From 60179b1790ba7fcfa70783d75b2e430824d4caa5 Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Fri, 17 May 2024 14:54:40 +1200
Subject: [PATCH] Fix not account for abuse/audit on project delete

---
 src/Appwrite/Platform/Workers/Deletes.php | 37 +++++++++++++----------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/Appwrite/Platform/Workers/Deletes.php b/src/Appwrite/Platform/Workers/Deletes.php
index b08bfb027a..36d9dbd4f0 100644
--- a/src/Appwrite/Platform/Workers/Deletes.php
+++ b/src/Appwrite/Platform/Workers/Deletes.php
@@ -443,7 +443,7 @@ class Deletes extends Action
      * @param Document $document
      * @return void
      * @throws Authorization
-     * @throws \Utopia\Database\Exception
+     * @throws DatabaseException
      * @throws Conflict
      * @throws Restricted
      * @throws Structure
@@ -471,11 +471,10 @@ class Deletes extends Action
      * @return void
      * @throws Exception
      * @throws Authorization
-     * @throws \Utopia\Database\Exception
+     * @throws DatabaseException
      */
     private function deleteProject(Database $dbForConsole, callable $getProjectDB, Device $deviceForFiles, Device $deviceForFunctions, Device $deviceForBuilds, Device $deviceForCache, Document $document): void
     {
-        $projectId = $document->getId();
         $projectInternalId = $document->getInternalId();
 
         try {
@@ -486,24 +485,18 @@ class Deletes extends Action
         }
 
         $dbForProject = $getProjectDB($document);
-        $projectCollectionIds = \array_keys(Config::getParam('collections', [])['projects']);
+
+        $projectCollectionIds = [
+            ...\array_keys(Config::getParam('collections', [])['projects']),
+            Audit::COLLECTION,
+            TimeLimit::COLLECTION,
+        ];
+
         $limit = \count($projectCollectionIds) + 25;
 
         while (true) {
             $collections = $dbForProject->listCollections($limit);
 
-            if ($dsn->getHost() === DATABASE_SHARED_TABLES) {
-                $collectionsIds = \array_map(fn ($collection) => $collection->getId(), $collections);
-
-                if ($collectionsIds == $projectCollectionIds) {
-                    break;
-                }
-            } else {
-                if (empty($collections)) {
-                    break;
-                }
-            }
-
             foreach ($collections as $collection) {
                 if ($dsn->getHost() !== DATABASE_SHARED_TABLES || !\in_array($collection->getId(), $projectCollectionIds)) {
                     $dbForProject->deleteCollection($collection->getId());
@@ -511,6 +504,16 @@ class Deletes extends Action
                     $this->deleteByGroup($collection->getId(), [], database: $dbForProject);
                 }
             }
+
+            if ($dsn->getHost() === DATABASE_SHARED_TABLES) {
+                $collectionsIds = \array_map(fn ($collection) => $collection->getId(), $collections);
+
+                if (empty(\array_diff($collectionsIds, $projectCollectionIds))) {
+                    break;
+                }
+            } elseif (empty($collections)) {
+                break;
+            }
         }
 
         // Delete Platforms
@@ -553,6 +556,8 @@ class Deletes extends Action
         // Delete metadata table
         if ($dsn->getHost() !== DATABASE_SHARED_TABLES) {
             $dbForProject->deleteCollection('_metadata');
+        } else {
+            $this->deleteByGroup('_metadata', [], $dbForProject);
         }
 
         // Delete all storage directories