Simultaneous editing of a record via the admin interface silently overwrites
|Reported by:||David Findlay <djangoproject-finhome@…>||Owned by:||nobody|
|Cc:||Triage Stage:||Design decision needed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I am seeing the following situation.
- sign into admin as user A in one browser and begin to edit a record, e.g. http://example.com/admin/myapp/mymodel/1
- sign into admin as user B in another browser and begin to edit the SAME record, i.e. same URL as user A
- make a change as user A and press Save
- make a different change as user B and press Save
The result is that A's change is silently overwritten with user B's change.
Should it not generate an error when user B saves, informing them that the record has been updated since they started editing it?
That is what I would have expected to have been the default behaviour.
There's likely some corner cases I'm not thinking of, but it seems like this could be checked for by:
- saving a copy of the model object when a user does the GET of the model's page, the model object with PK of 1 in my example of http://example.com/admin/myapp/mymodel/1
- during the validation that occurs when the user POSTs their updates, pull the model object from the database again - prior to saving any changes. If that copy of the model is different from the copy retrieved in the previous step, then the model has been updated in the interim by someone else. In that case the error could be passed to the user and the save aborted. If the two copies are the same then the model hasn't been altered in the interim, and the save could proceed as normal.
If there's a standard way of implementing this already I'd be most grateful to know how to go about it.
Change History (7)
comment:1 Changed 7 years ago by David Findlay <djangoproject-finhome@…>
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 7 years ago by David Findlay <djangoproject-finhome@…>
- Component changed from Uncategorized to django.contrib.admin
comment:3 Changed 7 years ago by Alex
- Triage Stage changed from Unreviewed to Design decision needed