$", "sender_address"]; in the landlord role's first user_wallets _exists
filter, change wallet_address _eq receiver_address to wallet_address _ceq ["$",
"receiver_address"]; and in the landlord role's apartments _exists filter,
change id _eq apartment_id to id _ceq ["$", "apartment_id"]. Keep the _eq
operators for X-Hasura-User-Id comparisons unchanged as those are variable
comparisons, not column comparisons.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 31762400-fd62-43b3-a8c9-a19c79d402fa

📥 Commits

Reviewing files that changed from the base of the PR and between 63e1e68 and abbcf58.

📒 Files selected for processing (2)

• infra/hasura/metadata/tenants/safetrust/databases/tables/public_apartments.yaml
• infra/hasura/metadata/tenants/safetrust/databases/tables/public_escrows.yaml

[sotoJ24]

Well done @Shadow-MMN