Why store this as a massive jsonb blob instead of a table? How do we plan on efficiently getting a list of all templates the user has access to?

It's basically the same way everything else is done. You get a list of all the templates and then you filter it through the auth filter for the subset of templates that you have access to. Just wrote a test for this here

For workspaces, it kinda does this, but we still query by the owner so it's lessened significantly.

I guess the use-case I have in mind is 10 templates with 10 users on each... for every HTTP request we'll load 100 entries into memory and check against them? That sounds like a lot of excess when we could (I don't see why not, but maybe there's a reason) have a table that just has the user ID indexed...

The memory overhead is unfortunate but this way plays better with rego is the short answer. We can look into rewriting it if you think it's a showstopper, I'm not sold on jsonb but joining tables doesn't play well with sqlc either so the maintainability of the code might suffer as a result of trying to glue everything together.

is_ isn't necessary here

Deleted should be Delete in this name pattern

Why can't this be done with sqlc instead?

because it exposes a json.RawMessage through the API. I wanted to preserve type safety as much as possible since we can't enforce the jsonb structure in the DB

I'm not convinced we should escape sqlc here... this function is only used once, so why not just do the struct conversion where it's queried from instead?

there's unfortunately multiple problems when I tried to write this with sqlc. One is that it didn't recognize the intermediate value column in the subquery. When I tried to jank around that the resulting return type was wildly different than what I tried to express 😞