Delete constraint


(TW) #1

Let say I have a User with Posts, and I expose DELETE /posts/{postId} as REST API.

Obviously, I don’t want people to delete other people’s post, so I check that the passed postId belongs to the currently logged in user before telling Dgraph to delete the post. How do I do that in one transaction?

I tried the approach below because I thought the whole process would be aborted if POST_ID(123) doesn’t belong to USER_ID(john), but apparently Dgraph doesn’t check for that.

{
	"delete": [
		{
			"uid": "USER_ID(john)",
			"post": [
				{
					"uid": "POST_ID(123)"
				}
			]
		},
		{
			"uid": "POST_ID(123)"
		}
	]
}

(Michel Conrado) #2

You open a transaction, do a query, do your checks in the application side and then use the same transaction to do a mutation based on your checks.

Dgraph never checks anything about that. Unless of course if you use upsert procedure.

BTW Soon you gonna be able to do it in a single operation, using upsert block.


(system) closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.