[GitHub] [incubator-superset] robdiciuccio commented on a change in pull request #8972: [dashboards] New, API for Bulk delete

Fri, 17 Jan 2020 16:50:54 -0800 

robdiciuccio commented on a change in pull request #8972: [dashboards] New, API 
for Bulk delete
URL: 
https://github.com/apache/incubator-superset/pull/8972#discussion_r368191125
 
 

 ##########
 File path: superset/views/dashboard/api.py
 ##########
 @@ -320,6 +326,88 @@ def post(self):
         except SQLAlchemyError as e:
             return self.response_422(message=str(e))
 
+    @expose("/", methods=["DELETE"])
+    @protect()
+    @safe
+    @rison(get_delete_ids_schema)
+    def multiple_delete(self, **kwargs):  # pylint: disable=arguments-differ
+        """Delete multiple Dashboards
+        ---
+        delete:
+          parameters:
+          - in: query
+            name: q
+            content:
+              application/json:
+                schema:
+                  type: array
+                  items:
+                    type: integer
+          responses:
+            200:
+              description: Dashboard multiple delete
+              content:
+                application/json:
+                  schema:
+                    type: object
+                    properties:
+                      message:
+                        type: string
+                      count:
+                        description: Number of deleted dashboards
+                        type: integer
+            401:
+              $ref: '#/components/responses/401'
+            403:
+              description: Dashboard multiple delete
+              content:
+                application/json:
+                  schema:
+                    type: object
+                    properties:
+                      message:
+                        type: string
+                      count:
+                        description: Number of deleted dashboards
+                        type: integer
+            404:
+              $ref: '#/components/responses/404'
+            422:
+              $ref: '#/components/responses/422'
+            500:
+              $ref: '#/components/responses/500'
+        """
+        query = self.datamodel.session.query(Dashboard).filter(
+            Dashboard.id.in_(kwargs["rison"])
+        )
+        items = self._base_filters.apply_all(query).all()
+        if not items:
+            return self.response_404()
+        delete_count = 0
+        status_code = 200
+        for item in items:
+            try:
+                check_ownership(item)
+                self.datamodel.delete(item, raise_exception=True)
 
 Review comment:
   +1 on checking ownership before deletion. Currently, if the user attempts to 
delete a mix of dashboards that do and do not own, they will be left in an 
unclear state. If the user requests to delete something they don't have 
permission to delete, the request should fail without any dashboards being 
modified/deleted, IMO.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to