* Delay substituting persisted native query until after analysis

We were substituting persisted queries into the query at too early a
stage.

Card 729 is a persisted model of `select * from categories`

```clojure
{:type :query,
 :query {:source-table "card__729",
         :expressions {:adjective ["case"
                                   [[[">" ["field" 100 nil] 30]
                                     "expensive"]
                                    [[">" ["field" 100 nil] 20]
                                     "not too bad"]]
                                   {:default "its ok"}]},
         :aggregation [["count"]],
         :breakout [["expression" "adjective" nil]
                    ["field" 101 nil]]},
 :database 3,
 :parameters []}
```

This would immediately get turned into an equivalent

```clojure
{:type :query,
 :query {:source-table 12
         :persisted-info/native "select \"id\", \"ean\", \"title\", \"category\", \"vendor\", \"price\", \"rating\", \"created_at\" from \"metabase_cache_424a9_3\".\"model_729_products_r\""
         :expressions {:adjective ["case"
                                   [[[">" ["field" 100 nil] 30]
                                     "expensive"]
                                    [[">" ["field" 100 nil] 20]
                                     "not too bad"]]
                                   {:default "its ok"}]},
         :aggregation [["count"]],
         :breakout [["expression" "adjective" nil]
                    ["field" 101 nil]]},
 :database 3,
 :parameters []}
```

And the obvious failure here is the use of `[:field 100 nil]` (price)
against an inner query of `select ... price ... from cache_table`. This
could break many queries and caused a flood of

```
WARN middleware.fix-bad-references :: Bad :field clause [:field 100 #:metabase.query-processor.util.add-alias-info{:source-table :metabase.query-processor.util.add-alias-info/source, :source-alias "price"}] for field "products.price" at [:expressions "adjective" :case :>]: clause should have a :join-alias. Unable to infer an appropriate join. Query may not work as expected.
WARN middleware.fix-bad-references :: Bad :field clause [:field 100 #:metabase.query-processor.util.add-alias-info{:source-table :metabase.query-processor.util.add-alias-info/source, :source-alias "price"}] for field "products.price" at [:expressions "adjective" :case :>]: clause should have a :join-alias. Unable to infer an appropriate join. Query may not work as expected.
```

* forgot to commit new test file

* Handle persisted before native

* Add test for native models

- have to populate the metadata. You can do this by running the query,
but there are some requirements around the `:info` object to actually
save it. So just take the more mechanical route
- `wait-for-result` returns a time out value, but it's namespaced
autoresolved to a namespace inside of the metabase.test forest and not
mt itself. So easy to mess up and watch for the wrong keyword. Want an
arity so i can check my own timeout value and throw a helpful error
message. I checked around and noone seems to care. So not great, but at
least people aren't checking `::mt/timed-out` when it should be
`::tu.async/timed-out` or
`:metabase.test.util.async/timed-out`. Possibly best scenario is we
remove the autoresolved bit and have it return `:async/timed-out` or
something stable.

* properly compile the native query

* bump timeout to set redshift metadata

Cleans/fixes serdes v2 export :collections handling in cmd and API

* add tests for sandbox user apis

Adds basic logging to v2 export/import, resolves #26859

* Mark `hx/` and `h1x/` namespaces and their vars as deprecated

* Fix snowflake failures

* Remove unneeded honey-sql-version bindings

* Snowflake Honey SQL 2

* Test fix 

* Use Honey SQL 2 for GTAP compilation in sandboxing tests

* Test fix 

* Fix linter

* Make sure we're inlining num in substitution and sum aggregations

* Set hsql version

* Fixing tests

* Fixing tests after the h2 conversion

* Use h2x/extract in h2, fix test differences

* Fixing tests for honeysql2

* Only numbers get inlined

* More test fixes

* Fixing tests

* Undo bad commit

* Inline Ratio must produce doubles or h2 will do integer division where 1/2 = 0

* Fix bad case statement

* We can't run native queries with AS for oracle

---------

Co-authored-by: Cam Saul <github@camsaul.com>
Co-authored-by: Cam Saul <1455846+camsaul@users.noreply.github.com>

