[MODINVSTOR-576] Bulk delete of instance/holdings/items using CQL Created: 09/Oct/19  Updated: 25/Aug/22  Resolved: 22/Aug/22

Status: Closed
Project: mod-inventory-storage
Components: None
Affects versions: None
Fix versions: 25.0.0

Type: Story Priority: TBD
Reporter: Theodor Tolstoy (One-Group.se) Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: compatibility-breaking
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks MODINVSTOR-389 Add Former and Variant Alternative Ti... Closed
is blocked by RMB-389 PgUtil.delete by CQL Closed
Defines
defines UXPROD-1719 Bulk add/delete/clean holding records Closed
Gantt End to Start
has to be done before MODINV-731 Delete instance/item by CQL Closed
Relates
relates to FOLIO-2052 Add support for bulk deleting objects Open
relates to MODOAIPMH-440 Support instance-storage 9.0 interface Closed
relates to MODINVUP-49 Support instance-storage 9.0, holding... Closed
relates to UIIN-2162 okapiInterfaces instance-storage 9.0,... Closed
relates to CHAL-38 It's very easy to delete a lot of thi... Closed
relates to CIRC-1596 Support instance-storage 9.0, holding... Closed
relates to CIRCSTORE-357 Support holdings-storage 6.0, item-st... Closed
relates to MDEXP-551 Support instance-storage 9.0, holding... Closed
relates to MODAUD-129 Support holdings-storage 6.0 interface Closed
relates to MODCR-89 Support instance-storage 9.0, holding... Closed
relates to MODCXINV-70 Support instance-storage 9.0 interface Closed
relates to MODFEE-270 Support instance-storage 9.0, holding... Closed
relates to MODINVSTOR-901 Reject DELETE instance/holding/item w... Closed
relates to MODNCIP-43 Support holdings-storage 6.0 interface Closed
relates to MODORDERS-757 Support holdings-storage 6.0, item-st... Closed
relates to MODRS-135 Support holdings-storage 6.0, item-st... Closed
relates to MSEARCH-418 Support interface instance-storage 9.0 Closed
relates to UIOR-1017 Support instance-storage 9.0, holding... Closed
relates to UIPCIR-42 Support instance-storage 9.0, holding... Closed
relates to UIPCIR-43 ui-courses: item-storage 10.0 Closed
relates to UIREC-242 Support holdings-storage 6.0 in okapi... Closed
Sprint: CP: sprint 143, CP Sprint 146, CP: sprint 141, CP: sprint 144, CP: Sprint 145, CP: sprint 142
Story Points: 5
Development Team: Core: Platform
Release: Nolana (R3 2022)

 Description   

As a systems librarian, I want the DELETE methods in the Inventory API endpoints to support and require CQL in order to make batch operations on Inventory records more safe and useful

Background:
This one came up after a Librarian by accident removed all items in Inventory, thinking the API endpoints implemented CQL for all methods.

There are permissions in place in order to prevent these things from happening, so the solution/workaround for CHAL-38 Closed is already in place.

But what this feature could enable, is a great tool for batch deleting things, but at the same time making it harder to make mistakes.

Proposal:
1. Make the Inventory/Items and Inventory/Instances endpoinds support CQL queries
2. Make CQL required for these endpoints.
Optional:
3. Put in some kind of threshold so a user cannot delete more than 20% of the objects in one go.



 Comments   
Comment by Anya [ 12/Jan/22 ]

Charlotte Whitt 

Comment by Aditya Kumar [ 05/Apr/22 ]

Hi Julian Ladisch,

I have noticed a very concerning behavior of this API.
If a user tries to execute the API: DELETE /item-storage/items?query=<query>, it delete all the data on the table mod_inventory_storage.item.

Please note the query parameter sent by the user. The problem is the API actually doesn't expect any query parameter. Ref doc: Item Storage It still goes ahead and delete all the data in table mod_inventory_storage.item. This case is similar for holdings: Ref doc: Holdings Storage

This happened recently with a tenant.

Comment by Julian Ladisch [ 05/Apr/22 ]

Aditya Kumar: This is exactly as documented and as described in this issue's description.

What do you intend with the comment directed to me?

 

Comment by Aditya Kumar [ 07/Apr/22 ]

Hi Julian Ladisch,
I just wanted to bring this to attention as this same scenario occurred again for one of our tenants recently. So There might be a need to find a solution or workaround for this problem.

Comment by Marc Johnson [ 01/Jun/22 ]

Julian Ladisch Jakub Skoczen

I think the timing of this is change is unfortunate, coming only 3 days before the feature freeze for 2022 R2. It would be better if these kinds of changes could be made near the beginning of the release cycle.

I would rather significant (and especially breaking changes) weren't made this close to the release period.

It increases the chances of delaying the module release and that issues will be discovered in the BugFest period rather than in testing activities throughout the development cycle.

If this change goes ahead please:

  • make sure there are changes in all dependent modules for supporting these new interfaces before merging
  • (given the changes to message publishing) contact all of the teams that maintain modules that use the Kafka messages to test that their modules still work with those messages.
Comment by Jakub Skoczen [ 08/Aug/22 ]

Julian Ladisch will you go ahead and merge now that it is reviewed?

Generated at Thu Feb 08 23:19:42 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.