Turns out we can't have delete by object ID because of ACLs...

Author: drew-gross

spec/ParseAPI.spec.js

@@ -39,8 +39,8 @@ describe('miscellaneous', function() {
       expect(data.get('password')).toBeUndefined();
       done();
     }, function(err) {
-      console.log(err);
       fail(err);
+      done();
     });
   });
 

spec/ParseHooks.spec.js

@@ -58,8 +58,9 @@ describe('Hooks', () => {
     .then((res) => {
       // Find again! but should be deleted
       return Parse.Hooks.getFunction("My-Test-Function")
-      .then((res) => {
+      .then(res => {
         fail("Failed to delete hook")
+        fail(res)
         done();
         return Promise.resolve();
       }, (err) => {

src/Adapters/Storage/Mongo/MongoStorageAdapter.js

@@ -159,27 +159,38 @@ export class MongoStorageAdapter {
     .then(collection => collection.insertOne(mongoObject));
   }
 
-  // Remove the object with the given ID. If the object does not exist, reject with OBJECT_NOT_FOUND.
-  // If there is a different type of error, reject with INTERNAL_SERVER_ERROR and a message
-  // that doesn't leak info to the client.
-  deleteObject(className, objectId) {
+  // Remove all objects that match the given parse query. Parse Query should be in Parse Format.
+  // If no objects match, reject with OBJECT_NOT_FOUND. If objects are found and deleted, resolve with nothing.
+  // If there is some other error, reject with INTERNAL_SERVER_ERROR.
+
+  // Currently accepts the acl, schemaController, validate
+  // for lecacy reasons, Parse Server should later integrate acl into the query. Database adapters
+  // shouldn't know about acl.
+
+  // Currently resolves with empty object because thats what HooksController expects, but that should change.
+  deleteObjectsByQuery(className, query, acl, schemaController, validate) {
     return this.adaptiveCollection(className)
-    .then(collection => collection.deleteOne({ _id: objectId }))
-    .then(({ deletedCount }) => {
-      if (deletedCount === 1) {
-        return Promise.resolve();
-      } else {
+    .then(collection => {
+      let mongoWhere = transform.transformWhere(
+        schemaController,
+        className,
+        query,
+        { validate }
+      );
+      if (acl) {
+        mongoWhere = transform.addWriteACL(mongoWhere, acl);
+      }
+      return collection.deleteMany(mongoWhere)
+    })
+    .then(({ result }) => {
+      if (result.n === 0) {
+
         throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
       }
-    }, error => {
-      throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Database adapter error.');
+      return Promise.resolve({});
     });
   }
 
-  //
-  deleteObjectsByQuery(className, query) {
-  }
-
   get transform() {
     return transform;
   }

src/Controllers/DatabaseController.js

@@ -284,17 +284,20 @@ DatabaseController.prototype.removeRelation = function(key, fromClassName, fromI
 //   acl:  a list of strings. If the object to be updated has an ACL,
 //         one of the provided strings must provide the caller with
 //         write permissions.
-DatabaseController.prototype.destroy = function(className, { objectId, ...query}, { acl } = {}) {
+DatabaseController.prototype.destroy = function(className, query, { acl } = {}) {
   const isMaster = acl !== undefined;
   const aclGroup = acl || [];
 
   return this.loadSchema()
   .then(schemaController => {
     return (isMaster ? Promise.resolve() : schemaController.validatePermission(className, aclGroup, 'delete'))
     .then(() => {
-      if (query !== {} || !objectId) {
-        if (objectId) {
-          query.objectId = objectId;
+      // delete by query
+      return this.adapter.deleteObjectsByQuery(className, query, acl, schemaController, !this.skipValidation)
+      .catch(error => {
+        // When deleting sessions while changing passwords, don't throw an error if they don't have any sessions.
+        if (className === "_Session" && error.code === Parse.Error.OBJECT_NOT_FOUND) {
+          return Promise.resolve({});
         }
 
         // delete by query