[wp-trac] [WordPress Trac] #43316: REST API: Support autosaves
WordPress Trac
noreply at wordpress.org
Wed Apr 4 08:56:10 UTC 2018
#43316: REST API: Support autosaves
-------------------------------------------------+-------------------------
Reporter: kraftbj | Owner: rmccue
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.0
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing needs-unit- | Focuses: rest-api
tests |
-------------------------------------------------+-------------------------
Comment (by azaozz):
Replying to [comment:63 rmccue]:
> Replying to [comment:62 azaozz]:
> > Right. The current (non-API) logic is:
> > Save:
> > - User edits the post (a post is always edited as we start with an
auto-draft).
>
> It doesn't seem like this is necessarily true; wp_create_post_autosave
shortcircuits if the post is the exact same, so it seems like an autodraft
can only be created once there is a change?
No, currently the auto-draft is created right before the user loads the
Add New (post) screen. This is done so we have a post_ID for the brand new
post and covers cases where the user may upload files or add tags,
categories, post meta, etc. before they actually start writing the post
(we need a post_ID to "attach" the meta). I'm not sure how that works
through the API at the moment, or if it is possible at all. (That has
nothing to do with auto-saving as there is nothing in the post to save
yet.)
> We do already provide the functionality to delete revisions via the REST
API, so they're not really usable for an audit trail, but rather as a sort
of long-term undo.
Yeah, I'm not sure why this was added to the API. IMHO we shouldn't be
removing the functionality of the audit trail. This changes the purpose
and functionality of revisions quite a bit...
> Their (revisions) primary use is to see the evolution of a post over
time.
Perhaps we should look at removing the delete revision endpoint. It makes
them "unreliable" and their purpose becomes "to maybe see the evolution of
a post over time, or maybe see only some of it, or not see anything".
If I understand the general logic behind a REST API correctly, it should
care about the "client" and the "view", not overtake the server "business
logic". The client is generally "untrusted" in handling low level logic,
that should be handled by the server. There is a good reason why revisions
cannot be deleted from the current (non-API) UI :)
I'm aware that revisions can be limited or disabled altogether but that is
a "server logic" decision on per site basis. Also note that this doesn't
disable autosave revisions.
> Right now, there's no way to say "update this post, but don't create a
revision". The basic thing we want for autosaves is the ability to do
this, but providing this functionality so allows any REST API client to do
so, which I'm a little uncomfortable about (and which would totally
destroy any concept of revisions being usable as an audit trail, since now
changes can be made without being recorded anywhere).
Right. Thinking more about this, it should stay this way (no way to save
without a revision). Changing that would make revisions totally
untrustworthy.
> The proposed autosave process I'm talking about here would allow this,
but in a very controlled way. Each change would still get a revision, but
clients would now have the ability to temporarily persist changes while
the user is still working on them.
So basically you want to move the server auto-saving logic to the client.
Not sure this is a good idea. The client can store "persistent backup
data" by itself, for example in browser storage. This has nothing to do
with server auto-saving. This is now autosaves work at the moment for non-
API. There are server autosaves and client (in browser) autosaves.
Once the client decides to push a server auto-save, the logic for it
should be on the server.
> The main thing that seems strange is the special-casing of the post's
author. If we can remove that special-casing, I think the rest is
reasonably straightforward to model. Is there a reason for this special-
casing?
This is mainly needed for post locking (not implemented through the API
yet). It prevents data loss when more than one client tries to edit the
same post. It also keeps the audit trial more consistent.
> If clients don't want to use the autosave process, then they can keep
using the existing process, they'll just potentially end up with lots of
revisions. I see this autosave concept as similar to database
transactions: you queue up and persist a bunch of changes, then commit
them all in one revision at once. This preserves the process of always
creating revisions, while reducing the amount of noise.
Yes, this is a possible saving workflow. A client can decide to not use
the server autosave process and instead store backups locally. Then "once
in a while" sync these local backups with the server. Few years ago there
was an idea to make the non-API autosave work this way too. It didn't
materialize as browser storage was somewhat unreliable/limited back then.
> > This will generally mean that a post will always have an autosaved
revision. That revision will usually be more recent than the post content,
and the user will have to manually "restore" that autosave revision before
continuing to edit. That's not a good UX :) This can happen now too, but
is relatively rare.
>
> The client can implement the functionality themselves to automatically
"restore" the autosave. This is essentially what we're doing already with
the special-case for the post author, but editors can do it in a more
consistent way.
Perhaps but there are some edge cases like when there are several
autosaves authored by different users that have edited the post at
different times. Then it can get really messy :) Thinking that
restoring/overwriting a post from a revision should always be user-
controlled.
The current logic is that the post author is "the boss" and other users
that edit the post leave audit trail with their changes. This is essential
for larger sites that have many authors and many editors.
> > Also, the part: "User hits save: `POST
/wp/v2/posts/{id}/revisions/{rev_id}`" would be an actual save, i.e. `POST
/wp/v2/posts/{id}`.
>
> I was thinking this would be a cleaner way of the client actually
"committing" the autosaved changes. It avoids the problem where an update
to a somewhat-unrelated resource (the post) affects a bunch of others (all
the autosaves). This is the current behaviour though:
`wp_save_post_revision()` is called by `wp_insert_post()`, and it wipes
out all the autosaves.
Hm, `wp_save_post_revision()` doesn't wipe autosave revisions. It has some
logic to keep a max number of revisions if they are limited by a plugin.
The default is `-1` (unlimited). Also note that this logic specifically
bypasses (keeps) autosave revisions, even when they are over the max.
Also, the post is not an "unrelated resource" in this case. Generally we
can view a WordPress post as consisting of several rows in the db: the
actual post row plus all the revisions rows. They are the same "resource"
from logical point of view. It doesn't matter how exactly the "post
resource" is stored. As @schlessera mentions above, at some point the
storage schema may change and perhaps post revisions may be stored as
incremental diffs in the actual post row in the db. Well, at last in
theory :)
> > This is a "disaster recovery" for a rare edge case that was planned
for the current (non-API) autosave too. We can remove it if need be.
>
> If it's a global change, that makes sense; I'd rather track and
implement it separately I think :)
Sure, lets separate that. But maybe first get the server autosaves
logic/endpoint in.
> (Sorry for the long post again; this is a complex topic.)
Yeah, sorry for the long post too, very complex topic indeed :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43316#comment:65>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list