Dear Django fellows,
as far as I understand this, there seem to be two kinds of concurrency control:
- the one that occurs between request and save, as addressed by e.g. [1] and
[2],
- the one that occurs between GET request and POST request, especially with
formsets.
I'm currently trying to understand the latter (apparently even the Django Admin suffers
from this problem, https://code.djangoproject.com/ticket/11313).
What I am wondering is, when Django formsets are used, what is the canonical way to
address this problem?
It seems that each form in the formset must be given the PK of the object that it is
related to, but I don't think that that is sufficient:
If the formset in the GET request is constructed from a queryset of e.g. a list of
persons, ordered alphabetically by name, at the time of the POST request persons may
have been added or deleted, causing discrepancies.
Thus, each form in the formset must be given the PK, but we must *also* construct the
original queryset in the POST request, then compare these two.
Right?
Best regards,
Carsten
PS: This is (ttbomk) also very much related to protecting against erroneous or tampered
POST requests, e.g. added or removed forms in the formset – the solution seems to be the
same. I've described this in more detail at
https://groups.google.com/d/msg/django-users/jA2KUdp1MUE/pceQZPYHBgAJ – any help would
be very much appreciated.
[1] https://github.com/saxix/django-concurrency
[2] https://github.com/gavinwahl/django-optimistic-lock
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/56167540.8050907%40cafu.de.
For more options, visit https://groups.google.com/d/optout.
