Opened on behalf of @BeckettFrey
Bug
delete_model in src/voxkit/storage/models.py does not validate that model_id (or engine_id) is non-empty before constructing the deletion path. If model_id is an empty string, _get_model_root builds a path to the engine's models root directory itself (<storage_root>/<engine_id>/models/), which exists — so the .exists() check passes and shutil.rmtree deletes every model for that engine.
The sibling function delete_dataset in datasets.py already guards against this:
if not dataset_id:
return False, "Dataset ID cannot be empty."delete_model should have the same guard for both engine_id and model_id.
Steps to reproduce
- Call
delete_model(engine_id="mfa", model_id="")
- All models under the
mfa engine directory are deleted
Suggested fix
Add early-return validation at the top of delete_model:
if not engine_id or not model_id:
return False, "Engine ID and Model ID cannot be empty."Co-authored-by: Beckett Frey 83560790+BeckettFrey@users.noreply.github.com
Opened on behalf of @BeckettFrey
Bug
delete_modelinsrc/voxkit/storage/models.pydoes not validate thatmodel_id(orengine_id) is non-empty before constructing the deletion path. Ifmodel_idis an empty string,_get_model_rootbuilds a path to the engine's models root directory itself (<storage_root>/<engine_id>/models/), which exists — so the.exists()check passes andshutil.rmtreedeletes every model for that engine.The sibling function
delete_datasetindatasets.pyalready guards against this:delete_modelshould have the same guard for bothengine_idandmodel_id.Steps to reproduce
delete_model(engine_id="mfa", model_id="")mfaengine directory are deletedSuggested fix
Add early-return validation at the top of
delete_model:Co-authored-by: Beckett Frey 83560790+BeckettFrey@users.noreply.github.com