Deleting Plugin Objects was not possible #1486

Signed-off-by: jokob-sk <jokob.sk@gmail.com>
2026-02-06 13:01:30 -05:00 · 2026-02-05 11:57:37 +11:00
parent 76d37edc63
commit 1b6dc94bae
4 changed files with 29 additions and 16 deletions
--- a/front/pluginsCore.php
+++ b/front/pluginsCore.php
@@ -572,7 +572,7 @@ function purgeAllExecute() {
    data: JSON.stringify({
      dbtable: dbTable,
      columnName: 'Plugin',
-      id: plugPrefix
+      id: [plugPrefix]
    }),
    contentType: "application/json",
    success: function(response, textStatus) {
@@ -603,15 +603,18 @@ function deleteListed(plugPrefixArg, dbTableArg) {

  // Ask for confirmation
  showModalWarning(`${getString('Gen_Purge')} ${plugPrefix} ${dbTable}`, `${getString('Gen_AreYouSure')} (${idArr.length})`,
-    `${getString('Gen_Cancel')}`, `${getString('Gen_Okay')}`, "deleteListedExecute");
+    `${getString('Gen_Cancel')}`, `${getString('Gen_Okay')}`,  () => deleteListedExecute(idArr));
 }

 // --------------------------------------------------------
-function deleteListedExecute() {
+function deleteListedExecute(idArr) {
  const apiBase = getApiBase();
  const apiToken = getSetting("API_TOKEN");
  const url = `${apiBase}/dbquery/delete`;

+  console.log(idArr);
+
+
  $.ajax({
    method: "POST",
    url: url,
@@ -619,7 +622,7 @@ function deleteListedExecute() {
    data: JSON.stringify({
      dbtable: dbTable,
      columnName: 'Index',
-      id: idArr.toString()
+      id: idArr
    }),
    contentType: "application/json",
    success: function(response, textStatus) {
--- a/server/api_server/api_server_start.py
+++ b/server/api_server/api_server_start.py
@@ -1287,14 +1287,22 @@ def dbquery_update(payload=None):
 def dbquery_delete(payload=None):
    data = request.get_json() or {}
    required = ["columnName", "id", "dbtable"]
-    if not all(data.get(k) for k in required):
-        return jsonify({"success": False, "message": "ERROR: Missing parameters", "error": "Missing required 'columnName', 'id', or 'dbtable' query parameter"}), 400
+    if not all(k in data and data[k] for k in required):
+        return jsonify({
+            "success": False,
+            "message": "ERROR: Missing parameters",
+            "error": "Missing required 'columnName', 'id', or 'dbtable' query parameter"
+        }), 400

-    return delete_query(
-        column_name=data["columnName"],
-        ids=data["id"],
-        dbtable=data["dbtable"],
-    )
+    dbtable = data["dbtable"]
+    column_name = data["columnName"]
+    ids = data["id"]
+
+    # Ensure ids is a list
+    if not isinstance(ids, list):
+        ids = [ids]
+
+    return delete_query(column_name, ids, dbtable)


 # --------------------------
--- a/server/api_server/dbquery_endpoint.py
+++ b/server/api_server/dbquery_endpoint.py
@@ -11,6 +11,7 @@ INSTALL_PATH = os.getenv("NETALERTX_APP", "/app")
 sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"])

 from database import get_temp_db_connection  # noqa: E402 [flake8 lint suppression]
+from logger import mylog  # noqa: E402 [flake8 lint suppression]


 def read_query(raw_sql_b64):
@@ -82,17 +83,18 @@ def delete_query(column_name, ids, dbtable):
        conn = get_temp_db_connection()
        cur = conn.cursor()

-        if not isinstance(ids, list):
-            ids = [ids]
-
        deleted_count = 0
        for id_val in ids:
-            sql = f"DELETE FROM {dbtable} WHERE {column_name} = ?"
+            # Wrap table and column in quotes to handle reserved words
+            sql = f'DELETE FROM "{dbtable}" WHERE "{column_name}" = ?'
+            mylog("debug", f"[delete_query] sql {sql} with id={id_val}")
            cur.execute(sql, (id_val,))
            deleted_count += cur.rowcount

        conn.commit()
        conn.close()
        return jsonify({"success": True, "deleted_count": deleted_count})
+
    except Exception as e:
        return jsonify({"success": False, "error": str(e)}), 400
+
--- a/server/api_server/openapi/schemas.py
+++ b/server/api_server/openapi/schemas.py
@@ -44,7 +44,7 @@ ALLOWED_NMAP_MODES = Literal[

 NOTIFICATION_LEVELS = Literal["info", "warning", "error", "alert", "interrupt"]

-ALLOWED_TABLES = Literal["Devices", "Events", "Sessions", "Settings", "CurrentScan", "Online_History", "Plugins_Objects"]
+ALLOWED_TABLES = Literal["Devices", "Events", "Sessions", "Settings", "CurrentScan", "Online_History", "Plugins_Objects", "Plugins_History"]

 ALLOWED_LOG_FILES = Literal[
    "app.log", "app_front.log", "IP_changes.log", "stdout.log", "stderr.log",