Added new endpoint "/db/:id/new-table".

This work removes a spec and a p.schema for data graph permissions.

There are still some specs but they are for execution, and collection graph permissions. Those should be targeted next.

* decoded + verified FIXME

* still good

* some cleanup

* a little more cleaning up

* bit more cleaning

* converted update-group-permissions! -> mu/defn

* use the correct shape for new-group-perms

* remove bunch of pschemas

* linter appeasement

* update test for setting dissallowed schema

* respond to review comments

* fix some tests + improve mu/defn error messages

* a lint fix

* lint fix

* read and query are optional

* update expected error message to the improved one

* stop calling trs at the top level

* fix function signature

* improve test

* handle nil directly <-> u/pprint-to-str ignores it

* quick refactor

* pprint-to-str handles `nil`, by returning "nil"

* trim schema and value in malli.io url params

* Switch to Toucan 2 part 1

* Fix Kondo errors

* Switch to Toucan 2, part 2

* Fix Kondo errors

* Bump clj-kondo to 2022.12.10

[Fixes #27512]

* Use Kondo's :config-in-call instead of grosser hacks

* Switch to Toucan 2 part 1

* Fix Kondo errors

clarify that delete a database will also delete any questions/models/segments/metric that use the database in doc (#27707)

* fix throwing exceptions in handle-paging mw

* API for getting database usage

* use defmulti

* handle cases when database has no tables and add docstring

* sacrifice powerness in the light of beauty

* FieldValues skipping but not updating last used at

Related to #26863

When fieldvalues synching was being skipped, the
`get-or-create-full-field-values!` call was erroneously forgetting to
update the `last_used_at` time; the time was only being updated if new
field values came in since the last sync.

* Add test for inactive field values

* Only update last_used_at when there's an existing fieldvalues

* Fixed regex for latitude name type matching

* Grouping regexes by lon/lat

* updates + updates tests

- use titles for everything
- repeat "sounds" right
- biding time to remerge upstream

* Update src/metabase/util/malli/describe.clj

* pluralize times ouhgt to be private

* keep error messages in tests in sync 

* linter newline

* restore aliases before annotating

* cleanup

* fix tests

* Don't add escaped->original if aliases have not changed

No need to walk and replace the aliases if they are identical. And in
that case, no need to keep a mapping of identical to identical. Not
super important but saves some time and complexity, and keeps other
tests passing since the presence of [:info :alias/escaped->original] in
the query caused them to trivially fail.

* oracle has a smaller limit and _expected_ mangled

previous testing behavior was "what happened" and not what should
happen. we fixed the bug but the "expect garbage" behavior was still
present

* Relax :alias/escaped->original schema

oracle tests use keywords for the alias

```clojure
{:alias/escaped->original
 {:test-data-venues--via-a763718f "test_data_venues__via__venue_id",
  :test-data-users--via--user-id "test_data_users__via__user_id"}}}
```

No idea why that is keyworded

* relax `:alias/escaped->original` schema

see previous commit

* - ensure errors are strings + provide strucrual hints

Instead of just overwriting the (string) erorr messages, swap in the
malli string description at [:errors :<field-name>] key. Adds humanized
error (which highlights which parts of req were not sufficient) under
the :specific-errors key.

* fix tests + note about auto-cohersion

* Switch to Honey SQL 2 for some application DB things

* Fix Chain Filter query

* More fixes

* Test fixes :wrench

* Fix Kondo lint errors

* Test fixes 

* Test and formatting fixes for MySQL

* Fix new code using `db/query`

* Fix circular references

* Switch to Honey SQL 2, Part 1

* Test fix

* Revert deletion of ratios-test

* Fix Kondo error

* Fix stack overflow

* Update code to use new names for schemas

* move malli schema from metabase.util.schema to a new ns metabase.util.malli.schema

* revert name changes for plumatic schema. e.g: NonBlankStringPlumatic -> NonBlankString

* add clj-kondo rule to enforce consistent alias for metabase.util.malli.schema

* Warn when cards used for filtering are archived

* filter-values -> dropdown-widget-values

* Better string concatenation

* dropdown_widget_values_usage_count -> parameter_usage_count

* Add end-to-end test

* add default values keys for dashboard.parmaeters

* fix tests and add tests

* Switch to Honey SQL 2, Part 1

* Test fix

* Fix Kondo error

* Do not let API users archive the last superuser

[Fixes #26759]

* DRY up admin-archiving check

* Fix is_superuser bug in with-single-admin-user

* Get count of values correctly on H2

We were explicitly keeping ParameterCards and dashboard.parameters in
sync, but that's not necessary

* fix api/database/<id>/fields to include table's name

including name and display name for field, and table name (not display
name) which was original complaint.

