Implementor, Developer
Unitarian Universalist Church of Lancaster
Contact management, email marketing/management and web site integration.
Developer
Electronic Frontier Foundation
I work for the Electronic Frontier Foundation. We switched to CiviCRM so that we could be sure that our membership data stays safe, secure, and private. Now we have control over our CRM and can customize it to work for our needs.
Implementor
Ginkgo Street Labs
CiviCRM enables me to empower my clients with a database that suits their unique needs.
DEVELOPER AND IMPLEMENTER
Admin, Implementor
Circle interactive
We help many not for profits implement CiviCRM through consultancy, training, configuration, support and custom development. Many of them come from a painful world of old Access databases, multiple spreadsheets and even paper. I love presenting demonstrations to new potential users; many are shocked by the scale of the software. CiviCRM is suitable for so many different organisations as it's been developed to cover so many bases off the back of community calls.
I maintain our own CiviCRM client database; it feeds into our drupal intranet to provide me with all the information I need at a click. I would be lost without it!
Web developer
Freeform Solutions
Freeform Solutions uses CiviCRM to help the non-profit organizations we develop sites for to manage information about their members, volunteers, activists, donors, employees and other contacts, and to handle donations, correspondence, mailings and more. We support the CiviCRM community by contributing documentation, patches, modules and code, and are a silver sponsor of CiviCon 2013.
Implementor, Administrator, end-user, Trainer
MC3
I've been working with CiviCRM since 2006 or thereabouts. The community is outstanding in providing support and sharing expertise, which combines with a strong product to enable me in turn to deliver better results for the organisations that I work with. I only hope that over time I will be able to repay the debt by supporting other newcomers to CiviCRM.
Implementor, Developer
Implementor, Developer
AGH Strategies
CiviCRM allows our clients to have a robust tool for tracking and engaging their supporters that can grow with them. I began as an end user, and now I work with CiviCRM full-time.
Implementor
BackOffice Thining
CiviCRM is one of the core offerings of our company. Remaining close to the CiviCRM community is important to us, as it keeps us close to new developments in the tool, and allows us to offer our feedback for new releases.
Developer / Contributor
Drastik by Design
CiviCRM has one of the best open source communities out there. It's always a blessing when I get the opportunity to do my next project in CiviCRM.
Implementer, Developer
EE-atWork
CiviCRM helps the organizations we support to do what they have to do! At EE-atWork we assist our customers with implementing and using CiviCRM. This includes functional support, training, project management, data migration, integration using the API and customization. We are based in The Netherlands.
Our customers are mainly non-profits, varying from larger organizations continuously improving the way CiviCRM supports them to smaller organizations using the core functionality and perhaps contributing to a Make It Happen. We have been active in the CiviCRM community since 2009. CiviCRM is all about community, sharing and producing together. We truly believe that one and one can be three!
Comments
Great question, not sure about the answer
Hi,
With edit in place (including at the single field level) and the new setvalue action on all the entities and civimobile that comes on the top of the not so edge case problems you already described, not sure the lock solution in the right answer.
The problem becomes even more complex with profiles that are used by the end user directly. What happens when a end user register to an event/make a donation/renew their membership/register to the newsletter...?
The lock has to take into account profiles (and weforms) as well and it can become explosively more complex (an event registration with a profile containing a name,+phone number+email+country needs to lock all these entities?
And then what about creations? if I add a primary phone using a profile, what happens in the backoffice when editing existing phones? should the creation be locked, or should changing the is_primary be uncovered by the locks?
It is safe to assume you can't update all the edit forms/chanels, both within the core civicrm and even more with alternate interfaces (eg. the mobile interface, the xmpp...), so "legacy code" will exist and ignore locks.
The pessimistic locking can't work (neither your 3 options sounds like a good usability answer). With optimistic locks, you can at least inform the "lock aware" UI that someone else updated the record while you were editing it.
Because your suggested implementation doesn't cover all that (rightly so, given the complexity), it might be a diservice to the users, giving them a false sense of security. Right now, the rules are clear: the last one modifying wins. With the new system, that's a nightmare to explain when you can still have your modifications erased and when you will get a warning.
