feat(hasura): add role-based select_permissions for escrows and apart…

[Bosun-Josh121]

Summary

Closes #199

Adds select_permissions for tenant and landlord roles on public.escrows and public.apartments, following the patterns established in public_users.yaml and public_user_wallets.yaml.

Decisions on open product questions

Question	Decision
Can a tenant see all available apartments, or only those with an active bid/escrow?	All available listings, is_available = true AND deleted_at IS NULL
Does a landlord see escrows via apartment.owner_id or receiver_address?	Via apartment.owner_id relationship , works with existing X-Hasura-User-Id session variable, no new JWT claim needed
How are soft-deleted apartments exposed per role?	Tenants: completely hidden (filter + deleted_at excluded from column list). Landlords: visible in their own history (deleted_at included in columns, no filter on it)

Permission summary

public.apartments

Role	Filter	deleted_at visible?
tenant	is_available = true AND deleted_at IS NULL	No
landlord	owner_id = X-Hasura-User-Id	Yes (history)

public.escrows

Role	Filter	unsigned_xdr visible?
tenant	sender_address = X-Hasura-User-Wallet	Yes (needed to sign the transaction)
landlord	apartment.owner_id = X-Hasura-User-Id	No (tenant's signing artifact only)

Summary by CodeRabbit

• Chores
  • Refined access controls for escrow records to adjust data field visibility based on user role permissions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3673f086-d3b3-4f0d-9d3d-402e99709236

📥 Commits

Reviewing files that changed from the base of the PR and between be8852b and c046f1c.

📒 Files selected for processing (1)

• infra/hasura/metadata/tenants/safetrust/databases/tables/public_escrows.yaml

---

📝 Walkthrough

Walkthrough

Removes unsigned_xdr from the landlord role's select_permissions column allowlist in the Hasura metadata for public.escrows. The tenant role's permissions, which include unsigned_xdr, are unchanged.

Changes

Landlord column allowlist update for escrows

Layer / File(s)	Summary
Drop unsigned_xdr from landlord escrow select_permissions infra/hasura/metadata/tenants/safetrust/databases/tables/public_escrows.yaml	Removes unsigned_xdr from the landlord role's column allowlist so created_at now directly follows status; tenant access to unsigned_xdr is unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related issues

• feat(hasura): design role-based select_permissions for escrows and apartments tables #199: This PR implements part of the role-based select_permissions design for the public.escrows table called for in that issue, specifically scoping unsigned_xdr away from the landlord role.
• feat(hasura): design role-based select_permissions for escrows and apartments tables #198: Directly addresses the adjustment of the landlord column allowlist for public.escrows by removing unsigned_xdr.

Possibly related PRs

• safetrustcr/dApp-SafeTrust#206: Directly related — this PR removes unsigned_xdr from the landlord allowlist, building on the initial tenant/landlord select_permissions introduced for public.escrows in that PR.

Suggested reviewers

• sotoJ24

Poem

🐇 A column snipped, a secret kept,
The landlord's list has lost a step.
unsigned_xdr? Not for thee!
That field belongs to tenants, see.
One line removed, the rules are clear —
The rabbit hops with metadata cheer! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title is partially related to the changeset - it mentions implementing role-based permissions for escrows and apartments, which is the main objective, but the visible change only removes unsigned_xdr from landlord permissions rather than adding comprehensive permissions.
Linked Issues check	✅ Passed	The PR addresses the requirements from issue #199 by implementing role-based select_permissions for escrows and apartments tables with appropriate column visibility per role, resolving the three open product questions.
Out of Scope Changes check	✅ Passed	The change to remove unsigned_xdr from landlord permissions is directly in scope with PR objectives to prevent landlords from accessing tenant signing artifacts while maintaining tenant access for transaction signing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[sotoJ24]

Well done

[sotoJ24]

Dear @Bosun-Josh121, please update you're current branch to merge it

[Bosun-Josh121]

@sotoJ24 you merged a PR addressing the same issue

[sotoJ24]

@sotoJ24 you merged a PR addressing the same issue

The issue still open #199

[sotoJ24]

Dear @Bosun-Josh121, I made some merge, sorry, could you update you're branch again please, everything else it's amazing, well done, good job