Skip to content

Bug update document uid with delete #891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
abnegate merged 16 commits into from
Jun 16, 2026
Merged

Bug update document uid with delete #891

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
0b6c76a
uid change
fogelito Jun 14, 2026
20dd6e4
Database.php
fogelito Jun 14, 2026
9898ed1
Add tests
fogelito Jun 14, 2026
b9d2a24
Uid change
fogelito Jun 14, 2026
f8a17ad
Delete old
fogelito Jun 14, 2026
49826b6
try finally
fogelito Jun 14, 2026
ef6a7dd
Get current permissions from the database
fogelito Jun 14, 2026
e5a4946
line
fogelito Jun 15, 2026
a77ed3e
Use binds
fogelito Jun 15, 2026
ea369c6
space
fogelito Jun 15, 2026
dd5c81c
Postgres adapter:
fogelito Jun 15, 2026
2cb0fa6
SQLite.php
fogelito Jun 15, 2026
7665831
stan
fogelito Jun 15, 2026
903107a
duplicate test
fogelito Jun 15, 2026
26d93bc
code QL
fogelito Jun 15, 2026
e6cb341
Sequence is immutable
fogelito Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
147 changes: 23 additions & 124 deletions src/Database/Adapter/MariaDB.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -980,155 +980,55 @@ public function updateDocument(Document $collection, string $id, Document $docum
$attributes['_createdAt'] = $document->getCreatedAt();
$attributes['_updatedAt'] = $document->getUpdatedAt();
$attributes['_permissions'] = json_encode($document->getPermissions());
$attributes['_uid'] = $document->getId();

$name = $this->filter($collection);
$columns = '';

if (!$skipPermissions) {
$newUid = $document->offsetExists('$id') ? $document->getId() : $id;

$sql = "
SELECT _type, _permission
FROM {$this->getSQLTable($name . '_perms')}
DELETE FROM {$this->getSQLTable($name . '_perms')}
WHERE _document = :_uid
{$this->getTenantQuery($collection)}
";
";

$sql = $this->trigger(Database::EVENT_PERMISSIONS_READ, $sql);

/**
* Get current permissions from the database
*/
$sqlPermissions = $this->getPDO()->prepare($sql);
$sqlPermissions->bindValue(':_uid', $document->getId());
$sql = $this->trigger(Database::EVENT_PERMISSIONS_DELETE, $sql);

$stmtRemovePermissions = $this->getPDO()->prepare($sql);
$stmtRemovePermissions->bindValue(':_uid', $id);
if ($this->sharedTables) {
$sqlPermissions->bindValue(':_tenant', $this->tenant);
$stmtRemovePermissions->bindValue(':_tenant', $this->tenant);
}

$sqlPermissions->execute();
$permissions = $sqlPermissions->fetchAll();
$sqlPermissions->closeCursor();

$initial = [];
foreach (Database::PERMISSIONS as $type) {
$initial[$type] = [];
}

$permissions = array_reduce($permissions, function (array $carry, array $item) {
$carry[$item['_type']][] = $item['_permission'];

return $carry;
}, $initial);

/**
* Get removed Permissions
*/
$removals = [];
$values = [];
$binds = [];
foreach (Database::PERMISSIONS as $type) {
$diff = \array_diff($permissions[$type], $document->getPermissionsByType($type));
if (!empty($diff)) {
$removals[$type] = $diff;
}
}

/**
* Get added Permissions
*/
$additions = [];
foreach (Database::PERMISSIONS as $type) {
$diff = \array_diff($document->getPermissionsByType($type), $permissions[$type]);
if (!empty($diff)) {
$additions[$type] = $diff;
}
}

/**
* Query to remove permissions
*/
$removeQuery = '';
if (!empty($removals)) {
$removeQuery = ' AND (';
foreach ($removals as $type => $permissions) {
$removeQuery .= "(
_type = '{$type}'
AND _permission IN (" . implode(', ', \array_map(fn (string $i) => ":_remove_{$type}_{$i}", \array_keys($permissions))) . ")
)";
if ($type !== \array_key_last($removals)) {
$removeQuery .= ' OR ';
}
foreach ($document->getPermissionsByType($type) as $i => $permission) {
$tenantPlaceholder = $this->sharedTables ? ', :_tenant' : '';
$values[] = "( :_uid, '{$type}', :_add_{$type}_{$i} {$tenantPlaceholder})";
$binds[":_add_{$type}_{$i}"] = $permission;
Comment thread
coderabbitai[bot] marked this conversation as resolved.
}
}
if (!empty($removeQuery)) {
$removeQuery .= ')';
$sql = "
DELETE
FROM {$this->getSQLTable($name . '_perms')}
WHERE _document = :_uid
{$this->getTenantQuery($collection)}
";