* tests

[Fixes #16293]

Since the frontend sends a date-style string with various differences from how Java's Date Formatter expects things,
we need to post-process some bits. The 'D' -> 'd' string replacement was missed in the post processing fn, and so in
some cases it was missed altogether, causing this bug.

Existing tests in `metabase.pulse.render.datetime-test` and `metabase.pulse.render.table-test` should already catch
this issue. Prior to the change they would fail, but they now pass after adding this PR's changes.

```
docker run \
       -p 3000:3000 \
       -v $PWD/my_log4j2.xml:/tmp/my_log4j2.xml \
       -e JAVA_OPTS=-Dlog4j.configurationFile=/tmp/my_log4j2.xml \
       metabase/metabase:v0.45.1
```

From https://github.com/metabase/metabase/issues/27497

Note that this specifies `log4j.configurationFile` and not
"log4j2.configurationFile" that we set in our bootstrap.clj.

I'm not sure if this is supposed to work or not but we'll give it a
shot.

the Automatic Configuration section of
https://logging.apache.org/log4j/2.x/manual/configuration.html specifies
that:
1. Log4j will inspect the "log4j2.configurationFile" system property
and, if set, will attempt to load the configuration using the
ConfigurationFactory that matches the file extension. Note that this is
not restricted to a location on the local file system and may contain a
URL.

I'm not sure if that other property will work due to some other
mechanism or log4j2 has an undocumented back-compat mechanism.

* nit alignment

* point to var so changes are picked up

need to refresh this ns after changing the middleware since these add a
bit more helpful doc strings. But capture previous function value so
more annoying at repl

* Ensure MB_API_KEY is set for notify endpoint

Previously when the MB_API_KEY was unset:

```
❯ http POST "localhost:3000/api/notify/db/1?scan=schema"
HTTP/1.1 403 Forbidden
<other headers removed>

Forbidden
```

And now:

```
❯ http POST "localhost:3000/api/notify/db/1?scan=schema"
HTTP/1.1 403 Forbidden
<other headers removed>

MB_API_KEY is not set. See https://www.metabase.com/docs/latest/configuring-metabase/environment-variables#mb_api_key for details
```

An annoying thing in the tests. We set `"-Dmb.api.key=test-api-key"` in
the `:test` alias for CI, but not in regular dev mode. So annoyingly we
either have tests that would fail in the repl in regular dev, or use
`mt/with-temporary-setting-values [api-key "test-api-key"]` when writing
tests that only matter for local stuff. c'est la vie

* Translate error message

Using site locale because this in an `+apikey` context, not an `+auth`
context. The importance of that is that there is no logged in user so no
way to get a user locale, and it just falls back to the server locale
anyways. So lets just use that.

* Fix temp settings when they are env-based

An annoying bit here. `api-key` setting in the notify test is set in the
env in the `:test` alias.

```clojure
notify-test=> (mt/with-temporary-setting-values [api-key nil]
                (mw.auth/api-key))
"test-api-key" ;; where did the nil go?
```

But there are two bugs in `mt/with-temporary-setting-values`:

1. It gets the current env value and then temporarily sets it to the
current value. Note that `do-with-temp-env-var-value` is called with
`env-var-value` which is the current value in the environment. All of
this work for nothing

```
-    (if-let [env-var-value (and (not raw-setting?) (#'setting/env-var-value setting-k))]
-      (do-with-temp-env-var-value setting env-var-value thunk)
+    (if (and (not raw-setting?) (#'setting/env-var-value setting-k))
+      (do-with-temp-env-var-value setting-k value thunk)
```
So cannot possibly do what we want.

2. The second bug is that the pathway through
`mt/with-temporary-setting-values` did not convert `:api-key` to
`:mb-api-key`. So even if it put our new value in above, it would put
`:api-key nil` in the env, but when we look for it it would look for
`:mb-api-key` and we would not find it.