* Fix action loading and extraction of action type

* Remove comment

* add dashcard testing mocks

* improve virtual card overlays

* update types

* add search entity types

* add metabase entity support to link cards

* simplify link displays

* update types and support collections and tables

* use edit button to replace entity

* test entity links

* fix rebase

* update types

* address review comments

* handle restricted link entities

* Hydrate link cards info (#28297)

* hydrate link cards info

* we need to hydrate collections too

* Address Cal's comments:
- model use keywrod -> string
- use model hydration
- comments here and there

* Link cards serdes (#28321)

---------

Co-authored-by: Ngoc Khuat <qn.khuat@gmail.com>

* Removes :presto driver and tests
* Merges :presto-common into :presto-jdbc
* Adds migration to update presto databases to presto-jdbc

---------

Co-authored-by: Cam Saul <github@camsaul.com>

Co-authored-by: Noah Moss <noahbmoss@gmail.com>

* Add public_uuid and made_public_by_id to actions table & endpoints to enable/disable the public sharing on individual actions (#27721)

* Add migration for public_uuid (indexed) and made_public_by_id

* Add UUIDString schema

* Add endpoints for enabling/disabling sharing of actions

* Test that the new fields are returned with `GET /api/action/:id`

* Remove validCheckSum on migration

* Remove trailing whitespace

* Fix DELETE test

* Fix tests

* Please migration linter

* Update the default public_uuid every test run

* Please migration linter

* Add FK onDelete cascade

* Replace ü

* Add GET endpoint and post-select for action

* Revert "Add GET endpoint and post-select for action"

This reverts commit 8cc8b57d6034146dd726b54bc4199830ec1fda21.

* Fix merge

* Reorder migrations

* Update test for GET `api/action?model-id=<id>` endpoint to include public sharing keys (#27802)

* Add GET: /api/public/action/:uuid endpoint (#27781)

* Add test

* Remove non-public columns and check for 404

* Fix docstring

* Rename for clarity

* Fix missing ns

* Remove unneccessary keys from action

* Update test

* Remove unused refer

* Reorder migrations

* Use mt

* Add require and refactor

* Use mt

* Add endpoint for executing a public action (#27793)

* Add endpoint and test

* Add more tests and TODOs

* Use mt

* Reorder migrations

* Remove unused require

* Rate limit actions at 1 per second

* Fix the tests for the throttle

* Refactor tests

* Fix test

* Fix docstring

* Add test for failed execution if actions are disabled

* Use crowberto in tests

* Fix using crowberto in tests

* Fix cyclic load dependency

* Add GET api/action/public endpoint

* Use defendpoint

* Add action-api-test

* Add model_id to GET action/public response

* Update GET api/action/public test for model_id

* Add actions to public sharing admin settings (#27675)

* Add actions to public sharing admin settings

* Add public action in public sharing admin settings tests

---------

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

[Fixes #28298]

* Support Honey SQL 2 for SQL QP

* Sort namespace

* Make Postgres/Redshift be Honey SQL 2-only

* Test fix 

* Fix busted

* Redshift test fixes 

* Sort namespaces

* Fix Postgres convert_timezone

* Fix linter config.

* Fix one last test failure

* Redshift test fix

* Test fixes and some extra validation etc.

* Update common.clj

* Update common.clj

* Update common.clj

* Create select-action

* Rename to select-actions

* Remove comments

* Remove unnecessary ()

* Missed one

* Fix GET /action/:uuid

* Use new fns more

* Fix

* Remove select-action-without-implicit-params, we don't need it

* Enable Kondo `:warn-on-reflection` linter

* Enable warnings for metabase.api.setting-test

* Add warn-on-reflection to metabase.util.jvm

Make sure we're using a user's full list of permission groups when determining whether a sandbox should be enforced (#28198)

* make sure we're using the full group list when checking whether a sandbox should be enforced

* add simple test that would have caught this bug

This has the same interface as `clojure.tools.logging` but supports CLJS
as well. It was formerly known as `metabase.shared.util.log`.

* Whitespace

* Add Action to entities list

* Add entity_id column migration

* Correct migration ids

* Add entity-id property to action model

* Extract and serdes-dependencies for action

* storage for Action

* ingest for Action

* Generate for Action

* load for Action

* Remove comment

* Add entity_id to action submodels

* Add submodels to copy entities

* Add submodels to exported-models

* Add submodels to legal-top-level-paths

* Slufigy extracted label for action

* Extract for QueryAction

* Generate query_action

* Fix query_action extract test

* Add action subtype extract tests

* Update Action-subtype-IModel-impl docstring

* Generate ImplicitAction and HTTPAction

* Export and Import action_id FK with dashcards

* Generate nano-id

* Add load tests to e2e test

* Nest subtypes directories in actions

* Remove prn

* Add docstring

* Fix copy

* Add select-action fn

* Change extract tests to only extract Action model

* Update action/select-one tests

* Update legal-top-level-paths

* Rename select-action -> select-one

* Implement extract-one for Action only, not subtypes

* Move subtype models from exported to inlined

* Remove entity_id from subtypes

* Reuse type->model

* Ingest Action with inlined subtype info

* Fix serdes-dependencies for Action

* Add action to serdes-descendants for Dashboard

* Add docstring to action update!

* Reuse update! for PUT API

* Add missing ns

* Remove serdes-generate-path impl

* Tidy

* Sort ns

* Restore add-entity-id

* Update entity_id_test

* Undo refactor

* Include id in action arg for update!

* Delete action, with delete cascading to the subtype

* Fix clj-kondo warning

* Fix returning nil Action in dashboard serdes-descendants

* Braden's suggestions

* rework sandbox enforcement to use sandboxes table as source of truth

* remove test that no longer reflects expected behavior

* cleanup & refactor

* clarify docstring

* update segmented-user? to use new helper functions

* fix tests

* address comments

* Invalidate sandbox FieldValues cache on question change

See #25411 for context.

* Increase precision of report_card.updated_at to a microsecond

This is so that the test doesn't have to wait a second to get a modified timestamp.
It's also more consistent with other timestamp columns.

* Add back test cases for :linked-filter

insert next-gen permission paths alongside currently active permission paths + classification (#27911)

* implement move, which returns v2 paths

- TODO: insert these into the db

(move v1-path) => [v2 paths]

* cleanup + add some schemas

* generative tests 4 permission path classification

* whitespace lint

* detect data, query, and paths for v2

* calling move on v2 paths is a no-op

* differentiate between v1 and v2 permissions

quickchecking for move, classify-path, and classify-data-path

* fix tests + add idempotency test

* add tests for classification of permission paths

- rename move to ->v2-path
- move some fxns around
- ascii art in test

* making the legos line up

- need to insert both v1 and v2 versions of paths (of course)
- valid-path? has to allow v2 paths to be inserted

* replace mu/with-api-error-message

* linter + code quality fixes

* privatize rx->kind

* remove some changes that should be 4 anotherbranch

* revert ns

* delete v2 permissions in

- they aren't handled by the perm graph parser, so they don't get propagated into "old graph", so the diff between old and new indicates that they need to be rewritten.

* only delete v2 paths for the current group_id

- reorder declarations in models.permissions

* remove extra line break

* Update src/metabase/models/permissions.clj

fix typo

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

---------

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

Added bans for print and friends. Fixed issues in kondo config where a macroexpansion put in a print by replacing with (constantly nil) as a no-op.

* Switch Audit App to Honey SQL 2

* Compile using Honey SQL 2

* Mark some more tests as ^:parallel

* Remove unused namespace

* Backport sql.qp/current-datetime-honeysql-form :mysql Honey SQL 2 support

* Add `hx/call` and `hx/raw`

* Update enterprise/backend/src/metabase_enterprise/audit_app/pages/common.clj

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

* `#schema` => `#hawk/schema`

* Mark `metabase.async.streaming-response-test` as `^:mb/once`

---------

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

* initial migrations

* autofill permission_id when adding new sandbox

* use new table name in backend code

* add test for migration

* fix migration lint errors

* WIP fix tests

* small cleanup

* use CONCAT to fix migration on mysql

* break out fk constraint into a separate migration

* address feedback