$removeQuery = $sql . $removeQuery;

$removeQuery = $this->trigger(Database::EVENT_PERMISSIONS_DELETE, $removeQuery);

$stmtRemovePermissions = $this->getPDO()->prepare($removeQuery);
$stmtRemovePermissions->bindValue(':_uid', $document->getId());

if ($this->sharedTables) {
$stmtRemovePermissions->bindValue(':_tenant', $this->tenant);
}

foreach ($removals as $type => $permissions) {
foreach ($permissions as $i => $permission) {
$stmtRemovePermissions->bindValue(":_remove_{$type}_{$i}", $permission);
}
}
}

/**
* Query to add permissions
*/
if (!empty($additions)) {
$values = [];
foreach ($additions as $type => $permissions) {
foreach ($permissions as $i => $_) {
$value = "( :_uid, '{$type}', :_add_{$type}_{$i}";

if ($this->sharedTables) {
$value .= ", :_tenant)";
} else {
$value .= ")";
}

$values[] = $value;
}
}
if (!empty($values)) {
$tenantColumn = $this->sharedTables ? ', _tenant' : '';

$sql = "
INSERT INTO {$this->getSQLTable($name . '_perms')} (_document, _type, _permission
";

if ($this->sharedTables) {
$sql .= ', _tenant)';
} else {
$sql .= ')';
}

$sql .= " VALUES " . \implode(', ', $values);
INSERT INTO {$this->getSQLTable($name . '_perms')} (_document, _type, _permission {$tenantColumn})
VALUES " . \implode(', ', $values);

$sql = $this->trigger(Database::EVENT_PERMISSIONS_CREATE, $sql);

$stmtAddPermissions = $this->getPDO()->prepare($sql);

$stmtAddPermissions->bindValue(":_uid", $document->getId());

$stmtAddPermissions->bindValue(":_uid", $newUid);
if ($this->sharedTables) {
$stmtAddPermissions->bindValue(":_tenant", $this->tenant);
}

foreach ($additions as $type => $permissions) {
foreach ($permissions as $i => $permission) {
$stmtAddPermissions->bindValue(":_add_{$type}_{$i}", $permission);
}
foreach ($binds as $key => $permission) {
$stmtAddPermissions->bindValue($key, $permission);
}
}
}
Expand Down Expand Up @@ -1168,7 +1068,7 @@ public function updateDocument(Document $collection, string $id, Document $docum

$sql = "
UPDATE {$this->getSQLTable($name)}
SET {$columns} _uid = :_newUid
SET " . \rtrim($columns, ',') . "
WHERE _id=:_sequence
{$this->getTenantQuery($collection)}
";
Expand All @@ -1178,7 +1078,6 @@ public function updateDocument(Document $collection, string $id, Document $docum
$stmt = $this->getPDO()->prepare($sql);

$stmt->bindValue(':_sequence', $document->getSequence());
$stmt->bindValue(':_newUid', $document->getId());

if ($this->sharedTables) {
$stmt->bindValue(':_tenant', $this->tenant);
Expand Down
126 changes: 20 additions & 106 deletions src/Database/Adapter/Postgres.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1139,140 +1139,55 @@ public function updateDocument(Document $collection, string $id, Document $docum
$attributes['_createdAt'] = $document->getCreatedAt();
$attributes['_updatedAt'] = $document->getUpdatedAt();
$attributes['_permissions'] = json_encode($document->getPermissions());
$attributes['_uid'] = $document->getId();

$name = $this->filter($collection);
$columns = '';

if (!$skipPermissions) {
$newUid = $document->offsetExists('$id') ? $document->getId() : $id;

$sql = "
SELECT _type, _permission
FROM {$this->getSQLTable($name . '_perms')}
DELETE FROM {$this->getSQLTable($name . '_perms')}
WHERE _document = :_uid
{$this->getTenantQuery($collection)}
";

$sql = $this->trigger(Database::EVENT_PERMISSIONS_READ, $sql);

/**
* Get current permissions from the database
*/
$permissionsStmt = $this->getPDO()->prepare($sql);
$permissionsStmt->bindValue(':_uid', $document->getId());
$sql = $this->trigger(Database::EVENT_PERMISSIONS_DELETE, $sql);

$stmtRemovePermissions = $this->getPDO()->prepare($sql);
$stmtRemovePermissions->bindValue(':_uid', $id);
if ($this->sharedTables) {
$permissionsStmt->bindValue(':_tenant', $this->tenant);
$stmtRemovePermissions->bindValue(':_tenant', $this->tenant);
}

$this->execute($permissionsStmt);
$permissions = $permissionsStmt->fetchAll();
$permissionsStmt->closeCursor();

