Opened 8 years ago
Last modified 8 years ago
#27477 new New feature
Use QuerySet.select_for_update() in admin change form to fix race condition
Reported by: | Dave Hall | Owned by: | nobody |
---|---|---|---|
Component: | contrib.admin | Version: | dev |
Severity: | Normal | Keywords: | admin |
Cc: | dave@…, Jeppe Vesterbæk | Triage Stage: | Someday/Maybe |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
There is a race condition in the admin change form where a user can edit a model instance at the same time as another user. Consider the following two operations occurring in parallel:
ModelAdmin.change_view()
User.objects.update(is_superuser=True)
If (1) load the model instance, then (2) runs, then (1) saves the model instance, the update in (2) will be lost.
The solution is to call select_for_update
on the queryset in the changeform_view()
method of ModelAdmin
.
Change History (8)
comment:1 by , 8 years ago
Cc: | added |
---|
comment:2 by , 8 years ago
comment:3 by , 8 years ago
Yes, the same issue is also present in the class-based generic edit views.
comment:5 by , 8 years ago
Sure, will do. Probably this week.
It's going to be hard to do this in a way that doesn't hurt backwards compatibility. There are a few options we can do:
- Make the get_object() method take a for_update boolean keyword arg. This will have backwards-compatibility problems.
- Make the get_object() method call select_for_update() on the queryset if the HTTP method is POST, PUT, PATCH or DELETE. This may result in spurious select_for_update() calls on the queryset, but is backwards compatible.
- Make the get_queryset() method call select_for_update() on the queryset if the HTTP method is POST, PUT, PATCH or DELETE. This may result in spurious select_for_update() calls on the queryset, but is backwards compatible.
I think that (2) or (3) is the correct approach. I'm erring on the side of (3), since it'll also help with admin bulk actions.
All approaches can be applied to the admin admin generic views. Do people have a preference as to the approach?
comment:6 by , 8 years ago
If you don't get feedback here, I'd post to the DevelopersMailingList as that reaches a wider audience for design decisions like this.
comment:7 by , 8 years ago
Triage Stage: | Unreviewed → Someday/Maybe |
---|
comment:8 by , 8 years ago
Cc: | added |
---|
I don't know if this is correct or if it might have some unintended side effects. Is the same issue present in the generic class-based editing views, for example?