doctrine/archived-orm
1
0
Fork 0
mirror of https://github.com/doctrine/orm.git synced 2026-03-24 06:52:09 +01:00
Code Issues 5.3k Packages Projects Releases 100 Wiki Activity

Emptying collection containing Single-Inheritence Discriminated Entity uses dangerous DELETE statement #7386

New Issue
Closed
opened 2026-01-22 15:51:05 +01:00 by admin · 0 comments
admin commented 2026-01-22 15:51:05 +01:00
Owner
Copy Link

Originally created by @gitbugr on GitHub (Jun 14, 2024).

Bug Report

Q A
BC Break no
Version 2.19.5

Summary

Emptying collection containing Single-Inheritence Discriminated Entity uses a dangerous DELETE statements that can lead to unintentionally removed records for different entities within the same single table inheritance.

Current behavior

When an Entity UserA has a property things which is a OneToMany relation with orphanRemoval enabled to an Entity ThingA (references UserA via a property of owner) which is part of a single table hierarchy (using discriminator mapping) extending from AbstractThing, doing the following:

$userA->getThings()->clear();

and persisting+flushing causes the db to receive iterated DELETE statements for the records in the Collection (e.g. DELETE FROM things WHERE id = 1; DELETE FROM things WHERE id = 2; #... etc.)

If instead you do:

class UserA {
    public function setThings(ArrayCollection $things): void
    {
        $this->things = $things;
    }
...
}
...

$userA->setThings(new ArrayCollection());

and persist+flush, then the database instead receives a request of the form DELETE FROM things WHERE owner_id = 1;, without the discriminator column in the WHERE clause.

This can cause a problem in the instance where another Entity in the same hierarchy, ThingB, has an association to a different entity, UserB, using the same property name since this could lead to collisions in the UserA/UserB owned records leading to entities from one being removed due to the deletion of those associated with the other.

How to reproduce

Minimal reproducible example: https://github.com/gitbugr/doctrine-assoc-delete-example

Expected behavior

I would expect the delete directive to include the discriminator column in addition to the id. Or, if $userA->setThings(new ArrayCollection()); is improper, it should be guarded against.

Originally created by @gitbugr on GitHub (Jun 14, 2024). ### Bug Report <!-- Fill in the relevant information below to help triage your issue. --> | Q | A |------------ | ------ | BC Break | no | Version | 2.19.5 #### Summary Emptying collection containing Single-Inheritence Discriminated Entity uses a dangerous DELETE statements that can lead to unintentionally removed records for different entities within the same single table inheritance. #### Current behavior When an Entity `UserA` has a property `things` which is a OneToMany relation with orphanRemoval enabled to an Entity `ThingA` (references `UserA` via a property of `owner`) which is part of a single table hierarchy (using discriminator mapping) extending from `AbstractThing`, doing the following: `$userA->getThings()->clear();` and persisting+flushing causes the db to receive iterated DELETE statements for the records in the Collection (e.g. `DELETE FROM things WHERE id = 1; DELETE FROM things WHERE id = 2; #... etc.`) If instead you do: ``` class UserA { public function setThings(ArrayCollection $things): void { $this->things = $things; } ... } ... $userA->setThings(new ArrayCollection()); ``` and persist+flush, then the database instead receives a request of the form `DELETE FROM things WHERE owner_id = 1;`, without the discriminator column in the WHERE clause. This can cause a problem in the instance where another Entity in the same hierarchy, `ThingB`, has an association to a different entity, `UserB`, using the same property name since this could lead to collisions in the `UserA`/`UserB` owned records leading to entities from one being removed due to the deletion of those associated with the other. #### How to reproduce Minimal reproducible example: https://github.com/gitbugr/doctrine-assoc-delete-example #### Expected behavior I would expect the delete directive to include the discriminator column in addition to the id. Or, if `$userA->setThings(new ArrayCollection());` is improper, it should be guarded against.
admin closed this issue 2026-01-22 15:51:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
BC Break
Bug
Can't Fix
Deprecation
Documentation
DQL
Duplicate
Failing Test
Hacktoberfest
Improvement
Improvement
Incomplete
Invalid
Missing Tests
New Feature
PR Created
pull-request
Mirrored from GitHub Pull Request
 Question
Regression
Status: Waiting feedback
Waiting feedback
WIP
Won't Fix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: doctrine/archived-orm#7386
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?