* allow `:blocked` to be saved for table level perms

* Adds 2 tests for table level blocked permission settings

- N.B. these are NOT ENFORCED YET

* update test that asserted we cannot set block on tables (we can)

* WIP: Pairing on making perms checking less wild

* cleanup, update docs, and add a test for view-data perm only

- Added a test where we have data permissions, but not create query, and
  I think it is failing when we have create query and blocked data
  permissions.
- renamed some functions from check-x -> has-x? since they return a
  value instead of throwing now

* Revert "WIP: Pairing on making perms checking less wild"

Keep the same behavior, but stick with the saner flow control

This reverts commit 63bcb5b4.

* update docs

* update test to be passing

- TODO: make sure it's correct w.r.t. perm settings

* Allow schema level blocked setting in permgraph

* remove invalid test cases

- continue to have a forcing function to test newly added perms

* conform function output

* ensure a single blocked table blocks native queries to its DB

* update error message

- we now catch this error in `metabase.models.query.permissions/has-perm-for-query?`

* we now check for data permissions to process query for card

* add more explanation to what we are testing

- to help see why it fails on CI and passes locally

* remove excess `def`

* Add test for table-level data X collection perms

- update test found to be in-error

* update param values qp permission check style

* set view-data and create-query explicitly

* set viewdata and createquery explicitly in qp test

* Respond to review comments (which fixes a case)

* setting a table to blocked: leave other tables the same

* [Permissions] Add "No access" schema/table permission (#46509)

* first pass

* refactors downgrading native permission logic and updates calculation so that "No access" downgrades native permissions to "No"

* stub for permissions help info on table block

* modal changes wip, updates downgrading create queries permissions to all happen at a single call site

* clean up, sandboxing modal copy changes, removes rekoke/limit access modal changes to make the diff smaller and move code to a seperate PR

* updates permissions help section to contain the final copy

* sandboxing copy fix and remove modal that was dropped from requirements

* adds blocked at the schema level, updates no access copy to blocked, updates permissions help section to contain new blocked and schema level changes

* fixes failed unit and e2e tests after sandboxing copy changes

* improve the block e2e test to include table blocking

* fixes failing blocked test, fixes other schemas create queries permissions getting correct with one schema was droped to blocked view data access, fixes a bug that prevents the save bar from going away when all permissions for group are set to the default values

* clean up

* remove color changes

* prevents parent being set to blocked preventing edits for children entities

* add new hasPermissionValueInSubgraph fn, adds modal to warn users we have to upgrade the view data permissions when they upgrade create queries permissions when a child entity is set to blocked

* adds test coverage for new modal

* removes unused function, adds new updateEntityPermission fn to help consolidate some logic elsewhere

* unit test fix and type fix

* most pr feedback

* updates the confirmation modal copy when changing a parent entity that contains a child with blocked permissions and/or sandboxed children, adds test coverage for that, adds test coverage for permission view data column not appearing in oss

* type fix

* [Permissions] Add e2e test coverage for blocked permissions enforcements (#46663)

* adds test coverage for enforcement of blocked permissions

* moves tests around based on pr feedback

* copy changes

* adds fix to make sure that blocked permissions are not removed from sibling tables that have the create queries permissions upgraded (#46854)

* Fix table name lookup for dbs w/ 1 schema per db

* add test for blank schema identifiers

* Refine sandboxed user perms for query builder access (#46939)

* Refine sandboxed user perms for query builder access

- Limit create-queries permissions to unblocked tables only
- Check user permissions for each table before granting query builder access
- Prevent querying of blocked joined tables from query builder for sandboxed users

* Adjust permissions for sandboxed users

- Grant view-data permissions only for unblocked tables
- Revert create-queries permissions to all tables in sandbox
- Remove unnecessary intermediate variable

* when sandboxing we no longer grant unrestricted view perms for blocked tables

* Update enterprise/backend/src/metabase_enterprise/sandbox/query_processor/middleware/row_level_restrictions.clj

remove blank line

Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>

* - make coalesce-test exhaustive (except for sandbox)

* Update enterprise/backend/src/metabase_enterprise/sandbox/query_processor/middleware/row_level_restrictions.clj

Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>

* t2/select ... -> database/table-id->database-id

* update comment

* [Permissions] Prevent "Granular" option in DB View Data options from changing permissions to unrestricted (#46976)

* fix

* adds back most of the code and limits it to only happen with impersonations, updates test to handle differing logic between the two flows

* removes test that is not longer needed

* more sandbox join table perms tests

---------

Co-authored-by: John Swanson <john.swanson@metabase.com>
Co-authored-by: Sloan Sparger <sloansparger@users.noreply.github.com>
Co-authored-by: Sloan Sparger <sloansparger@gmail.com>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>

* Remove simple references to `trackStructEvent`

* Remove `withAnalytics` entities helper

* Remove `trackLoginSSO`

* Remove auth trackers

* Remove permissions trackers

* Remove performance trackers

* Remove settings trackers

* Remove pulse trackers

* Remove undo trackers

* Remove click actions trackers

* Remove `trackStructEvent`

* Remove GoogleAnalytics from the server security middleware

* Remove GoogleAnalytics from Kondo config

* Fix type failures

* Revert "Remove GoogleAnalytics from Kondo config"

This reverts commit 363557c4.

