New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing WHERE clause in Bulk APIs #1421
Comments
Applying to Delete as well. |
@wingkwong you don't think this is a bug? Because the bulk API is implemented, and is clearly misbehaving by not having the "where" clause. You do realize people might use the bulk API for updating data, and it would update data in an erratic manner? Requiring a restore from a database backup because the bulk update went the opposite way? This issue being classified as "Enhancement" instead of a "Bug" is something I don't understand. I kindly ask you to re-consider for the sake of other users that might be using the bulk update API unaware of this bug |
@fishnux Some users trigger a bulk API resetting a column for all records such as updating a boolean column as false. It's not misbehaving in this case. I agree that adding where clause would be nice as some users may want to apply the changes on some target records only. As something isn't working the way the customer wants, then it's classified as an enhancement. If users cannot update records at all, then it's classified as a bug. Even there is an option to specify where clause, to use it or not, it's on users. They can still update / delete all records by mistake when they leave where clause empty. Of course there could be a lot to be done, like notifying how many records are gonna be updated before executing the SQL. In this case, I'd say this is another potential enhancement rather than a bug. |
Ok, I understand it now, thanks for explaining! Looks like it depends on the use-case |
Actually, how do you explain this in the documentation: [
{
"country_id" : 10261,
"country": "test 3"
},
{
"country_id" : 10262,
"country": "test 4"
}
] There would be no "test 3", everything would be "test 4", right? @wingkwong |
@fishnux Just checked with another developer. The origin design is that if the primary key is mentioned, |
I've hit the same issue last summer with deletion in PostgreSQL, which wiped my whole table (I had backups, so no data loss 👌). But the project I was on was really low on my priority list, so I never ended up narrowing it down or reporting it. Sorry about that and kudos to @fishnux for making it happen! Great to see the reasoning behind this design. On a technical level it kinda makes sense, but I have to agree that it's mighty confusing and very error-prone. My suggestion would be to disallow objects without primary key in bulk updates, and if the feature "update everything" is indeed necessary, introduce a special value to trigger this behavior.
Whatever you decide, looking forward to the fix and thanks for such a great tool! 👍 |
In our previous internal discussion, we had the following design. If the input object length is just 1, then users have to tick the checkbox in swagger ui (or pass a param flag) as a confirmation in order to update all records. Example: All values in column [
{
"country": "VALUE_FOR_ALL_RECORDS"
}
] If the PK is provided, then only update that record with the given PK. Example: Only record with [
{
"country_id" : 10261,
"country": "VALUE_FOR_COUNTRY_ID_EQUAL_TO_10261"
}
] If there is multiple objects, for each object, we only update those with PK only. We'd also make it more flexible so that each object is independent as some users may want to update different fields for different IDs. Example: Only records with [
{
"country_id" : 10261,
"country": "VALUE_FOR_COUNTRY_ID_EQUAL_TO_10261"
},
{
"country_id" : 10262,
"other_field": "VALUE_FOR_COUNTRY_ID_EQUAL_TO_10262"
},
{
"country": "THIS_WILL_NOT_BE_UPDATED"
}
] For composite PKs, you need to specify like this. Example: Record with composite PK [
{
"composite_key_1" : 1,
"composite_key_2" : 2,
"composite_key_3" : 3,
"country": "VALUE"
}
] Pseudocode:
|
After thinking about it some more I think I'd rather move the And on a side note: what the update currently does looks more like |
After an internal discussion, we'd have the following design.
Yes. We've noticed that and will use PATCH instead in the future. |
Bulk APIs have been implemented in v0.90.x. Extracted from Data APIs. Some sample examples: Bulk Insert curl -X 'POST' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED>' \
--data '[{ "Title": "Q" },{ "Title": "P" }]' Bulk Update curl -X 'PATCH' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED>' \
--data '[{ "Id": 7, "Title": "Q" },{ "Id": 8, "Title": "P" }]' Bulk Delete curl -X 'DELETE' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED>' \
--data '[{ "Id": 27 },{ "Id": 28 }]' Bulk Update All curl -X 'PATCH' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi/all \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED>' \
--data '{ "Title": "Updated" }' Bulk Update All with conditions curl -X 'PATCH' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi/all?where=(Id,gt,7) \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED>' \
--data '{ "Title": "Updated" }' Bulk Delete All curl -X 'DELETE' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi/all \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED>' Bulk Update All with conditions curl -X 'DELETE' \
http://localhost:8080/api/v1/db/data/bulk/noco/sakila/testApi/all?where=(Id,gt,7) \
-H "Content-Type: application/json" \
-H 'accept: application/json' \
-H 'xc-auth: <REDACTED> |
This is a critical bug because, even if the query succeeds, it'll update rows you don't want to update (all of them)
NocoDB used as docker : true
NocoDB version : 0.84.14
Database used in NC_DB URL : sqlite3
Project was created by clicking : New Project by connecting to external database
Database on which spreadsheet is created : pg
OS on which NocoDB is running : Linux
Node.js version if running as node : N/A
Database version :
Steps To Reproduce
Do REST API request to bulk update, e.g.
(please note I haven't literally tested the example above, I found this bug within n8n's NocoDB integration)
Expected behavior
Bulk update succeeds
What happens
It's missing the WHERE clause for UPDATE - all rows would be updated if the query succeeds
The text was updated successfully, but these errors were encountered: