Prevent deletion of all records with empty conditions

Added checks in the 'Delete' and 'PagedDelete' methods in the 'Store.cs' file to prevent the deletion of all records if the conditions are empty. This will protect the system from unintentional data loss by stopping the execution of these methods when they have no parameters.
elsa-workflows · Feb 26, 2024 · 12de290 · 12de290
1 parent 487679e
commit 12de290
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/modules/Elsa.Dapper/Services/Store.cs b/src/modules/Elsa.Dapper/Services/Store.cs
@@ -245,6 +245,11 @@ public async Task<long> DeleteAsync(Action<ParameterizedQuery> filter, Cancellat
     {
         var query = _dbConnectionProvider.CreateQuery().Delete(TableName);
         filter(query);
+
+        // If there are no conditions, we don't want to delete all records.
+        if (!query.Parameters.ParameterNames.Any())
+            return 0;
+
         using var connection = _dbConnectionProvider.GetConnection();
         return await query.ExecuteAsync(connection);
     }
@@ -262,6 +267,11 @@ public async Task<long> DeleteAsync(Action<ParameterizedQuery> filter, PageArgs
     {
         var selectQuery = _dbConnectionProvider.CreateQuery().From(TableName, primaryKey);
         filter(selectQuery);
+
+        // If there are no conditions, we don't want to delete all records.
+        if (!selectQuery.Parameters.ParameterNames.Any())
+            return 0;
+
         selectQuery = selectQuery.OrderBy(orderFields.ToArray()).Page(pageArgs);
 
         var deleteQuery = _dbConnectionProvider.CreateQuery().Delete(TableName, selectQuery);