$initial = [];
$values = [];
$binds = [];
foreach (Database::PERMISSIONS as $type) {
$initial[$type] = [];
}

$permissions = array_reduce($permissions, function (array $carry, array $item) {
$carry[$item['_type']][] = $item['_permission'];

return $carry;
}, $initial);

/**
* Get removed Permissions
*/
$removals = [];
foreach (Database::PERMISSIONS as $type) {
$diff = \array_diff($permissions[$type], $document->getPermissionsByType($type));
if (!empty($diff)) {
$removals[$type] = $diff;
}
}

/**
* Get added Permissions
*/
$additions = [];
foreach (Database::PERMISSIONS as $type) {
$diff = \array_diff($document->getPermissionsByType($type), $permissions[$type]);
if (!empty($diff)) {
$additions[$type] = $diff;
}
}

/**
* Query to remove permissions
*/
$removeQuery = '';
if (!empty($removals)) {
$removeQuery = ' AND (';
foreach ($removals as $type => $permissions) {
$removeQuery .= "(
_type = '{$type}'
AND _permission IN (" . implode(', ', \array_map(fn (string $i) => ":_remove_{$type}_{$i}", \array_keys($permissions))) . ")
)";
if ($type !== \array_key_last($removals)) {
$removeQuery .= ' OR ';
}
foreach ($document->getPermissionsByType($type) as $i => $permission) {
$sqlTenant = $this->sharedTables ? ', :_tenant' : '';
$values[] = "( :_uid, '{$type}', :_add_{$type}_{$i} {$sqlTenant})";
$binds[":_add_{$type}_{$i}"] = $permission;
}
}
if (!empty($removeQuery)) {
$removeQuery .= ')';

$sql = "
DELETE
FROM {$this->getSQLTable($name . '_perms')}
WHERE _document = :_uid
{$this->getTenantQuery($collection)}
";

$removeQuery = $sql . $removeQuery;

$removeQuery = $this->trigger(Database::EVENT_PERMISSIONS_DELETE, $removeQuery);
$stmtRemovePermissions = $this->getPDO()->prepare($removeQuery);
$stmtRemovePermissions->bindValue(':_uid', $document->getId());

if ($this->sharedTables) {
$stmtRemovePermissions->bindValue(':_tenant', $this->tenant);
}

foreach ($removals as $type => $permissions) {
foreach ($permissions as $i => $permission) {
$stmtRemovePermissions->bindValue(":_remove_{$type}_{$i}", $permission);
}
}
}

/**
* Query to add permissions
*/
if (!empty($additions)) {
$values = [];
foreach ($additions as $type => $permissions) {
foreach ($permissions as $i => $_) {
$sqlTenant = $this->sharedTables ? ', :_tenant' : '';
$values[] = "( :_uid, '{$type}', :_add_{$type}_{$i} {$sqlTenant})";
}
}

if (!empty($values)) {
$sqlTenant = $this->sharedTables ? ', _tenant' : '';

$sql = "
INSERT INTO {$this->getSQLTable($name . '_perms')} (_document, _type, _permission {$sqlTenant})
VALUES" . \implode(', ', $values);
VALUES " . \implode(', ', $values);

$sql = $this->trigger(Database::EVENT_PERMISSIONS_CREATE, $sql);

$stmtAddPermissions = $this->getPDO()->prepare($sql);
$stmtAddPermissions->bindValue(":_uid", $document->getId());
$stmtAddPermissions->bindValue(":_uid", $newUid);
if ($this->sharedTables) {
$stmtAddPermissions->bindValue(':_tenant', $this->tenant);
}

foreach ($additions as $type => $permissions) {
foreach ($permissions as $i => $permission) {
$stmtAddPermissions->bindValue(":_add_{$type}_{$i}", $permission);
}
foreach ($binds as $key => $permission) {
$stmtAddPermissions->bindValue($key, $permission);
}
}
}
Expand Down Expand Up @@ -1312,7 +1227,7 @@ public function updateDocument(Document $collection, string $id, Document $docum

$sql = "
UPDATE {$this->getSQLTable($name)}
SET {$columns} _uid = :_newUid
SET " . \rtrim($columns, ',') . "
WHERE _id=:_sequence
{$this->getTenantQuery($collection)}
";
Expand All @@ -1322,7 +1237,6 @@ public function updateDocument(Document $collection, string $id, Document $docum
$stmt = $this->getPDO()->prepare($sql);

$stmt->bindValue(':_sequence', $document->getSequence());
$stmt->bindValue(':_newUid', $document->getId());

if ($this->sharedTables) {
$stmt->bindValue(':_tenant', $this->tenant);
Expand Down
Loading
Loading