#32867 closed New feature (duplicate)
django admin - protect againt mutual edit of same object
Reported by: | Eran Keydar | Owned by: | Eran Keydar |
---|---|---|---|
Component: | contrib.admin | Version: | 3.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
We have big django project and we work a lot with the admin.
One of the problems we see is that if the same object page is opened by two people, then they can save the page even if their version is not the recent one. E.g.,
user 1 opens object1 admin page and make edits
user 2 opens object1 admin page and make edits
user 1 submits
user2 submits
Attached is PR to give an error when user2 saves, since he does not save the recent version. I'm not sure if this protection should be protected in options flag.
We'll be happy for comments.
Change History (5)
comment:1 by , 3 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 3 years ago
Component: | Uncategorized → contrib.admin |
---|---|
Type: | Uncategorized → New feature |
comment:3 by , 3 years ago
comment:4 by , 3 years ago
IMHO this kind of functionality should be implemented as a 3rd party library.
Also, I believe there are better ways to implement concurrency protection (i.e. optimistic locking via some version
field), which will also handle other sources of editing, not just the admin.
comment:5 by , 3 years ago
Resolution: | → duplicate |
---|---|
Status: | assigned → closed |
Duplicate of #11652.
This is the PR https://github.com/django/django/pull/14541
If if seems like good direction, I will add tests before merge (tested manually so far).
The PR adds one DB access to the admin page, 2 tests chagend accordingly.