Performance Boost: Optimize RLS Delete Engine to Run Atomically

[yash-pouranik]

Description

Inside our security parsing framework (authorizeWriteOperation.js), verifying resource authorship for data alterations (like DELETE and PUT methods) requires pulling down the active file resource first. While this design layout works safely, it doubles our database server load by executing two round-trip database requests for every single deletion operation.

Expected Behavior

Instead of pulling document objects into runtime memory stacks to parse authorization keys, ownership checks should be integrated directly into the primary MongoDB query context filter dynamically.

Technical Implementation Checklist

• Refactor the deleteSingleDoc endpoint pipeline to accept inline database parameters.
• Construct a uniform query definition object: const deleteFilter = { _id: id };
• Intercept collection flags. If req.currentCollectionMeta.isRlsEnabled resolves to true, extract the targeted identifier payload (ownerField) and map it straight into the filter layout:

  const ownerField = req.currentCollectionMeta.ownerField || 'ownerId';
  deleteFilter[ownerField] = req.authUserId;

• Fire an atomic execution call: const result = await TargetModel.deleteOne(deleteFilter);
• Evaluate the operational metrics data loop. If result.deletedCount === 0, return a structured error response: 404 Not Found or unauthorized.

Technology Stack

• Node.js, Express, Mongoose / MongoDB Atlas

[Ayush4958]

Hi @yash-pouranik ,
I would like to work on this issue

[yash-pouranik]

@Ayush4958
u can work only on 1 issue at a time.
select one and mention there only

[Ayush4958]

@Ayush4958 u can work only on 1 issue at a time. select one and mention there only

Ohk , understand it

[Ayush4958]

@yash-pouranik ,
I wanted to work on this issue
#217

[ShreyasPatil3105]

Hi @yash-pouranik, I noticed the previous contributor opted for #217 instead. I'd love to take ownership of this optimization. Wrapping the authorization and deletion logic into a single atomic database transaction is critical for preventing race conditions and ensuring data integrity. I am highly comfortable working with Node.js and MongoDB transactional pipelines. Could you please assign this to me for GSSoC '26?

[yash-pouranik]

Bro I already told if U are pickiing a big issue, u can only work one at a time
and u commented on 2 issues?
confirm on which one u did like to work?
@ShreyasPatil3105

[ShreyasPatil3105]

Hi @yash-pouranik, thanks for the clarification—completely understood. I want to respect the project's workflow and ensure the best quality for these fixes.
I would like to move forward with Issue #216 (Quota Evasion Loophole). I will withdraw my interest in #218 to free it up for others. I’m ready to dive into the updateSingleData pipeline and implement the BSON.calculateObjectSize() validation immediately.

[Ayush4958]

Hi @yash-pouranik ,
My PR for assigned issue is under review ,
So can I work on this issue or had to wait for PR to merge and
then can work on this one , just clarifying some doubts

thanks

[yash-pouranik]

yes u can atleast get assigned,
but first please fix the PR, then work on this

[yash-pouranik]

@Ayush4958