Moreover, because the contact edit form touches potentially loads of entities, I will block you to edit the phone on a contact, even If I only want to change her email address.
Locking was a good solution when the UI was build around a handful of big edit forms, with the multiplication of ways of updating an entity, I'm afraid that will either be too restrictive and block too much too often, or not enough and let "competing" editing happen. Probably both type of errors will happen, so you end up with an annoying interface that doesn't solve the problem.
I think the underlying issue is to help communicate better between users to inform when there is a change done by someone else. The optimistic/pessimistic lock was the best that could be done, and kind of solved the problem but doesn't anymore. As for the source code managements, locking will eventually be seen as an obsolete solution for collaborative/competing editing.
Suggestion:
Wouldn't a monitoring framework answer better the need?
When I'm starting to edit/view a contact, it flags that I'm monitoring it. When someone else modify it, I get a notification (new phone number xxx for the contact yyy done by user zzz).
Instead of blocking the user (or kind of blocking it with the time out option), you let the computers provide the data, but leave the decision to the end user, that knows best if his phone number is the right one (or if she is changing the phone number at all). I haven't looked recently on what's going on the websocket and related techno, but for what I understood, it's ready for primetime, provided you are using a recent browser.
Interestingly, this monitor framework could also be useful in other scenari, eg.: when I'm viewing a contact record (or list of) I can monitor it as well and get alerted of changes, even if I'm not editing it. or alerted that this contact has registered to an event.
A few points
I agree that it would be quite complex to define great locking behavior for every single form -- which is why that's left out of scope for the proposed project. :) If I could restate the proposal, it's this: "The Edit Contact screen [and View Contact inline edit blocks] will claim and respect preventive locks. All other existing ('legacy') UIs will treat concurrency as they do today -- with the extra side-effect of interrupting anyone using the Edit Contact screen." To show this, I'll try to answer your points individually.
There are a few options for those screens: they can do nothing and use the default lock-stealing behavior which will basically allow the edits to go through (as they do today) but which will kick-out anyone concurrently using the "Edit Contact" screen. Alternatively, the client could request a lock while rendering the screen. (For CiviMobile, this might mean chaining 'contact.get' with 'contact.lock'.) The subsequent AJAX calls ('contact.setvalue', 'email.create', etc) would not need any significant changes. Why? Because the contact-lock would be held on behalf of the user's session -- there's no need for callers to pass around or keep track of lock IDs, revision numbers, last-modified-times, etc.
If the registration/renewal only deals with the participant/membership record, then locking is irrelevant because it's not within the scope of the lock system (which only covers core contact+address information). If there is a profile form which touches the contact, then the default policy (lock-stealing) is probably best -- it lets the constituent's changes go through and breaks any concurrent edits on the staff's "Edit Contact" screen.
If the phone is part of a contact record that is locked, then the choices are the same: use the default lock-stealing behavior or block the creation/edit.
Yes, definitely. Perhaps "legacy code" was too pejorative -- "default behavior" or "lock-stealing behavior" would be better descriptions.
From a UI perspective, real-time monitoring is much better than locking. A good example might be Google Docs -- multiple users can edit the same document, and they don't have to do locks because everyone sees the same changes in real time. The problem is more with implementation: PHP kind'a sucks at letting servers push data to clients. That's not saying it's impossible, but the best techniques (eg "Comet") break the traditional HTTP request cycle, and many tools common to CiviCRM installations (i.e. PHP interpreters, firewalls, reverse-proxies) cater to the traditional HTTP request cycle. The technique is more commonly used with different stacks (like node.js).
I'm personally down with a "monitoring" approach if other folks find these consequences acceptable:
Just to be sure I understand the UI if locking
Hi,
Thanks for the clarifications, can we go through a scenario? I'm not sure I understand how the conflict is presented
I got an event registration for the october meetup with a profile that contains the email+first name+last name+phone
I'm editing (using the normal back office contact edit form) The details from john doe, because I want to update his email (john@doe.com instead of john.doe@alo.com) add a phone (123456789) and write in the source field that I met him at the last meetup (I forgot when I created the contact)
While I'm editing it, John comes online and registers to the next meetup. He doesn't change his email, add a phone (123456789, the same I'm trying to add) and update his first name to Johnny.
