[Django] #32867: django admin - protect againt mutual edit of same object
Django
-----------------------------------------+------------------------
Reporter: Eran Keydar | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
We have big django project and we work a lot with the admin.
One of the problems we see is that if the same object page is opened by
two people, then they can save the page even if their version is not the
recent one. E.g.,
user 1 opens object1 admin page and make edits
user 2 opens object1 admin page and make edits
user 1 submits
user2 submits
Attached is PR to give an error when user2 saves, since he does not save
the recent version. I'm not sure if this protection should be protected in
options flag.
We'll be happy for comments.
--
Ticket URL: <https://code.djangoproject.com/ticket/32867>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Eran Keydar | Owner: Eran Keydar
Type: Uncategorized | Status: assigned
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Eran Keydar):
* owner: nobody => Eran Keydar
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/32867#comment:1>
Django
Reporter: Eran Keydar | Owner: Eran Keydar
Component: contrib.admin | Version: 3.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Eran Keydar):
* type: Uncategorized => New feature
* component: Uncategorized => contrib.admin
--
Ticket URL: <https://code.djangoproject.com/ticket/32867#comment:2>
Django
Reporter: Eran Keydar | Owner: Eran Keydar
Type: New feature | Status: assigned
Component: contrib.admin | Version: 3.2
Severity: Normal | Resolution:
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Eran Keydar):
This is the PR https://github.com/django/django/pull/14541
If if seems like good direction, I will add tests before merge (tested
manually so far).
The PR adds one DB access to the admin page, 2 tests chagend accordingly.
--
Ticket URL: <https://code.djangoproject.com/ticket/32867#comment:3>
Django
Reporter: Eran Keydar | Owner: Eran Keydar
Type: New feature | Status: assigned
Component: contrib.admin | Version: 3.2
Severity: Normal | Resolution:
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Alexandr Tatarinov):
IMHO this kind of functionality should be implemented as a 3rd party
library.
Also, I believe there are better ways to implement concurrency protection
(i.e. optimistic locking via some `version` field), which will also handle
other sources of editing, not just the admin.
--
Ticket URL: <https://code.djangoproject.com/ticket/32867#comment:4>
Django
Reporter: Eran Keydar | Owner: Eran Keydar
Component: contrib.admin | Version: 3.2
Severity: Normal | Resolution: duplicate
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: assigned => closed
* resolution: => duplicate
Comment:
Duplicate of #11652.
--
Ticket URL: <https://code.djangoproject.com/ticket/32867#comment:5>