Thus the use of `setting-env-map-name`. Then clean up the few other
places that did it kinda right, but not necessarily. Seems the "correct"
way to do this is get the setting name, munge it, prepend with mb. The
other call sites were using variants of `(keyword (str "mb-" (name
setting-name)))` which is close but could miss the munging.

* Safely set env/env keys

There are two ways that we put things into the env/env so they appear as
environmentally set variables.

- explicitly with `mt/with-temp-env-var-value`. This simulates a user
setting these values and they are specified in the env way:
mb-email-smtp-port, "MB_DISABLE_SCHEDULER", etc. At the call site you
are aware that they are env related so get the mb prefix
- incidentally with `mt/with-temporary-setting-values`. Settings are
always referred to by their "nice" internal name like `api-key`,
etc. But if a setting is found to be an env variable, we override it in
env/env. But we have to make sure the key is set properly with an mb-
prefix.

Owing to this, we have to conditionally add the mb- prefix if not
already present.

* cleanup the constants a bit

* Fix some site-url tests

The tests themselves are testing useful stuff: site-url doesn't return a
broken value if it fails the verification when set as an env
variable. But the tests themselves were a bit nonsensical in their
setup:

```
@@ -62,21 +62,19 @@
 (deftest site-url-settings-normalize
   (testing "We should normalize `site-url` when set via env var we should still normalize it (#9764)"
     (mt/with-temp-env-var-value [mb-site-url "localhost:3000/"]
-      (mt/with-temporary-setting-values [site-url nil]
-        (is (= "localhost:3000/"
-               (setting/get-value-of-type :string :site-url)))
-        (is (= "http://localhost:3000"
-               (public-settings/site-url)))))))
+      (is (= "localhost:3000/"
+             (setting/get-value-of-type :string :site-url)))
+      (is (= "http://localhost:3000"
+             (public-settings/site-url))))))
```

Why would it set an env-variable version [mb-site-url "localhost:3000/"]
then try to blank it out with `(mt/with-temporary-setting-values
[site-url nil])`.

Fixing the bug in how we set env var values made this nonsensical stuff
break.

Now we just have to do the obvious thing: set the env var to a bad
value, assert that (setting/get-value-of-type :string :site-url) is that
value, but assert that the _setting_ is a well-formatted value or nil if
we can't solve it (the "asd_12w31%$;" case).

Setting the env value then setting a temporary value to nil didn't make
much sense. And the fix made that set the env var to nil.

* fixup last tests

* Don't modify things from `with-temp-env-var-value`

this allows us to set non-mb-prefixed env vars. not sure if necessary
but let's roll with it.

* fix last of the tests

* fix automatic dox generation for malli+defendpoint

- there isn't a concept of not having an error message for a schema \o/
- warn but don't break when the schema is invalid
- polish the descriptions a little "a nullable a vector" -> "a nullable vector"

* gitignore malli types files

* schema -> defendpoint api/setting GET :key

+ docs example

* schema -> defendpoint api/action + dox generation

* quickfix + add smaller trivial tests

* add imported clj kondo rules to git

* add with-api-error-message to fix some tests

* use mu/with-api-error-message

* fix tests

* finish defendpoint migration for api/action ns

* do not stringify errors

* fix devtime annoyance with malli-dox generation

* more polish

- add length to numerics
- respond to review

* unused var linter fix

* fix off by 1 in umd/description

* aligator eats the big number + update action.md

* Disallow axis ranges with the same min/max, which causes divide by zero error

The group-axes private fn is used to try group series axes together if the ranges of the series are 'close enough',
which is calculated by determining the percentage overlap the ranges share.

As the comparison is made, the first series in the list will always be compared with itself, and should have
1.0 (100%) overlap, as the ranges are going to be identical. The divide by zero issue arises when this first series,
and potentially any other series, has a 'range' where the min and max are the same. This happens if the series has the
same value in every row.

With this change, these ranges are considered invalid, and we avoid the divide by zero.