What is happening when I save? I got a warning saying that I lost the lock (in a human friendly way), but how do I review what John did vs. my modifications?
are some fields not in conflict (ie. phone+source) automatically updated anyway?
How do I know the first name and emails are in conflict ? How can I decide which version to keep?
My expectations: When the
My expectations: When the staffer submits the edited contact screen, he gets a warning. The warning is generated as part of the form validation, so nothing is saved to the database (even if the staffer focuses on different, non-conflicting fields). The warning would be coarse and would not highlight individual fields.
It's not a coincidence that the proposal involved neither automatic merging nor highlighting of conflicts. Either of those features would increase complexity by roughly the same degree -- i.e. they require retaining a copies of the old revision of the contact (and closely related entities), then performing field-by-field comparison across the entities, then communicating those details back to the user. If we did provide such fine-grained feedback, then we could reasonably say that "We have the best damned concurrency support on the market!" (Have you seen another product in this space with this functionality?) OTOH, the increased complexity would increase technical risks and probably increase costs. Is this a feature that justifies the risk/cost?
FWIW, in a "monitoring" approach, there's a similar trade-off between granularity and complexity/risk -- there, the choice is whether the monitoring system reports a coarse message ("This contact is being edited by another user") or granular message ("Field X has been changed by another user").
Last thought: If our goal is "to provide the best damned concurrency mechanism for web CRMs", then a fine-grained monitoring approach is a good design. If our goal is "to mitigate a rare issue with minimal cost/risk", then a coarse-grained lock is a good design.
Websocket for monitoring?
Hi,
Definitely node.js is made for that.
As it's likely that you need big org and lots of users to get a "high enough" risk of collisions, it might not be such a big constraint?
For smaller orgs, it might be put it place as a saas on a different server than their civicrm hosting server?
As for the implementation, websocket is probably the right solution in the future, not sure if it is the present or not. Anyway, as for comet, likely needs a separate running server I think (that might be in php, found examples) otherwise will use all the threads on apache.
Otherwise, polling is a "not pretty but works solution". Every X seconds, ajax request "someone else modified the contact?" To avoid DOS , might increase X after each pooling, and plan a return status "stop asking, overloading the server"
http://socket.io/ seems to do a good job at hiding the complexity and workaround the various different implementations, but no php server (pretty much every language but php it seems ;)
It's pretty obvious but didn't mention it: monitoring can notify before any change too, eg. "John doe has started registering for event X", "Your colleague Tim has started editing this contact too"...
I am wondering (no matter the implementation choice) if this feature shouldn't be implemented as an extension, with the existing hooks (buildForm, validateForm, pre/post, we should have enough without having to modify the core)
X+
Orphan Locks
One user case to bear in mind with the locking approach is there needs to be a mecahnism to release locks. For example if a user clicks edit on a contact record and then loses internet access or closes the browser they will have an oprhon lock on the contact record. Effectively this lock will stop others editing it for a period of time. I've seen this in other client server based systems but I suspect will be much more of a problem on CiviCRM where contacts can login and amend their own details.
Url:
That's a good point. FWIW, I
That's a good point. FWIW, I think the issues from allowing constituents to edit themselves would be mitigated by a policy that "Staff obey locks, but constituents steal locks" -- i.e. it's usually better to let edits go through for constituents (who aren't as trained, committed, motivated as staff) and shift the cost of the conflict onto the staff.
Another Approach
Just thinking about this a little more, also taking into account what I've seen done in other systems.
Assuming we're using optimistic locking at the moment i.e. we're assuming nothing is locked.
Another approach is to only check at the time of saving i.e. check the log tables to see if the data had changed from the data that was presented. I'm not particularly fond of this approach but just something to throw out and probably fits the definition of optimistic locking. The approach defined above is more along the pessimistic locking approach where locks are positively seeked out prior to allowing edits.
Url: