-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clear does not support filters or limit #127
Comments
I tried with the rest-layer-mongo storage backend btw. |
It should also be noted that sub-resources that link to a parent object, are not deleted when deleting the parent object. E.g. in case of the #129 schema,
will not delete any of the "bs". |
There is no support for cascading deletion if this is what you are referring to. The delete with filter bug definitely need to be fixed. |
@smyrman For the cascading deletion case, this is stated on the Rest-Layer documentation site as: |
Yes, it is not yet implemented. |
It looks like at least part of the problem is here (maybe all of it): Line 201 in 0df3129
As you can see, there is a case for GET and HEAD, but no case for DELETE. The DELETE case should handle case "GET":
if fields := r.Params.Get("fields"); fields != "" {
p, err := query.ParseProjection(fields)
if err == nil {
err = p.Validate(rsc.Validator())
}
if err != nil {
return nil, &Error{422, fmt.Sprintf("Invalid `fields` parameter: %s", err), nil}
}
q.Projection = p
fallthrough
case "DELETE":
limit := -1
if l, found, err := getUintParam(r.Params, "limit"); found {
if err != nil {
return nil, &Error{422, err.Error(), nil}
}
limit = l
} else if l := rsc.Conf().PaginationDefaultLimit; l > 0 {
limit = l
}
// ... Of-course, splitting out in some re-usable functions (or methods) with some built-in error handling could work equally well. |
And because I never remember how a |
I think reusable functions will be better, given that we will need to put HEAD, in the switch above. |
right, probabably a more readable option anyway 👍 |
I have started on this a while back. The fix itself is really fast, but there are a few breaking tests that have taken some time to update. Mostly just updating them to test the external (HTTP) interface instead of the internal route. |
@rs, on the linked issues in the -mem/-mongo repos, I think we should let Clear handle Window (limit/offset) equally to how it's handled in Find. If there is a use-case for allowing Clear to delete all resources (matching a query) we could let the parsing in rest-layer ignore the resource default limit during parsing. Alternatively, we could allow limit=-1 to be set by the user Any preferences? As a FYI, this is my current test output for DELETE:
I will post an early PR for my work so far for the test code. |
To make sure I understand what you are proposing, a DELETE on a resource list would only delete up to the default limit number of items? Do you feel like it's what most would expect? |
To start with the obvious, I think users should be able to expect the following:
I am not sure what most users would expect in the case of a default limit for list DELETE (clear), which is also why I want your input on this. There are also some other concerns besides user expectations, such as which is the safest (least destructive) assumption. I actually see three options now, where I now like B the best: To show the consequence of each variant in an example, this is what option A, B and C would mean for requests against a resource
|
If not A, B would be my prefered as it is explicit. With B, in dev you could assume A is in place as your dev env might not have enough element to show actual B’s behavior. But I would assume A is the right behavior in the first place. |
I also prefer A, as it is most expected behavior, inline with how actual DB cli tools work. |
Well the DB CLI also do not appply the default limit on a Find reqiest. Anyway I can start with A for this issue, and maybe we can make it more sequre later, e.g. through resource config, if necesarry. |
@smyrman I think that we don't need to care about security/correctness at this level. After all developer of the end product will need to make tests of his |
@Dragomir-Ivanov, security from shooting yourself in the foot, is never a bad thing to have, but we can discuss that in a separate issue. It's probably more along the lines of adding a soft-delete or maybe actions with undo abilities, rather than anyhing related to parsing of filters & limit (I.e. nothing directly related to this issue). I may link the issue if I create one, but I don't have any concrete suggestions atm. |
Fixes issue #127 by allowing window (limit, skip, page) and predicate (filter) parameters to be parsed for DELETE requests. Updated URL parsing to give better error messages, including an issues section, similar to what's done for document errors. Updates all request method tests to use the public package interface over package internals. This should extend test coverage to include parsing of URL parameters and help prevent bugs like #127 from occurring again.
Fixes issue #127 by allowing window (limit, skip, page) and predicate (filter) parameters to be parsed for DELETE requests. Updated URL parsing to give better error messages, including an issues section, similar to what's done for document errors. Updates all request method tests to use the public package interface over package internals. This should extend test coverage to include parsing of URL parameters and help prevent bugs like #127 from occurring again.
Fixes issue #127 by allowing window (limit, skip, page) and predicate (filter) parameters to be parsed for DELETE requests. Updated URL parsing to give better error messages, including an issues section, similar to what's done for document errors. Updates all request method tests to use the public package interface over package internals. This should extend test coverage to include parsing of URL parameters and help prevent bugs like #127 from occurring again.
Fixes issue #127 by allowing window (limit, skip, page) and predicate (filter) parameters to be parsed for DELETE requests. Updated URL parsing to give better error messages, including an issues section, similar to what's done for document errors. Updates all request method tests to use the public package interface over package internals. This should extend test coverage to include parsing of URL parameters and help prevent bugs like #127 from occurring again.
According to the README, a DELETE request on the resource list view has this effect:
However, when I tried locally, it deletes everything and ignores the filter and/or limit.
The text was updated successfully, but these errors were encountered: