Delete with no query removes all records by default

[NorthDecoder]

While struggling to to learn how to write the correct query
to delete only one record, I tried no query and the default of
delete all records was performed.

Steps to reproduce

1. Following the the todo-list tutorial

lb4 example todo-list
cd loopback4-example-todo-list
npm start

2. Browse to the API explorer at http://127.0.0.1:3000

3. Notice that the database is prepopulated

   a. With GET todo-lists/count

   • Click Try It out
   • remove the default query
   • press the execute button
   • see result { "count": 2 }

   b. With button GET todo-lists/

   • Click Try It out
   • remove the default query
   • press the execute button
   • see the response has two lists

     	[
     	  {
     	    "id": 1,
     	    "title": "Sith lord's check list",
     	    "color": "blue"
     	  },
     	  {
     	    "id": 2,
     	    "title": "My daily chores",
     	    "color": "red"
     	  }
     	]

   c. Click button GET /todo-lists/{id}/todos

   • Click Try It out
   • Enter 1 for the id number of the first list
   • remove the default query
   • press the execute button
   • see the response is quantity three pre-populated todos
     id's 1, 2 and 4 .

   WARNING: about to (accidentally) delete all the todos in the list!

   d. Click button DELETE /todo-lists/{id}/todos

   • Click Try It out
   • Enter 1 for the id number of the first list
   • remove the default query
   • press the execute button
   • see the response is

     {
       "count": 3
     }

   e. Re-perform step c. above to see the result is [], an
   empty array. All records have been unceremoniously deleted
   from list 1! The list count is still { "count": 2 }.

Current Behavior

• Default (accidental) delete of all records.

Expected Behavior

• My expectation is that at least nothing would happen
  accidentally. Even better, no delete-all would occur
  and that a somewhat helpfull error message would be
  returned stating that an empty query is not allowed with
  a delete request.

Link to reproduction sandbox

N/A

Additional information

• linux x64 14.15.1

@loopback/example-todo-list@3.7.0 /home/northdecoder/workspace/loopback4-example-todo-list
├── @loopback/boot@3.1.2
├── @loopback/core@2.13.1
├── @loopback/repository@3.3.0
├── @loopback/rest@9.1.1
├── @loopback/rest-explorer@3.0.5
├── @loopback/service-proxy@3.0.5
├── loopback-connector-rest@4.0.1

Related Issues

Thinking this may have already been discussed, I read through
a bunch of issues with 'delete' somewhere in the text. Not sure
of the relevance.

Issue #

• 2233
  • 2347 pull
• 3094
• 1472
• 2819

See Reporting Issues for more tips on writing good issues

[fguille94]

+1

[stale]

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.