* Unskip e2e repro

* Limit session timeout amount to less than 1 million

* Limit the max timeout to 100 years

* Validate on BE too

* Typo

* Add comment to FE

* Fix BE validation

* Fix BE validation

* Add BE test

* Change FE validation to mirror BE validation

* Add unit test for SessionTimeoutSetting

* Refactor FE unit tests

* Move comment

* Add check for positive amount to BE validation

* Add more BE tests

* Refactor validate function

* Remove cleanup()

* Use ToBeInTheDocument instead

* Use getByText

* Remove conditional expect

* Remove unused import

* Refactor for clarity

* Formatting

* Validate session-timeout in getter too

* Add docstring to check-session-timeout and make private

* Change getter to print warning string instead of throw exception

* Format import

* i18n and use log/warn in getter, and throw 400 in setter

* Reorder require

* Use cam's suggestion

Co-authored-by: Cam Saul <1455846+camsaul@users.noreply.github.com>

Co-authored-by: Cam Saul <1455846+camsaul@users.noreply.github.com>

* Implicit action pre-fetch values (#25940)

* [Apps] Implicit action pre-fetch values

WIP To return a parameter-id: value map in order to prefill ui.

* Use jsonstring encoded parameters

* Change parameters exposed by implicit actions

Previously, we would look at a model's source-table to determine which
parameters were valid for implicit actions. So if an implicit action is
on a User model that hides the user.password column, you could still
update or insert the password.

With this commit, if the model doesn't expose a source table column, it
is not a valid parameter. In the example user.password could not be
inserted/updated or fetched for prefilling.

* Fixing tests

* Show data app page ID params in editing mode (#25943)

* Data apps layout updates (#25930)

* play with grid sizes to make apps feel appier [ci skip]

* move app nav to bar inside app

* only hide other header buttons outside of edit mode

* tweak overflow issue

* fix header width on data apps

* add control to see app contents

* set data apps layout constants contextually [ci skip]

* remove hardcoded value [ci skip]

* extract conextual header styles [ci skip]

* set max-width on paramaters for data apps [ci skip]

* move data apps nav deeper, only show if not editing [ci skip]

* add spacing to contents trigger, rm old code [ci skip]

* rm table thing for now [ci skip]

* Fixes for data app layout updates (#25962)

* Reorder import

* Fix type

* Fix missing translation, move out URL

* Remove not used import

* Rework `getSelectedItems` utility for data apps

* Fix selected data app page highlighting

* Don't reload app navbar on page change

* Change nav item links look

* Remove `DataAppPageSidebarLink`

* Turn nav into HTML list

* Use styled components

* Fix edit button covered by visualizations

* Fix opening homepage

* Remove redundant prop

Co-authored-by: Anton Kulyk <kuliks.anton@gmail.com>

* First take at parameterized data app page titles (#25938)

* Bring `DataAppContext` back

* Pass `onFocus` and `onBlur` to `EditableText`

* Export `EditableTextProps`

* Add basic `DataAppPageTitle` component

* Use `DataAppPageTitle`

* Fix component name

* Add primitive autocompletion to page title input

* Add `title_template` to `DataAppNavItem` type

* Tweak value management in `DataAppPageTitle`

* Handle `null` values in titles more gracefully

* Don't show suggestions without detail cards

* Don't add whitespace when pasting a token

* Don't update app's collection all the time

* Add data app related selectors to dashboard selectors

* Add redux state to keep title template changes

* Update page title template on page save

* Wire up `DataAppPageTitle` with dashboard code

* Fix unit tests

* Reset state on exiting editing mode

* Add back button to template data picker

* Fix test that didn't include pk on insert

* Use the actual pk value

Co-authored-by: Anton Kulyk <kuliks.anton@gmail.com>
Co-authored-by: Kyle Doherty <5248953+kdoh@users.noreply.github.com>

* Revert "Remove data app permission code (#26016)"

This reverts commit b8c92cf1.

* Remove unused imports

* Don't require the table_id on result_metadata elements (#26073)

In some cases (which ones still has to be clarified) the result metadata doesn't
contain the table_id and so no parameters are provided. In fact the table ID is
probably not needed anyway because fields are already table specific.

* Support filtering cards by used model (#26088)

This change adds a new filter option for the GET /card endpoint.

* Support filtering apps using a given model (#26124)

* Handle type errors more cleanly (#26120)

* [Apps] Handle type errors more cleanly

Adds a number of tests for different db datatypes, these can be expanded
on as we solve.

Catches most exceptions during execution and logs then throws a generic
message that leaks less of the details.

* Make sure we order-by expected results

* Fix tests, allow purposeful exception through

* Accept model-ids for scaffolding apps (#26139)

* [Apps] Accept model-ids for scaffolding apps

WIP - accept model-ids but there's still some issues, might be able to
start building UI from this point though.

