It's possible to edit an already canceled order if you had it open in another tab and didn't refresh

[elidrissidev]

When trying to edit an order there's no check server-side for whether that order is already canceled (and therefore may have been modified before). This can lead to confusion if two different people try to edit it without refreshing their page like it happened today with one of my team members, resulting in two different orders originating from the same parent order.

Preconditions (*)

1. Should be reproducible in all recent OM & Magento versions.

Steps to reproduce (*)

1. Create a new order and once redirected to the order view page, open that same page on another browser tab.
2. Cancel the order on the first tab, and then try to edit it from the second tab without refreshing the page.
3. You will now have 2 new pending orders and both have the same parent order.

Expected result (*)

1. I shouldn't be allowed to edit a canceled order, even if I somehow still have access to the "Edit" button.

Actual result (*)

1. I can edit a canceled order if I had that order open in another tab before canceling it.

[addison74]

This is happening when two person edit the same product. This can be prevented when the persons are in the same office, but not connected from outside. Many time I got complains the products have no changes. The explanation was on the content editors left a page open for a long time, another edited the product, then the first one pressed Save. For sure this issue occurs for other sections too.

[elidrissidev]

@addison74 I am talking about orders! :D

[addison74]

I understood from the very beginning your question. It did not happen to me yet but I mentioned before what happened to me when editing products in Backend.

[elidrissidev]

For the orders I think it's possible to check if the order is canceled before re-creating a new one, I just haven't gotten the chance to dig into the code to find it. For products it's a bit more complicated.

[addison74]

The situation could only be solved if when one opens a page with the save option it is no longer allowed for someone else to open that page. An error message may be sent to another user to tell him X is editing that section. I would not allow any administrator to edit over the others. As it is now the data can be rewritten if there is no collaboration between users.

For orders in particular I think it can be achieved, but I did not analyze in detail how this could be done.

[elidrissidev]

One solution from the top of my head for products (or maybe any other edit page) is diffing the product'supdated_at timestamp from the database with the timestamp when the page was loaded in the browser, and based on that you decide whether to allow saving. But let's leave this for another issue/discussion.

[fballiano]

One solution from the top of my head for products (or maybe any other edit page) is diffing the product'supdated_at timestamp from the database with the timestamp when the page was loaded in the browser, and based on that you decide whether to allow saving. But let's leave this for another issue/discussion.

good idea!