* Support skipToken in useFetchMetrics

* WIP

* Add user setting for verified metrics

* Add verified metrics to the VERIFIED_CONTENT plugin

* Use metric plugins for verified metrics

* Move helpers down

* Do not filter for verified metrics if there are none, regardless of user setting

* Add label to filter button

* Revalidate search when card gets (un-)verified

* Add e2e test for verified metrics

* Avoid checking for verified metrics on when content-verification is not enabled

* Fix broken test

* Simplify content verification plugin structure for metrics

* Add content moderation types and API helpers

* Update content moderation plugin to make use of the moderation api in metabase/api

* Fix lint

* Fix missing list tag

* Store verified metric filter preference

* Move all helpers to the bottom

* Ensure the user setting gets updated when chaning the filter

* Add comment about component similarity

* Undo changes to embedding-sdk

* create dashboard settings sidebar

* update e2e tests

fix

* only show settings to dashboard editors

* update copy

* update e2e test

* fix types

* update tests for new copy

* fix import

* size and padding fixes

* linkify and align stuff in question details

* reorganize and divide question overflow menu

* hide history for analytics content

* fix verification icon alignment

* whoopsie lets commit all the files

* fix css file name

* add license problem hook

* add warning banner

* style cue component

* update cue component

* report issue to console

* report issue to console

* use sdk loader for pre-initialization

* extract print problem method

* use non-standard shadows

* add unit tests

* prevent console log spam during tests

* mock the embedding token feature

* mock the embedding token feature by default

* add more test cases

* add test case

* add test cases

* increase popover z-index

* simplify test setup

* simplify test setup

* do not load individual component when a license error happens

* move SdkLicenseProblemDisplay component out

* replace colors with color-mix

* replace colors with color-mix

* make the text unthemed to ensure legibility

* hard-code colors to prevent them from being themed

* hard-code colors to prevent them from being themed

* update border styles

* make the chevron unthemed

* unset console text color

* only set stroke on errors

* optimistic query settings

* document the sdk license condition

* remove redundant condition

* add notes on api keys always being allowed on localhost

* move the no auth method message to warning component

* rename sdk license problem to usage problem

* add eslint rule for stories

* rename sdk license problem to usage problem

* move sdk usage problem display out of the init controller

* specify fallback font if instance is down or CORS error

* add comments on conditions pending on the CORS PR

* add notes on non-localhost checks

* make test ids constant

* add test case for neither provided

* fix types

* address code reviews

* pass `embedding-sdk` flag in `token-features`

* address code review

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* remove appName from console logs

* rename embedding-sdk to embedding_sdk

* add the embedding_sdk premium token feature

* do not setup enterprise plugin in sdk test

* do not localize visual cue messages

* fix unit test in setup-sdk-auth

* rename tests

* remove unused eslint-disable

* enable embedding_sdk premium feature for sdk unit tests

* revert security_test.clj to use embedding instead of embedding-sdk

* remove unneeded test

* changes to support the style leak fixes

---------

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* first iteration to scope sdk styles to our components

* basic css reset for buttons

* clean up duplicated css

* make sdk components use instance font if no font is passed

* cleanin up and remove defaultProps not needed

* fix tests

* adds EMBEDDING_SDK_PORTAL_CONTAINER_ELEMENT_ID

* Update enterprise/frontend/src/embedding-sdk/components/public/MetabaseProvider.tsx

* Update enterprise/frontend/src/embedding-sdk/components/public/MetabaseProvider.tsx

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* fix import

* prettier --write

* we don't need theme.fontFamily, added a comment

* rename EMBEDDING_SDK_PORTAL_CONTAINER_ELEMENT_ID to EMBEDDING_SDK_PORTAL_ROOT_ELEMENT_ID

* fix unit test

---------

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* Dashboard Info Sidebar

* e2e test updates

* add unit tests

* e2e test updates

* fix e2e tests

* fix more e2e tests

* update back behavior

* remove more metabse settings

* fix missing update for latest version check

* test updates

* fix setting selectors

* remove the unknown premium feature warning

* remove ee-plugins from sdk

* remove ee-overrides from sdk

* Move stale endpoint to /ee/stale/${collection-id}

It's an enterprise-only endpoint, so it makes sense to put the whole
thing under enterprise.

