[Application] Harden recent-project deletion flow#167
Merged
Conversation
Move project deletion to the OS recycle bin so the action is reversible, and tighten the pre-delete checks against drive/volume roots, symbolic links, and Windows junctions. The previous flow used QDir::removeRecursively unconditionally, with a drive-root guard that compared against the system root instead of the folder's own volume. - ProjectPersistence::deleteProject now calls QFile::moveToTrash and refuses to permanently delete on failure, surfacing a clear error instead of silently falling back to recursive removal. - canDeleteProjectFolder rejects symlinks/junctions on the project folder and on every entry, and uses QDir::isRoot plus QStorageInfo to detect both drive and volume roots. - removeRecentProject and upsertRecentProject share a canonical, case-insensitive folder-key helper so Windows/macOS path casing no longer leaves stale recent entries; write failures are now logged via qWarning instead of silently swallowed. - MainWindow's confirmation/warning dialogs use Qt::PlainText so user-supplied project names and paths cannot be interpreted as rich text, and the prompt now tells the user the folder will be moved to the recycle bin.
This was referenced May 3, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
QFile::moveToTrash) so the action is reversible; refuse to fall back to permanent recursive removal on failure.canDeleteProjectFolderto reject symbolic links and Windows junctions (folder itself and any entry), and to detect drive/volume roots viaQDir::isRoot+QStorageInforather than comparing against the system root.removeRecentProjectandupsertRecentProjectso Windows/macOS path casing no longer leaves stale recent entries; write failures are now logged viaqWarninginstead of silently swallowed.Qt::PlainTexton the confirmation/warning dialogs inMainWindowso user-supplied project names and paths cannot be interpreted as rich text, and update the prompt to reflect the recycle-bin behaviour.Related Issue
Area
Architecture Check
application -> domain -> engine.src/domain.domainorapplicationdependencies tosrc/engine.src/as the include root.Verification
cmake --preset windows-debugcmake --build --preset build-debugctest --preset test-debugsafecrowd_app.exeandsafecrowd_tests.exebuild cleanly.ctestreports 1/1 passed locally.Manual scenarios still recommended on a clean profile:
Risks / Follow-up
QFile::moveToTrashmay fail on filesystems without a trash (e.g. some network shares). The new behaviour fails closed (no permanent delete); a future change could offer an explicit "permanent delete" path with extra confirmation if needed.canDeleteProjectFolderandmoveToTrashis unchanged but lower-risk now that deletion is reversible.