-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent race condition when using edit forms in GUI #11732
Comments
Typical Joe. I've been saying we ought to fire that guy. This is a great idea, and we should be able to implement it pretty seamlessly for (nearly?) every model form. |
For APIs, I've used the ETag/If-Match header method to support this in the past. For server-rendered pages, I suspect you could use something similar via form fields. Ideally, a similar method would be used for changes made via UI, REST API, and GraphQL (if that supports mutation). |
I'd be hesitant to have this validation (using this particular logic) happen in the API. The additional query to lookup the "in between" |
My previous implementation was using the API for a SPA UI, so it already had to make a request to load the object for the view anyway. Depending on how the REST API is implemented here, you should be able to just issue a HEAD request to get the ETag, without having to retrieve the full resource. Those values could potentially leverage the redis cache, which should make the extra request negligible. However, if you are using only the API to update resources, then you should only need to grab the value once, then cache the ETag from the response each time a change is made, to use in the next request. If you are expecting a mix of UI and API changes on the same resource, then you're just going to run into the same potential for a race condition if you don't use the same safeguard in both places. It would also be dangerous in that circumstance to not already be retrieving the resource to validate current state before making the change via the API. This solution should actually be faster in that scenario, because if your request succeeds with the cached ETag value, then there is no need to make that additional request, as the current state has already been validated. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Do not attempt to circumvent this process by "bumping" the issue; doing so will result in its immediate closure and you may be barred from participating in any future discussions. Please see our contributing guide. |
NetBox version
v3.4.4
Feature type
Change to existing functionality
Proposed functionality
In edit forms for primary models, when confirming/saving your changes, add a new validation check that the
last_updated
time has not changed from when you first started editing the object.If the
last_updated
time is captured at the time the edit form is loaded, and check again when theSave
button is clicked, we can check that the timestamp is the same as before, before finally saving the new change. Otherwise, a validation error is raised.Use case
It's possible for two users to be editing an object in the GUI at the same time and overwrite each other's changes. Here's the scenario:
Database changes
N/A
External dependencies
N/A
The text was updated successfully, but these errors were encountered: