feat: implement cascading deletion for related records in delete endpoint

Pavlo Kulyk · Pavlo Kulyk · commit ca65f67c8d5f · 2026-02-25T16:14:21.000+02:00
diff --git a/adminforth/modules/restApi.ts b/adminforth/modules/restApi.ts
@@ -1452,6 +1452,30 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             }
         }
     });
+    async function handleCascadeOnDelete(parentResource: AdminForthResource, parentId: any) {
+      const adminforth = this.adminforth;
+      for (const resource of adminforth.config.resources) {
+        if (resource.resourceId === parentResource.resourceId) continue;
+        const foreignKeyColumn = resource.columns.find(c => c.foreignResource?.resourceId === parentResource.resourceId
+        );
+        if (!foreignKeyColumn) continue;
+        const deleteStrategy = foreignKeyColumn.foreignResource?.onDelete ?? 'null';
+        const primaryKeyColumn = resource.columns.find(c => c.primaryKey);
+        if (!primaryKeyColumn) continue;
+        const childRecords = await adminforth.resource(resource.resourceId).list([Filters.EQ(foreignKeyColumn.name, parentId)]);
+        for (const record of childRecords) {
+          const childId = record[primaryKeyColumn.name];
+          if (deleteStrategy === 'cascade') {
+            await handleCascadeOnDelete.call(this, resource, childId);
+            await adminforth.resource(resource.resourceId).delete(childId);
+            continue;
+          }
+          if (deleteStrategy === 'setNull') {
+            await adminforth.resource(resource.resourceId).update(childId, {[foreignKeyColumn.name]: null,});
+          }
+        }
+      }
+    }
     server.endpoint({
         method: 'POST',
         path: '/delete_record',
@@ -1464,23 +1488,10 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             if (!record){
                 return { error: `Record with ${body['primaryKey']} not found` };
             }
-            if (resource.options.allowedActions.delete === false) {
+            if (!resource.options.allowedActions.delete) {
                 return { error: `Resource '${resource.resourceId}' does not allow delete action` };
             }
-
-            const { allowedActions } = await interpretResource(
-              adminUser, 
-              resource, 
-              { requestBody: body, record: record }, 
-              ActionCheckSource.DeleteRequest,
-              this.adminforth
-            );
-
-            const { allowed, error } = checkAccess(AllowedActionsEnum.delete, allowedActions);
-            if (!allowed) {
-              return { error };
-            }
-
+            await handleCascadeOnDelete.call(this, resource, body['primaryKey']);
             const { error: deleteError } = await this.adminforth.deleteResourceRecord({ 
               resource, record, adminUser, recordId: body['primaryKey'], response, 
               extra: { body, query, headers, cookies, requestUrl, response } 