* Maybe working model

* Work with card__n table-ids passed in. Fix problems with detail page

* Dynamically add actions that exist on models

* Update tests for existing custom actions

* Can't def tru

* Address review comments

* Add required to action parameters (#26296)

Looks at `database_required` field values for implicit actions, and
`required` template-tags for custom query actions. Bubble those values
up onto `action.parameters`. Finally, look at `requires_pk` to see if pk
fields should be marked as required regardless.

* Cleanup scaffolded back button (#26317)

* Forward action execution error messages to the frontend (#26469)

This is a crude temporary solution necessary to be able to debug problems related to executing actions.
Although error parsing has been implemented for Postgres (only) with the goal to provide information for
the FE like `{"errors":{"id":"violates foreign key constraint note_subject_id_fkey"}}`. This code doesn't
care about the error message itself, it just forwards the error message from the DB to the FE.

* Actions for public pages (#26554)

* [Apps] Testing out public dashboards

* Add WIP endpoints for public execution

* Add throttle check to public execution route

* Bump attempts-threshold to 1000

* Bump threshold to 5000

* Add test

* Fix linter

* Review changes

* Fix lint

* Run publicly shared actions with full permissions (#26610)

* Support actions with MySQL and MariaDB (#26573)

Support actions with MySQL/MariaDB

* Check permissions for implicit actions (#26652)

* Check permissions when executing implicit actions

* Fix some action tests and reduce permissions boilerplate

* Revert "[Apps] Disable data-apps prior to release (#25982)"

This reverts commit 51147027.

* WIP: Unify action representation (#26717) (#27349)

* [Apps] WIP initial db migrations for giving implicit actions an action_id and removing card from query_action

* Make crud work for http actions

* Make implicit crud work

* Rename implicit_action.namespace to kind. Rewrite merged-model-actions to actions-with-implicit-parameters

* Fix query action creation

* Make actions.test-util/with-action create a holding model

* Fix unified-action-create-test

* Fix get-action-test

* Add tests for creating implicit and http dashcard actions

* Enable query action in dashcard-action-create-update-test

* Fix metabase.api.dashboard-test/dashcard-query-action-execution-test

* Fix metabase.api.dashboard-test/dashcard-http-action-execution-test

* Fix metabase.api.dashboard-test/dashcard-action-execution-auth-test

* Fix metabase.api.dashboard-test/dashcard-action-execution-granular-auth-test

* Make implicit action execution work

* Scaffolding implicit actions from table

* Fix metabase.api.action-test

* Make scaffolding work with existing models. Update with-action macro to allow multiple actions

* Fix metabase.api.public-test

* Remove unused names from metabase.models.action

* Remove some unused imports

* Remove an unused import

* Remove model_action and fix a bunch of tests

* Fix dashcard-implicit-action-only-expose-and-allow-model-fields

* Fix action type inheritance

* Fill in remarks and add description to action

* Add forward migration for existing actions and rollbacks that remove existing actions

* Prevent overwriting parameters of custom actions

* Support setting description on actions

* Update migration to work with mysql - rollback is still not quite working in mysql due to database_id fk

* Rename with-action macro to with-actions and document it

* Remove report_card.is_write

* Fix some more tests

* Fix rollback across all appdb drivers, add not null constraints, use action.name to hold implicit slugs

* Pull name and description from is_write card

* Add name to scaffolded implicit actions

* Remove ModelAction

* Remove is_write from comments too

* Different databases reference capture groups in regexp_replace differently. Also drop model_action table

* Update migrations to pass linter.

Introduce ${capturegroup.ref} to handle the different ways to reference
capture groups within a regexp_replace. This allows collapsing large
data migrations into a single `sql` element that the linter requires.

* Add kind to action-mapper so we can sort as we wish

* Add name to with-temp Action

* Adjust FE to query actions migration (#26764)

* Remove `is_write` card notion

* Remove action `slug` from action types

* Fix typo in `estimateCardSize` name

* Remove hanging card's `is_write` prop

* Remove not used writeback actions

* Update endpoints

* Remove not used prop

* Remove action `slug` usage

* Update actions entity

* Tweak action creator to handle new actions shape

* Fix saving action dashcards

* Fix actions API usage

How did that work before? 



