Prevent update on SELECT result
It is possible to submit a SELECT query, modify the result and update it. This easily allows to cause unexepected data loss.
How should this be prevented? Should this be done by the client or by the server (or both)?
DoD
- Reproduced
- Tests written caosdb-pyinttest!10 (merged)
This issue only covers the confirmation. See caosdb-server#155 for the fix
Activity
added BugUnconfirmed label
changed iteration to Sprint Jun 14, 2021 - Jun 25, 2021
added Statusnext label
added Statustodo label and removed Statusnext label
added (B label
added P2 label
added Statusdoing label and removed Statustodo label
This is not easily possible to do by mistake at least: The return of a SELECT query doesn't have parents, so
import caosdb as db prop1 = db.Property(name="TestProp1", datatype=db.TEXT).insert() prop2 = db.Property(name="TestProp2", datatype=db.TEXT).insert() rt = db.RecordType(name="TestType").insert() rec = db.Record(name="TestRec").add_parent(rt) rec.add_property(name=prop1.name, value="Bla") rec.add_property(name=prop2.name, value="BlaBla") rec.insert() selected = db.execute_query("SELECT {} FROM RECORD {}".format(prop1.name, rt.name))[0] selected.update()will result in a
TransactionError. However, with an additionalselected.add_parent(rt)before theupdate, the update will work andTestRecwill be overwritten (and thus, dropTestProp2).added BugConfirmed label and removed BugUnconfirmed label
changed milestone to %Story Telling
-
On Hold until discussed in story telling.
added On Hold Statustodo labels and removed Statusdoing label
removed On Hold label
removed milestone %Story Telling
mentioned in issue caosdb-server#155
mentioned in merge request caosdb-pyinttest!10 (merged)
-
@timm Please review caosdb-pyinttest!10 (merged)
added StatusReview label and removed Statustodo label
assigned to @timm
removed StatusReview label