* refactors ui to use ee stale endpoint

lint fixes, change endpoint location

fix failure e2e test

* Fix endpoint location

---------

Co-authored-by: Sloan Sparger <sloansparger@gmail.com>

* Question Settings Sidesheet (#47699)

* fix(sdk) default font on not working

* fix initial state for the sdk

Co-authored-by: Bryan Maass <bryan.maass@gmail.com>
Co-authored-by: Nicolò Pretto <info@npretto.com>

* ask for tenancy isolation columns

* deny all permissions for all users group

* create new collections

* add jwt group mappings

* add the permissions step

* add multi-tenancy message in helper text format

* add permission graph

* wire together permissions

* use schema permissions

* use fields from table metadata from query_metadata

* add tenancy field reference

* remove log messages

* deny access to unsandboxed tables

* make permission graph more explicit

* deny access to sample database for customer groups

* add unit test for permission graph

* split permission groups and sandboxes

* jwt settings and hard-coded user attributes

* handle errors when updating sso mappings

* add express api and user switcher

* only fallback to api keys when license is invalid

* add util to sample tenancy column values

* conditional BASE_SSO_API imports

* improve embedding error message

* setup jwt configuration after license step

* setup permissions at the last step

* add missing import

* update steps that requires license

* fix incorrect imports

* add missing useContext

* handle permission update error

* remove tenancyIsolationEnabled field

* add tenancy column sampling

* differentiate tenancy column query error

* rename tenancyColumnValues to tenantIds

* assign sampled tenant ids to user attributes

* add tenant ids

* define collection permissions

* reference sandboxing group by name

* update snippet to be same as the README

* extract ask for tenancy columns to a separate step

* use the customer_id attribute

* query the table query metadata at origin

* append tables correctly

* improve error handling in table scanning

* add retry logic to metadata fetching

* only query metadata for selected fields

* fix race condition with retry

* update loading state and retries

* update comments on jwt license

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* filter the target table by id

* highlight last selected tenant column

* use breakout to get list of ids

* temporary workaround to reload the whole page

* update row value types

* update row value types

* ask if they want to setup a pro license

* post-installation improvements for cli

* block non-selected tables

* remove the source-field from sandboxing

* use the fk_target_field_id as instead of target.id

* update unit test

* add learn more message

* install mock server dependencies

* fix post-setup step formatting

* fix text wrapping

* skip tenancy columns and permissions if token is not provided

* only show the server dir step when license is enabled

* skip permission setup if there is no tenancy column

* remove source-field as we only reference our own column

* add runIf flag to skip steps

* remove the gitignore mention as this is automatic

* configure permission if there are some tenancy columns

* make native permission types more strict

* add notice about setting up local mb instance

* support multiple tenancy columns

* map the tenancy column name as the user attribute

* add component import guide

* fix deprecated punycode in node-fetch

* warn on unsampled tables

* show helper text on tenancy columns

* allow sampling repeated tenant

* add instruction to change directory into mock server

* align the learn more message

---------

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>
Co-authored-by: Oisin Coveney <oisin@metabase.com>

* add useDocsUrl hook and update lint rule

* remove all uses of MetabaseSettings.docsUrl

* update tests

* revert non-docsurl change

* [notification] New method: `channel/can-connect?` (#44955)

* [notification] Channel APIs (#45207)

* [notification] namespaced channel type (#45527)

* [Notification] Render alert for http channel (#45545)

* [notification] Add channel description (#45840)

* [notification] update API to enable http channels for alert (#45839)

* [Notification] Remove channel details for users without write perms (#46034)

* [Notification] Serdes channel (#46031)

* [Notification] Update http details schema (#45960)

* [Notification] Deactivate channels will delete PulseChannel (#46115)

* [Notification] audit log for channel create and update (#46113)

* [Notification] Disallow undefined key for http channel details (#46712)