If the content-type header is missing entirely, let it through. We're
not trying to be overly restrictive here, just prohibit things that are
clearly not GeoJSON.

Fixes https://github.com/metabase/metabase/issues/46918

* Throw reasonable error when incompatible temporal unit is used in time unit param

* Remove redundant function

* Add :curated flag to catch exceptions

* Update test/metabase/query_processor_test/date_bucketing_test.clj

Co-authored-by: Cam Saul <1455846+camsaul@users.noreply.github.com>

* Address review remarks

* Update test

* Make vars private

---------

Co-authored-by: Cam Saul <1455846+camsaul@users.noreply.github.com>

* Beautiful log message capturing  

* Don't have log.cljs try to load log.capture, don't know how to make that work

* Remove restriction against use in parallel tests

* Fix tests using invalid syntax

* Port legacy tests

* Make this stuff work with Cljs

* Fix bad syntax

* Convert usages of old version of with-log-messages-for-level to new version

* Update other stuff to use the updated macro

* Fix stuff

* Fix Cljs tests

* Fix world's largest test

* Appease Kondo

* Fix comment

* ClojureScript: only emit capture code in dev builds

* perf: Use more efficient iteration and formatting in CSV export

* perf: Replace clojure.data.csv functions with more efficient implementations

* fix: Fix formatting for integer numbers in scientific notation

* skip some troubleshooting stats when hosted

* fix typo

* just skip "system-info" and "app db details"

* Remove support for questions with metric source

* Fix e2e test

* Enable type info computation for fields coming from model source query

* Add test

* Add handling for fields coming from joins

* Handle column matching errors

* Fix test

* Fix test

* Fix test

* Fix test

* Fix test

* Add Timeseries insights even when Custom Columns exist

WIP

Fixes 46244

I don't know why it was (maybe still is) required that the :other columns be empty before providing insights.

* might be a solution to changing trendlines when data doesn't change

The insights code that powers the frontend trendline requires taking a sample of the dataset.

This sampling has some randomness associated by design, and should maintain its randomness. But it makes some sense to
use the exact same sample when the input has not changed at all, hence trying this memoize approach out.

Might not be the final solution, but it's a start

* add test to show that insights are computed

* use java.util.random with a seed to keep insights stable

* Add testcase from https://github.com/metabase/metabase/issues/43915



* Try a custom formatter if the default formatter for OffsetDateTime doesn't work

* Add testcase

* Make auxillary formatter private

* Catch a more specific exception

* Throw IllegalArgumentException on invalid dates

* Use strict resolver and fix test

* Empty commit to assign credit where it's due

---------

Co-authored-by: Chris Truter <chris@metabase.com>

* Dowload Row Limit Env Var

Adds `MB_DOWNLOAD_ROW_LIMIT` to enable changing the row limit on downloads and alert/subscription attachments (not the
rendered tables, but the .csv, etc.).

Based on: #44982 (Thanks, @r-kot)

Partially implements: #28144

The difference in this PR compared to #44982 is that the download limit applies to all downloads, the only exception
being when the limit is above `qp.i/absolute-max-results` (1048575, based on Excel's limitation); in such a case, the
user supplied limit is only used if the download is csv or json, and `qp.i/absolute-max-results` is used for xlsx.

This PR also fixes alert/subscription attachment limits; prior to this, they were set to the in-app limit of 2000
rows, but now they will follow the user supplied download-row-limit.

This PR also adds a test to the downloads-and-exports test namespace, confirming that they follow the supplied limit,
or the max limit if none is supplied.

* add test confirming the default limit works

* fix test to use the download-row-limit

* address review feedback

* Update src/metabase/public_settings.clj

Co-authored-by: Cal Herries <39073188+calherries@users.noreply.github.com>

* add test covering case where download-row-limit is unset

---------

Co-authored-by: Cal Herries <39073188+calherries@users.noreply.github.com>

* Export Formatting Correctness

WIP

Several bugs exist around the correctness of export formatting, this aims to fix them.

Fixes #27374

When a model has viz settings/metadata changed after save, the download won't incorporate said changes. At least it's
clear that scale doesn't work.

* number formatter merges settings from columns too

* column formatting on aggregated cols works in xlsx now too

* fixes 43040 by grabbing global-type-settings in csv formatter

* Last Used Param Value doesn't fill in with default value if cleared

Fixes #46368

The Last used parameter value is cleared when the frontend sends `nil` as the parameter's value. This works except in
cases where a user clears a parameter with a default value. In this case, we want to indicate that the parameter is
cleared, so we store `nil` in the appdb in such a case.

* Update src/metabase/query_processor/dashboard.clj

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

* add assertion showing that 'nil' with default is still stored

---------

Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>

Fixes: #46558

In #45575 we introduced casting uuid fields for drilldowns.

However we failed to include a check that the rhs was itself another
field of uuid type and so no casting should occur. This broke joins on
models when the database_type of the field may not be known.

* useLogRecentItem

* updating tests

* unit tests

* e2e test

* PR Feedback

* log questions / models

* Accept :dataset instead of :model

* Adding e2e test for recent activity datasets, reverting 'await' changes

* Add e2e for collection moving error

---------

Co-authored-by: dan sutton <dan@dpsutton.com>

* Try without broken refs

* Disable broken test

* Disable broken test