If user with less/different permissions edits a page after a user with more/different permissions data lost could occur

Created on 21 May 2025, 12 days ago

Overview

Because we store only the changes in the auto-save that were sent back from the client, if a user does not have access to edit a field that has already been edited and saved in the auto-save by another user with permission to edit that field

Proposed resolution

Somehow merge in changes that are already stored in the auto-save but were not sent back from the current client requests.

This overlaps with 📌 [PP-1] Add entity access checks to routes that deal with entities Postponed , need to re-read that issue to figure out exactly how, and which one should be handled first

User interface changes

🐛 Bug report
Status

Active

Version

0.0

Component

Auto-save

Created by

🇺🇸United States tedbow Ithaca, NY, USA

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024