* Pass `database_id` when creating query actions

* Remove custom list API implementation for actions

* Clean up types

Co-authored-by: Tamás Benkő <tamas@metabase.com>

* Change regexp_replace to substring to support mysql - this is ok because we have consistent json serialization.

* Check permissions on the model in the action API

* Remove unused required namespace

* Throw an exception when demoting a model with actions to question

* Allow saved parameters on implicit actions to add to implicit parameters

Co-authored-by: Case Nelson <case@metabase.com>
Co-authored-by: Anton Kulyk <kuliks.anton@gmail.com>

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>
Co-authored-by: Case Nelson <case@metabase.com>

* empty commit to kick CI

* bump CI

* Fix down migrations

 change v45.00-002 sets up a fk fk_query_action_ref_action_id. h2 v2 for
 some strange reason requires us to remove the constraint before we can
 remove the primary key. But then we have to restore the state that
 v45.00-002 creates manualy

* Allow for version for `(migrate! :down 45)`

* Remove data apps parts not planned for 0.46

Removed app container, app scaffolding and pages (dashboards with is_app_page)

* Address linter issues

* Make some cosmetic changes to reduce the diff

* Make new permission API endpoints use defendpoint-schema

* Fix bad automerge

* Skip Mongo 4.2 instead of 4.0

Co-authored-by: Case Nelson <case@metabase.com>
Co-authored-by: Anton Kulyk <kuliks.anton@gmail.com>
Co-authored-by: Kyle Doherty <5248953+kdoh@users.noreply.github.com>
Co-authored-by: dan sutton <dan@dpsutton.com>

Update data perms graph API to accept sandboxes and save them transactionally with the permissions graph (#27434)

* basic implementation and happy path tests

* error handling & include changed sandboxes in result

* whitespace fix

* Fix mongo version checking for now

* Add minor versions for comparison

* Handle nil case

* newline

* Replace _

* Use dbms-version semantic-version instead

* Compare only the major and minor version

* Fix mongo database-supports?

* Fix duplicate require

* Fix typo

* Remove expressions from version check

* Fix various mongo expressions

`trim`, `rtrim`, `ltrim` needed to be wrapped in `{"input" expr}` object
`replace` needed to be wrapped in `{"input" expr "find" ...
"replacement" ...}' object
`substring` needed to fill in the 3rd argument, optional in mbql but
required in mongo. Also to use a 1 based index

* Generalize semantic-version-gte

* Used synced dbms_version for testing feature support

* Expressions are only supported by mongo 4.2+

* Disable some tests

* Fix mongo division

Handle nulls with an upfront condition check.
Handle multiple divisors.

* Remove unused namespace

* Throw exeception if using replace on mongo < 4.4

* Skip test because of #27249

* Move minimum Mongo CI version to 4.2

* Fix sorting by expressions

$sort needs to come before $project otherwise we can only see the
projected fields, however expressions are only added in $project.

So now if a sort includes an expression, we will use $addFields to be
able to sort by that expression.

* Disable tests for expressions inside aggregations

To be addressed by #27275

* Handle aggregation nested in an expression

* Remove :truncation-start workaround

* Enable tests for expressions inside aggregations

* Fix datetime-math-tests

* Make sure dbms_version is included when fetching database for store

* Update doc for replace to indicate it should replace all occurrences

* Fix order-by-test

* Handle embedded special aggregations (#27315)

* Handle embedded special aggregations
* Preserve aggregation options for nested aggregations
* Use top-level aggregation name as group name

* Disable nil punning on semantic version check (#27317)

* Optimize produced query for division when dividing by literals

* Rename var

* Use reduce to build division

* Fix reduction

* Clean up formatting and document some details

Co-authored-by: Callum Herries <hi@callumherries.com>
Co-authored-by: Tamás Benkő <tamas@metabase.com>
Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

* [Toucan 2 Prep] Add helper for extending `IModel`; namespace Toucan properties

* Clean namespaces

* Test fixes 

* [Toucan 2 Prep] Add `define-*-hydration-method` macros

* Sort namespaces

* Disable Eastwood `:unused-private-vars` linter

* [Toucan 2 Prep] Add helper for extending `IModel`; namespace Toucan properties

* Clean namespaces

* Test fixes 

* docstring to highlight partial graph acceptance

- updates how we decode the incoming graph

* sort ns

* Update src/metabase/api/collection.clj

Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>

* code review responses

Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>