Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#32867 closed New feature (duplicate)

django admin - protect againt mutual edit of same object

Reported by: Eran Keydar Owned by: Eran Keydar
Component: contrib.admin Version: 3.2
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

We have big django project and we work a lot with the admin.
One of the problems we see is that if the same object page is opened by two people, then they can save the page even if their version is not the recent one. E.g.,

user 1 opens object1 admin page and make edits
user 2 opens object1 admin page and make edits
user 1 submits
user2 submits

Attached is PR to give an error when user2 saves, since he does not save the recent version. I'm not sure if this protection should be protected in options flag.

We'll be happy for comments.

Change History (5)

comment:1 by Eran Keydar, 3 years ago

Owner: changed from nobody to Eran Keydar
Status: newassigned

comment:2 by Eran Keydar, 3 years ago

Component: Uncategorizedcontrib.admin
Type: UncategorizedNew feature

comment:3 by Eran Keydar, 3 years ago

This is the PR https://github.com/django/django/pull/14541
If if seems like good direction, I will add tests before merge (tested manually so far).
The PR adds one DB access to the admin page, 2 tests chagend accordingly.

comment:4 by Alexandr Tatarinov, 3 years ago

IMHO this kind of functionality should be implemented as a 3rd party library.
Also, I believe there are better ways to implement concurrency protection (i.e. optimistic locking via some version field), which will also handle other sources of editing, not just the admin.

comment:5 by Mariusz Felisiak, 3 years ago

Resolution: duplicate
Status: assignedclosed

Duplicate of #11652.

Version 0, edited 3 years ago by Mariusz Felisiak (next)
Note: See TracTickets for help on using tickets.
Back to Top