[wp-trac] [WordPress Trac] #31436: Handle conflicts in concurrent Customizer sessions
WordPress Trac
noreply at wordpress.org
Tue Feb 24 19:42:45 UTC 2015
#31436: Handle conflicts in concurrent Customizer sessions
--------------------------+----------------------------
Reporter: westonruter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Customize | Version: 3.4
Severity: normal | Keywords: needs-patch
Focuses: javascript |
--------------------------+----------------------------
If two users open the Customizer at the same time and modify the same
settings, the user who saves their changes last will win out, and the
person who saves first will have their changes lost. (The frequency of the
problem was reduced in #29983 since now only dirty settings now get
POSTed.) The Customizer needs Heartbeat integration to add the “Post
Locking” functionality. We don't need to lock the entire Customizer,
however, from concurrent users: we need to add locking for individual
settings in the Customizer. When a setting becomes dirty, we need to
broadcast via Heartbeat to other users that the setting has been changed
and thus any controls for this setting should be marked as "locked", with
any changes prevented. This will become increasingly important as more and
more settings are added to the Customizer and users go there more often to
make changes.
The locking UI could provide a button to copy the other user's change into
the other Customizer session, and this could result in the control being
editable again, with subsequent changes pushed out to other users as well,
who would then also get the corresponding setting automatically updated if
it was dirty, but if it was not dirty then it would remain in its clean
state but with a locking notification added.
This also should apply when a setting is modified by some means other than
the Customizer: if someone is in the Customizer and another user changes a
setting via an admin page or via XML-RPC or REST API, then this setting
update should also be illustrated in the Customizer to note that the
settings are stale and should be refreshed. This refresh could be done
inline, without having to reload the entire page.
Another special consideration needs to be made for Widgets in the
Customizer. Each WP_Widget 2.0 “multi-widget” gets an index number
associated with each instance of a give type. When you add a widget, this
number gets incremented (`widget.set( 'multi_number', widget.get(
'multi_number' ) + 1 );`). The initial multi-number is calculated from the
`next_widget_id_number()` function which takes the max number currently
used, and increments it by one. It is thus possible for multiple widgets
to be deleted in one session (from the widgets admin page, since
Customizer only removes widgets by moving them to the Inactive Widgets
sidebar) then new ones added back in other sessions and the initial
`multi_number` will not be consistent. In other words, the `multi_number`
for each widget type needs to be synced across each Customizer session
along with the actual setting values.
Some enhancements for a feature plugin: The Customizer UI would benefit
from having a list of users currently in the Customizer appearing
somewhere, with a list of the changes each user has made. If someone left
their Customizer session open, this list would also allow an administrator
to sign the user out, using something like the
[https://wordpress.org/plugins/user-session-control/ User Session Control]
plugin; or the Customizer UI could provide a way to boot a user from the
Customizer.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31436>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list