DR-000024 - Deletion of core-module records may leave dangling references from non-core modules

Owned by Radhakrishnan Gopalakrishnan
Last updated: May 06, 2024 by Jenn Colt
3 min read
Submitted Date

  

Approved Date

 

Status

SUPERSEDED by DR-000029 - Data consistency and message driven approach

ImpactMEDIUM

 

Overrides/Supersedes 

This decision was migrated from the Tech Leads Decision Log as part of a consolidation process.  The original decision record can be found here.

This decision is now superseded by Data consistency and message driven approach.

RFC 

N/A

Stakeholders

  • Front-end and back-end devs of non-core modules that hold references to records in core-modules

Contributors

Zak Burke 

Approvers

This decision was made by the Tech Leads group prior to the adoption of current decision making processes within the FOLIO project.

Background/Context

  • Deletion of records by core UI modules is problematic because it may leave dangling references to deleted records in non-core modules. Core modules are at the bottom of the hierarchy, unaware of the modules that sit above them in the hierarchy; this prevents core modules from issuing queries to identify such references. This is succinctly, if frustratingly, captured in the PR discussion related to UITEN-128.
  • Even if we can resolve this in the UI (see notes, below) the possibility remains that direct API requests to delete records may leave dangling references in other parts of the system.

Assumptions

N/A

Constraints

N/A

Rationale

Analysis and options

Basically, 2 main alternatives can be suggested for the provided context:

Alternative option

Brief description

Potential use cases

Cascade deletiondeleting a code-module record leads to all non-core-modules records referring to it must also be deleted
  • cascade deletion of outdated records
Soft deletiona core-module record is not being physically deleted but is being rather marked with a specific dedicated flag (e.g. is_deleted = true / false)
  • manual deletion made by end users

It looks that both options can be viable for FOLIO depending on particular use case.

It worth also noting that UICR-125 - Data corruption. When holding/item data are moved in Inventory, then the item in Courses is not updated accordingly OPENcase is slightly different and is about dangling references while not deletion but moving of a core-module record; neither cascade nor soft deletion is applicable here. At the same time, this case and cascade deletion case have one great similarity - in both, non-core-modules are to be notified about a change in core-module. In this context, a robust notification channel with guaranteed delivery to transfer change events from one module (say, module-source) to another module (say, module-recipient) is required.  More details are on Data consistency and message driven approach # Notification channel.

Soft deletion option

More details regarding this option.

  • Q: It requires that every client understands that deleted records might be present and when the API will provide them and when it will not.
    • A: Sure, every client should know the rules of the game. Though once the rules will be agreed and shared, it's just a platform-wide knowledge
  • Q: Let's say a loan references an item, that item is then soft-deleted, when the loan is presented in the UI, would the item information be presented or not?
    • A: Yes, the loan is available, and the item information still can be retrieved by a single endpoint. At the same time, loan UI should be able to notify end user that the item has been deleted (via a warning message, or via a dedicated UI field, or via disabling of editing particular values received from the item

High level actions required for core / non-core modules are shown below:

Core module

Another module referencing core module

  • add an is_deleted flag to schema via Liquibase with false as a default value
  • Create - new records are to be created with is_deleted=false
  • Read
    • collection endpoint only returns not-deleted records
    • single endpoint can return both deleted and not-deleted records
  • Update - add a check for every update - update of a record with is_deleted=false is only allowed
  • Delete - implement soft-deletion with setting is_deleted to true
  • add an UI element showing if a record from code module is deleted or not, or disable editing of fields came from core module, or add a message to end user with the warning that a core module record this record is referencing to, is deleted

Decision

Yikes

Implications

  • Pros
    • N/A
  • Cons
    • N/A

Other Related Resources

Notes
  • It may be possible to mitigate this in the UI by using the "handler" app-type to function as an event bus (since the UI bundle is deployed as a monolith, events published in one module could, potentially, be acted upon by another) but we don't actually have anything like this in production yet. We do have handler-modules, but don't have an established protocol for apps to issue their own events. 
JIRAs
  • UITEN-128 - Permissions Architecture: Courses error when trying to delete location in BugFest CLOSED
  • UITEN-74 - Refuse to delete a location if it's in use by a course-listing or a course-reserve CLOSED
  • UITEN-75 - Refuse to delete a service-point if it's in use by a course-listing CLOSED
  • UICR-125 - Data corruption. When holding/item data are moved in Inventory, then the item in Courses is not updated accordingly OPEN