Re: [Django] #7060: Fix race condition in tutorial vote() view

[Django]

#7060: Fix race condition in tutorial vote() view
--------------------------------------+------------------------------------
     Reporter:  donald.ball@…         |                    Owner:  nobody
         Type:  Cleanup/optimization  |                   Status:  new
    Component:  Documentation         |                  Version:  master
     Severity:  Normal                |               Resolution:
     Keywords:                        |             Triage Stage:  Accepted
    Has patch:  0                     |      Needs documentation:  0
  Needs tests:  0                     |  Patch needs improvement:  0
Easy pickings:  1                     |                    UI/UX:  0
--------------------------------------+------------------------------------

Comment (by garrison):

 The `vote` view has no user authenticated and no rate-limiting so adding a
 protection against race conditions seems pointless to me.

 I think it is reasonable to expect people going through the tutorial to
 recognize that the voting app has no rate-limiting or user authentication.
 On the other hand, I do //not// think it is reasonable to expect a
 developer new to Django to recognize that there is a race condition in the
 vote tallying code.  Since it involves the ORM layer (which is largely a
 black box at this point in the tutorial), new developers might even get
 the impression that the lines `selected_choice.votes += 1` and
 `selected_choice.save()` lead to an atomic operation being performed on
 the database, and are therefore the preferred way of doing such
 operations.  With a more complex ORM, this might be a reasonable
 assumption, but it is not the way Django works.

 In any event, it seems that we each agree that a note should be added to
 the tutorial (at a minimum), so there is probably no reason to belabor
 these points further.

--
Ticket URL: <https://code.djangoproject.com/ticket/7060#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/079.f69f9a7f9ac13bb9445b9238148a3fd4%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.