* [Notification] Handle channel name conflicts (#46818)

* Webhooks Admin Section (#46194)

* [notification] Fix test pulse endpoint does not work properly for http channels (#46474) (#47050)

* [Notification] Fix unable to update multiple channels per type (#47111)

* [Notification] Record Task History when pulse sends channel message (#46218)

* Enabling Webhook Alerts (#47022)

* [Notification] fix cyclic deps (#47379)

* [notification] channel serdes spec (#47386)

Co-authored-by: Nick Fitzpatrick <nick@metabase.com>

* Query Validator FE

* collection path, unit tests

* wrapping feature with token flag

* updating util function, adding row type

* updating session_test.clj

* type adjustment

* fixing other table sorting

* Empty state, clean up utils

* unit test adjustment

* e2e adjustment

== Goal ==

Hide attached DWH database details from anyone incl. admins:
* Do not show them in the UI
* Do not permit to change them
* Do not serialize them

The aim is that customers cannot gain access to (parts of) credentials,
and they cannot break a feature they are paying for by changing
connection details.

== Implementation ==

The Metabase backend already contains provisions in the implementation
of `metabase.models.interface/to-json` for `:model/Database` to hide the
`details` of the database in HTTP responses, if the user lacks write
permission on the database.  We utilize this by adding an
`is_attached_dwh` column to the `database` table and rejecting
`metabase.models.interface/can-write?` when this flag is enabled.  In
the "admin" UI, we show a replacement text instead of the edit form when
the flag is set.  (It might be correct to show this whenever `details`
is absent.  See below for possible follow-up work.)

However, several sections of the frontend code expected the `details`
field to always be present.  In order to make `details` optional, as the
backend seems to handle it, we fix the respective code to treat this
case in the way that appears appropriate in the context.

Database details are already generally excluded from H2 dump snapshots
(see `metabase.cmd.copy/*copy-h2-database-details*`), thus nothing
changes there.

== How to test ==

=== New behaviour ===

Setting the `is_attached_dwh` field hides the database details:

1. Configure a database as described in https://www.metabase.com/docs/latest/configuring-metabase/config-file#databases.
   - In addition to the fields you would normally set, also set
     `is_attached_dwh: true`.
   - This also works when adding this flag to a database that previously
     did not have this flag set.
2. Start your Metabase instance.
3. Verify the database shows up in the "admin" section
   (`/admin/databases`).
4. Verify that clicking the database to see its details only reveals
   "This database cannot be modified."
5. Verify that responses from the backend do not include a `details`
   field for this database.

=== Original behaviour ===

Behaviour without setting the `is_attached_dwh` field is unchanged:

1. Configure a database as described in https://www.metabase.com/docs/latest/configuring-metabase/config-file#databases.
   - Only set the fields you would normally set.  Do not set
     `is_attached_dwh` (or set it to `false`).
2. Start your Metabase instance.
3. Verify the database shows up in the "admin" section
   (`/admin/databases`).
4. Verify that clicking the database to see its details only reveal the
   regular edit form, showing connection fields like `host`, `user`,
   etc. with the values you configured.

== How this will be rolled out ==

1. Upgrade existing Metabase Cloud instances with data warehouse to a
   Metabase version that supports `is_attached_dwh`.
2. Set `is_attached_dwh` in the database section of the config file for
   Metabase Cloud instances with a data warehouse.

== Possible follow-up work ==

In https://github.com/metabase/metabase/issues/25715, absent
`database.details` was identified as a bug.  Since then, `details` was
made `NOT NULL` in the application database, so this bug can no longer
occur.  However, today backend responses can be missing the `details`
field, if the current user lacks write permission to the database
setting (see above).  Fully re-evaluating the fix to #25715 in this
context is outside the scope of this PR.

