You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using a useForm inside a custom field component you can have a the form-state request update the "updatedAt" field on a document locked by another user.
Clone the repo or use the latest website template.
The changes to the template are in the Posts collection.
The documentLoaded field
Disable autosave
Add document locking
versions: {
drafts: true,
maxPerDoc: 50,
},
lockDocuments: {
duration: 60,
},
Create a couple of users.
Open and make a change to a page without saving. Then close the window. Now open the same page with another user and if you check the database you can se that with every page load the updatedAt field is updated. Even though it's tied to user1 and you are viewing the page as another user.
Now I know that you could fix this by checking if the field is readOnly before updating it. And it's absolutely resonable to do. But I still think that the form-state api should not update the locked-documents document if it's tied to another user. It's a good way to make it harder for people to accidentally create bugs
Which area(s) are affected? (Select all that apply)
Describe the Bug
When using a useForm inside a custom field component you can have a the form-state request update the "updatedAt" field on a document locked by another user.
Link to the code that reproduces this issue
https://github.com/stofolus/payload-lock-bug
Reproduction Steps
Clone the repo or use the latest website template.
The changes to the template are in the Posts collection.
documentLoaded
fieldCreate a couple of users.
Open and make a change to a page without saving. Then close the window. Now open the same page with another user and if you check the database you can se that with every page load the
updatedAt
field is updated. Even though it's tied to user1 and you are viewing the page as another user.Now I know that you could fix this by checking if the field is readOnly before updating it. And it's absolutely resonable to do. But I still think that the form-state api should not update the locked-documents document if it's tied to another user. It's a good way to make it harder for people to accidentally create bugs
Which area(s) are affected? (Select all that apply)
Not sure
Environment Info
Binaries:
Node: 20.17.0
npm: 10.8.2
Yarn: N/A
pnpm: 9.0.2
Relevant Packages:
payload: 3.0.0-beta.116
next: 15.0.0-canary.173
@payloadcms/db-mongodb: 3.0.0-beta.116
@payloadcms/email-nodemailer: 3.0.0-beta.116
@payloadcms/graphql: 3.0.0-beta.116
@payloadcms/live-preview: 3.0.0-beta.116
@payloadcms/live-preview-react: 3.0.0-beta.116
@payloadcms/next/utilities: 3.0.0-beta.116
@payloadcms/plugin-cloud: 3.0.0-beta.116
@payloadcms/plugin-form-builder: 3.0.0-beta.116
@payloadcms/plugin-nested-docs: 3.0.0-beta.116
@payloadcms/plugin-redirects: 3.0.0-beta.116
@payloadcms/plugin-search: 3.0.0-beta.116
@payloadcms/plugin-seo: 3.0.0-beta.116
@payloadcms/richtext-lexical: 3.0.0-beta.116
@payloadcms/translations: 3.0.0-beta.116
@payloadcms/ui/shared: 3.0.0-beta.116
react: 19.0.0-rc-3edc000d-20240926
react-dom: 19.0.0-rc-3edc000d-20240926
Operating System:
Platform: linux
Arch: x64
Version: #1 SMP Fri Mar 29 23:14:13 UTC 2024
Available memory (MB): 15970
Available CPU cores: 12
The text was updated successfully, but these errors were encountered: