Configure Role-Based Permissions for Database Tables

[rvalenciano]

Issue Summary

Configure basic role-based permissions for all database tables by creating dedicated YAML files in the metadata directory, granting full access to both tenant and landlord roles. This simplifies our authorization approach by relying on Firebase JWT claims for role designation. Please check this previous PR, where we already added authentication to the users table. We need to do the same for the rest of the tables.

Type of Issue

• Feature Request
• Bug
• Security
• Documentation
• Other

Current Behavior

Tables currently lack defined permissions and dedicated metadata files. Our authorization system needs to be configured to work with the role information that will be provided by Firebase JWT claims.

Expected Behavior

Each table should have its own metadata file in the proper directory structure, allowing full access to both tenant and landlord roles, with roles being determined by Firebase JWT claims. This will create a foundation for our authorization system that we can later refine based on specific access requirements.

Implementation Steps

1. Create separate permission files for each table in the metadata directory:

For apartments table:

# metadata/databases/safetrust/tables/public_apartments.yaml
table:
  name: apartments
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For apartment_images table:

# metadata/databases/safetrust/tables/public_apartment_images.yaml
table:
  name: apartment_images
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For bid_requests table:

# metadata/databases/safetrust/tables/public_bid_requests.yaml
table:
  name: bid_requests
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For bid_status_histories table:

# metadata/databases/safetrust/tables/public_bid_status_histories.yaml
table:
  name: bid_status_histories
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For escrow_transactions table:

# metadata/databases/safetrust/tables/public_escrow_transactions.yaml
table:
  name: escrow_transactions
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For escrow_xdr_transactions table:

# metadata/databases/safetrust/tables/public_escrow_xdr_transactions.yaml
table:
  name: escrow_xdr_transactions
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For escrow_api_calls table:

# metadata/databases/safetrust/tables/public_escrow_api_calls.yaml
table:
  name: escrow_api_calls
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

For apartment_contracts table:

# metadata/databases/safetrust/tables/public_apartment_contracts.yaml
table:
  name: apartment_contracts
  schema: public
select_permissions:
  - role: tenant
    permission:
      columns: "*"
      filter: {}
  - role: landlord
    permission:
      columns: "*"
      filter: {}

2. Update JWT claims mapping:

HASURA_GRAPHQL_JWT_SECRET: {
  "type": "RS256",
  "jwk_url": "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",
  "claims_map": {
    "x-hasura-allowed-roles": {
      "path": "$.roles"
    },
    "x-hasura-default-role": {
      "path": "$.role"
    },
    "x-hasura-user-id": {
      "path": "$.user_id"
    }
  }
}

Environment Details

• Project Version: v1.0.0
• Hasura Version: v2.42.0
• PostgreSQL: 15-3.3

Supporting Information

Expected JWT Structure

{
  "user_id": "firebase-user-id",
  "role": "tenant",  // or "landlord"
  "roles": ["tenant"]  // or ["landlord"]
}

Tables Requiring Permission Updates

• apartments
• apartment_images
• bid_requests
• bid_status_histories
• escrow_transactions
• escrow_xdr_transactions
• escrow_api_calls
• apartment_contracts

Also you can reference this tutorial as a base.

[MrRoudyk]

Can I take this from here?

[godwinameh]

i am a software developer with experience. in both frontend and backend language with language like javaScript, nestjs ,etc .
i would love it if this task is assign to me thanks

[od-hunter]

Hi, please can I be assigned this please? This would be my first time contributing to this project and I would love to be the given the opportunity to solve this issue please. I have experience in html, css, JavaScript,TypeScript and solidity and cairo.

[Ekene001]

Hi, please can I handle this task? I’m a full-stack blockchain developer with over 3 years of experience working with Tailwind, React, TypeScript, next.js and Solidity/Rust.

[mimisavage]

Is it okay if I take this?

[aidenwong812]

Can I tackle this one?

[Supa-mega]

Could I take over this issue? first time contributor

[greatest0fallt1me]

Proposal to Address the Issue

Hello! I’m thrilled at the opportunity to work on this issue and am confident that I can provide a solution that not only addresses the requirements but also adds value to the project. My experience in blockchain development and StarkNet ecosystems equips me to deliver a robust and efficient implementation.

My Unique Edge

• Cairo Proficiency:
  Having worked extensively with Cairo, I excel at crafting gas-efficient, secure, and modular smart contracts, tailored for StarkNet’s scalability.

• End-to-End Development:
  My expertise bridges the gap between smart contract engineering and full-stack application development, ensuring seamless blockchain integration.

• Team Collaboration:
  I have a history of working closely with maintainers, adapting to project standards, and contributing to long-term maintainability.

Why This Matters to Me

I’m passionate about the innovative potential of StarkNet and the broader blockchain space. This issue aligns perfectly with my skills and interests, and I’m committed to delivering a solution that will enhance the project’s impact.

Immediate Action Plan

If assigned, I’ll initiate work immediately and aim to deliver the first draft within 36 hours. I’m flexible and open to feedback to ensure the solution aligns with project expectations.

Looking forward to your approval and the chance to contribute!

[ekumamatthew]

I'd love to give this a go.

[ooochoche]

Gm. I have read through the issue summary, and current behaviour and what is expected and it aligns with my expertise as a Full stack developer proficient in JS. I would appreciate the opportunity to work on this part of the project.

[Jemiiah]

Hello I would love to work on this issue. may I proceed!

[wengDavo]

I’d like to work on this.

[Nityam573]

Let me handle this issue!

[jaykayudo]

Can i work on this?

[Smartdevs17]

I’m an experienced backend developer interested in contributing to your project. I’d love to help with the database setup or other tasks.

[Elite-tch]

Can I work on this, please?

[GideonBature]

Is it okay if I take this?

I am a Software Engineer with Experience working on Database. If assigned this task, will send my first PR within 48 hrs. Thank you!

[blessingbytes]

I'm interested in resolving this task

[ekumamatthew]

I'd love to give this a go.

[coxmars]

I'm a software developer with 2+ years of experience and I have worked with backend technologies such as Cairo, Java, Rust and frontend with React, NextJS, JS/TS. Also, I'm a member of the Dojo Coding community here in CR and I have made contributions in Cairo VM Go, Cairo VM TS, Cairo Lints etc. Likewise, I’m a Cairo developer working in ByteBuildersLabs creating on-chain games using the Dojo framework.

This is my approach:

• I will create the required YAML permission files for all 8 tables following the provided templates and directory structure in metadata/databases/safetrust/tables/
• I will ensure proper JWT claims mapping configuration for Firebase authentication, validating both tenant and landlord roles
• I will test the permissions by:
  • Verifying select permissions work correctly for each role.
  • Testing with real Firebase JWT tokens.
  • Ensuring all tables are properly secured.

ET: 2 days aprox.