Closes: https://github.com/metabase/harbormaster/issues/5051

* ask for tenancy isolation columns

* deny all permissions for all users group

* create new collections

* add jwt group mappings

* add the permissions step

* add multi-tenancy message in helper text format

* add permission graph

* wire together permissions

* use schema permissions

* use fields from table metadata from query_metadata

* add tenancy field reference

* remove log messages

* deny access to unsandboxed tables

* make permission graph more explicit

* deny access to sample database for customer groups

* add unit test for permission graph

* split permission groups and sandboxes

* jwt settings and hard-coded user attributes

* handle errors when updating sso mappings

* add express api and user switcher

* only fallback to api keys when license is invalid

* add util to sample tenancy column values

* conditional BASE_SSO_API imports

* improve embedding error message

* setup jwt configuration after license step

* setup permissions at the last step

* add missing import

* update steps that requires license

* fix incorrect imports

* add missing useContext

* handle permission update error

* remove tenancyIsolationEnabled field

* add tenancy column sampling

* differentiate tenancy column query error

* rename tenancyColumnValues to tenantIds

* assign sampled tenant ids to user attributes

* add tenant ids

* define collection permissions

* reference sandboxing group by name

* update snippet to be same as the README

* extract ask for tenancy columns to a separate step

* use the customer_id attribute

* query the table query metadata at origin

* append tables correctly

* improve error handling in table scanning

* add retry logic to metadata fetching

* only query metadata for selected fields

* fix race condition with retry

* update loading state and retries

* update comments on jwt license

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* filter the target table by id

* highlight last selected tenant column

* use breakout to get list of ids

* temporary workaround to reload the whole page

* update row value types

* update row value types

* block non-selected tables

* remove the source-field from sandboxing

* use the fk_target_field_id as instead of target.id

* update unit test

* remove source-field as we only reference our own column

* make native permission types more strict

---------

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>
Co-authored-by: Oisin Coveney <oisin@metabase.com>

* ask for tenancy isolation columns

* deny all permissions for all users group

* create new collections

* add jwt group mappings

* add the permissions step

* add multi-tenancy message in helper text format

* add permission graph

* wire together permissions

* use schema permissions

* use fields from table metadata from query_metadata

* add tenancy field reference

* remove log messages

* deny access to unsandboxed tables

* make permission graph more explicit

* deny access to sample database for customer groups

* add unit test for permission graph

* split permission groups and sandboxes

* jwt settings and hard-coded user attributes

* handle errors when updating sso mappings

* add util to sample tenancy column values

* improve embedding error message

* setup jwt configuration after license step

* setup permissions at the last step

* handle permission update error

* add tenancy column sampling

* differentiate tenancy column query error

* rename tenancyColumnValues to tenantIds

* define collection permissions

* reference sandboxing group by name

* extract ask for tenancy columns to a separate step

* query the table query metadata at origin

* append tables correctly

* improve error handling in table scanning

* add retry logic to metadata fetching

* only query metadata for selected fields

* fix race condition with retry

* update loading state and retries

* filter the target table by id

* highlight last selected tenant column

* use breakout to get list of ids

* update row value types

* block non-selected tables

* remove the source-field from sandboxing

* use the fk_target_field_id as instead of target.id

* update unit test

* remove source-field as we only reference our own column

* make native permission types more strict

---------

Co-authored-by: Oisin Coveney <oisin@metabase.com>

fix(questions + admin/performance): Improve Clear cache button text and question refresh button tooltip (#46791)

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

feat(admin/performance): In Admin / Performance, add a tab where you can manage the caching policies of dashboards and questions (#42990)

Closes #42567

* move default modal padding to general modal component

* small adjustments. Using base modal where apropriate

* shame

* Add subfolders in querying

* Add subfolders in querying

* Add subfolders in querying

* Remove FilterContent

* Remove FilterContent

* Remove FilterContent

* Remove FilterContent

* Remove FilterContent

* Update interactive embedding CTA UTM tags

* Make the UTM tags more readable

* Update static embed doc UTM tags

* Update static embed appearance customization doc UTM tags

* Update font upsell UTM tags

* Update tests

* Fix wrong upgrade URL

* Update tests

* only use viz height for visualization view

* move the default viz height fallback

* default to full-height if height is zero or unavailable

* remove test wrapper

* extending table component features

* adding unit tests

* PR Feedback

* PR Feedback

* unit test adjustment