Endpoint for purging all objects in class

[Marco129]

Special master key only endpoint related to parse-community/parse-dashboard#124
Usage: DELETE /classes/<className>

[codecov-io]

Current coverage is 91.29%

Merging #2032 into master will increase coverage by 0.10%

@@             master      #2032   diff @@
==========================================
  Files            92         93     +1   
  Lines          6517       6537    +20   
  Methods        1161       1169     +8   
  Messages          0          0          
  Branches       1368       1370     +2   
==========================================
+ Hits           5943       5968    +25   
+ Misses          574        569     -5   
  Partials          0          0          

Powered by Codecov. Last updated by 324cd85...4d2be8a

[drew-gross]

We already have deleteObjectsByQuery which will remove all objects if you pass {} as the query. Can you use that instead?

[ghost]

@Marco129 updated the pull request.

[ghost]

@Marco129 updated the pull request.

[drew-gross]

We'll need to do something similar for role cache. Probably also worth adding a test to make sure that deleting all objects actually causes the cache to get cleared (eg. create a role, add a user to it, delete all roles using this endpoint, and ensure that the user no longer has access to objects that only that role could access)

[drew-gross]

Needs a few changes, which I see you are already starting on :) You should join our development slack channel, shoot me an email (see my profile) and I can add you.

[ghost]

@Marco129 updated the pull request.

[ghost]

@Marco129 updated the pull request.

[drew-gross]

Seems like tests are failing now :( maybe something you were relying on changed?

[Marco129]

They passed on local :( will take a look again

[drew-gross]

Might be fixed by #2038.

[ghost]

@Marco129 updated the pull request.

[drew-gross]

Yeah , the failures look like the exact same symptoms as the deepcopy 0.6.1 symptoms. Rebasing onto master should fix the issue.

[ghost]

@Marco129 updated the pull request.

[ghost]

@Marco129 updated the pull request.

[drew-gross]

Looks good to me. Since this involves a new public API, I'm wait a bit more to see if anyone else has any comments.

[lklots]

if someone screws up a delete request and posts /1/classes/${className}/${undefined} will this delete the whole collection? If so that is truly terrible. I would suggest requiring users to pass an additional header like: "X-I-KNOW-WHAT-I-AM-DOING-AND-WILLING-TO-PAY-THE-CONSEQUENCES" or something similar.

[drew-gross]

That is actually a really good point. The endpoint does require the master key, but you could be deleting an object using buggy cloud code, where the master key is expected to be used, and also you may end up with an empty string there accidentally.

[drew-gross]

In the old Parse.com API we would use something like /collections/:className/clear, but it's conceivable that there could be an object whose id is clear so I don't want to go with DELETE /classes/:className/clear.

What about DELETE /purge/:className? I'm not a huge fan of the idea of using a header, that would make implementing "Delete all rows" on the dashboard unnecessarily complicated, and also it would make it impossible to use this endpoint from the API Console.

[lklots]

reasonable compromise! /purge/++

[flovilmart]

Why not on the schema endpoint then?

[flovilmart]

Purge endpoint makes sense

[blacha]

Why do we limit this by master key, could we not allow a user to delete all their data?

[ghost]

@Marco129 updated the pull request.

[facebook-github-bot]

@Marco129 updated the pull request.

[drew-gross]

Cool, I think we've reached a good consensus. If people have other ideas, we can still change this before we push the next release.

@blacha allowing a user to delete all data they have write access for seems a little dangerous to me. I think we would want to restrict to classes they also have find permission on, as people may be protecting objects by preventing their object ID from getting out. I think it could be a good idea, but needs more thought.