feat: dedicated permissions table

[TorstenDittmann]

With this PR, every Collection will have a dedicated table with all its row level permissions.

The table has 4 columns:

• _id internal id (auto incremented)
• _type either read or write (possibility to extend in the future)
• _permission the actual permission value
• _document reference to the _uid for the document

Now that the Permissions are not saved within the actual row of a document anymore, we need to aggregate those informations. For this I am utilizing the JSON_ARRAYAGG function, which will automatically get all permissions for a Document and outputs it as a JSON array string.

In terms of performance there is very little to no impact and it also allows us to have data integrity over saving the permissions additionally with the document. Also the queries are written in a way to utilize Sub Query cache - which is enabled by default on MariaDB - which optimizes correlated subqueries by storing results together with correlation parameters in a cache and avoiding re-execution of the subquery in cases where the result is already in the cache.

The permissions table is appended with _perms, not _permissions to save space (we only have 64 chars of length for a table name).

Query for getDocument:

SELECT
  table_main.*,
  (
    SELECT
      JSON_ARRAYAGG(DISTINCT _permission)
    FROM
      `utopiaTests`.`myapp_620118ce6192e_movies_perms`
    WHERE
      _document = table_main._uid
      AND _type = 'read'
  ) AS _read,
  (
    SELECT
      JSON_ARRAYAGG(DISTINCT _permission)
    FROM
      `utopiaTests`.`myapp_620118ce6192e_movies_perms`
    WHERE
      _document = table_main._uid
      AND _type = 'write'
  ) AS _write
FROM
  `utopiaTests`.`myapp_620118ce6192e_movies` AS table_main
WHERE
  _uid = 'frozen'
LIMIT 1
;

Query for find:

SELECT
  table_main.*,
  (
    SELECT
      JSON_ARRAYAGG(DISTINCT _permission)
    FROM
      `utopiaTests`.`myapp_620118ce6192e_movies_perms`
    WHERE
      _document = table_main._uid
      AND _type = 'read'
  ) AS _read,
  (
    SELECT
      JSON_ARRAYAGG(DISTINCT _permission)
    FROM
      `utopiaTests`.`myapp_620118ce6192e_movies_perms`
    WHERE
      _document = table_main._uid
      AND _type = 'write'
  ) AS _write
FROM
  `utopiaTests`.`myapp_620118ce6192e_movies` AS table_main
WHERE
  table_main._uid IN (
    SELECT
      *
    FROM
      (
        SELECT
          _document
        FROM
          `utopiaTests`.`myapp_620118ce6192e_movies_perms`
        WHERE
          _permission IN ('role:all', 'user2')
          AND _type = 'read'
      ) AS subquery
  );

[eldadfux]

Do we know if this operation is locking the table?

[eldadfux]

After discussing this, we figured this is a blocking operation. We need to decide what we want to do with it. Although right now this is only used by migration, we might want to allow changing the attribute name directly from the Appwrite API.