quote constraint name for non-admin inserts (fix #494) (#497)

### Description
What component does this PR affect? 

- [x] Server
### Related Issue
#494 

### Solution and Design
Use `quote_ident()` SQL function over `constraint_name` in insert trigger function definition.

### Type
- [x] Bug fix (non-breaking change which fixes an issue)

server/src-lib/Hasura/RQL/DDL/Permission/Triggers.hs

@@ -49,9 +49,10 @@ buildInsTrigFn fn tn be =
   , BB.string7 " VALUES (NEW.*) ON CONFLICT DO NOTHING RETURNING * INTO r; RETURN r; "
   , BB.string7 "WHEN action = 'ignore'::text AND constraint_name is NOT NULL THEN "
   , BB.string7 "EXECUTE 'INSERT INTO " <> toSQL tn
-  , BB.string7 " VALUES ($1.*) ON CONFLICT ON CONSTRAINT ' || constraint_name || ' DO NOTHING RETURNING *' INTO r USING NEW; RETURN r; "
+  , BB.string7 " VALUES ($1.*) ON CONFLICT ON CONSTRAINT ' || quote_ident(constraint_name) || ' DO NOTHING RETURNING *'"
+  , BB.string7 " INTO r USING NEW; RETURN r; "
   , BB.string7 "ELSE EXECUTE 'INSERT INTO " <> toSQL tn
-  , BB.string7 " VALUES ($1.*) ON CONFLICT ON CONSTRAINT ' || constraint_name || ' DO UPDATE ' || set_expression || "
+  , BB.string7 " VALUES ($1.*) ON CONFLICT ON CONSTRAINT ' || quote_ident(constraint_name) || ' DO UPDATE ' || set_expression || "
   , BB.string7 "' RETURNING *' INTO r USING NEW; RETURN r; "
   , BB.string7 "END CASE; "
   , BB.string7 "ELSE RAISE internal_error using message = 'action is not found'; RETURN NULL; "

server/tests-py/queries/graphql_mutation/insert/permissions/company_user_role.yaml

@@ -0,0 +1,31 @@
+description: Insert Company data as user role
+url: /v1alpha1/graphql
+status: 200
+header:
+  X-Hasura-Company-Id: 1
+  X-Hasura-Role: user
+response:
+  data:
+    insert_Company:
+      affected_rows: 1
+      returning:
+      - id: 1
+        name: 34 Cross
+query:
+  query: |
+    mutation insert_company {
+      insert_Company (
+        objects: [
+          {
+            name: "34 Cross",
+            id: 1
+          }
+          ],
+      ) {
+        affected_rows
+        returning{
+          id
+          name
+        }
+        }
+      }

server/tests-py/queries/graphql_mutation/insert/permissions/company_user_role_on_conflict.yaml

@@ -0,0 +1,35 @@
+description: Upsert Company name as user role
+url: /v1alpha1/graphql
+status: 200
+header:
+  X-Hasura-Company-Id: 1
+  X-Hasura-Role: user
+response:
+  data:
+    insert_Company:
+      affected_rows: 1
+      returning:
+      - id: 1
+        name: Hasura
+query:
+  query: |
+    mutation insert_company {
+      insert_Company (
+        objects: [
+          {
+            name: "Hasura",
+            id: 1
+          }
+          ],
+        on_conflict: {
+          constraint: Company_pkey,
+          update_columns: [name]
+          }
+      ) {
+        affected_rows
+        returning{
+          id
+          name
+        }
+        }
+      }

server/tests-py/queries/graphql_mutation/insert/permissions/setup.yaml

@@ -63,6 +63,19 @@ args:
     schema: public
     name: address
 
+#Create Company table
+- type: run_sql
+  args:
+    sql: |
+      CREATE TABLE "Company" (
+      "id" SERIAL PRIMARY KEY,
+      "name" TEXT
+      )
+- type: track_table
+  args:
+    schema: public
+    name: Company
+
 #Object relationship
 - type: create_object_relationship
   args:
@@ -139,3 +152,25 @@ args:
         bio:
           _is_null: false
       allow_upsert: true
+
+#Company insert permission for user
+- type: create_insert_permission
+  args:
+    table: Company
+    role: user
+    permission:
+      check:
+        id: X-HASURA-COMPANY-ID
+      allow_upsert: true
+
+#Company select permission for user
+- type: create_select_permission
+  args:
+    table: Company
+    role: user
+    permission:
+      columns:
+      - id
+      - name
+      filter:
+        id: X-HASURA-COMPANY-ID

server/tests-py/queries/graphql_mutation/insert/permissions/teardown.yaml

@@ -27,3 +27,8 @@ args:
   args:
     sql: |
       drop table author
+
+- type: run_sql
+  args:
+    sql: |
+      drop table "Company"

server/tests-py/test_graphql_mutations.py

@@ -91,6 +91,11 @@ class TestGraphqlInsertPermission(object):
     def test_student_role_insert_check_bio_fail(self, hge_ctx):
        check_query_f(hge_ctx, self.dir + "/author_student_role_insert_check_bio_fail.yaml")
 
+    def test_company_user_role_insert(self, hge_ctx):
+       check_query_f(hge_ctx, self.dir + "/company_user_role.yaml")
+
+    def test_company_user_role_insert_on_conflict(self, hge_ctx):
+       check_query_f(hge_ctx, self.dir + "/company_user_role_on_conflict.yaml")
 
 
     @pytest.fixture(autouse=True)