> In playing with the admin, I've found I can log in as two users via > two different browsers and edit the same object- no warning is given > that the object is being edited elsewhere, and of course the last to > save-'wins.'
Given the stateless nature of RESTful web applications, the only gospel is the actual sequencing of the POST requests. As you describe, "last to save wins". E.g. Joe pulls up the admin page for an object and then goes on vacation. Is Jane locked out of editing the page until he explicitly releases the page via a commit or a cancel? Or what happens if Joe's browser/OS crashes after fetching the page? He may never be able to cancel/commit the changes. In theory, you could have a "last requested for editing on <timestamp>", perhaps along with a "last requested for editing by <user>" field on your model that you hook into before handing it off to the admin (perhaps via a wrapper around your URL dispatcher in your urls.py?) However, that would only serve as guidance for the 2nd requester, in the hopes that they noticed that "oh, Joe requested this for editing just 5 minutes ago...perhaps I ought to coordinate with him". Another alternative might be to make your own admin-ish interface and, by tracking a "last updated on <timestamp>" and "last updated by <user>"" field, for which when Joe requested this custom admin page, it would stash those values as hidden fields. If, when the POST came around, the current values don't match the ones that have been riding along with the admin form, then the user should have to confirm that they *really* *have* coordinated with the other user on the matter before the new admin would allow them to save the record. I prefer the second method if it's a needed feature and have used it in some apps from my pre-Django life. I don't like to trust users to recognize when something might be stale. However, having Django do the work for you...I don't think there's anything of the sort currently. -tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
