1. General: Should locking be: - Optimistic: Locks are not explicitly claimed

1. 1. General: Should locking be:
2. - Optimistic: Locks are not explicitly claimed. Writers must provide the 'last-seen value for modified_date' (or similar)
3. - Pessimistic: Locks must be requested in advance and must have a TTL
4.  
5. 2. General: Who can override a lock?
6. - Everyone?
7. - No one?
8. - Folks with permission 'override lock'?
9.  
10. 3. General: How does one override a lock?
11. - Automatic: If one has permission to ignore locks, then the lock will be ignored.
12. - Prompted: If one makes a 'save' which raises a lock conflict, prompt the user to decide
13. - Manual: Go to a backend screen, find the lock, remote it.
14.  
15. 4. At what level do the locks apply:
16. - Individual database row
17. - Contact-graph
18.  
19. 5. What happens with legacy code (API callers, background tasks,
20. odds-and-ends) that does not explicitly understand the locking mechanism?
21.  
22. - Legacy code is lock-free -- all writes succeed unless he caller opted to obey
23. locking protocols.
24. - Legacy code involves secret locking -- before making a write, data-layer
25. (BAO/API) attempts to obtain a lock; if it fails, then it throws an exception.
26. (This only makes sense for pessimistic locking.)
27.  
28. 6. (For optimistic locks) How does the client determine the version/timestamp
29. -- and how does it pass it along with the corresponding update? How does
30. this work at BAO and API levels? e.g.
31.  
32. $contact = civicrm_api('contact', 'get', ...);
33. civicrm_api('email', 'create', array(
34. 'option.locktoken' => $contact['modified_time'],
35. );
36.  
37. 7. (For pessimistic locks) How is the lock claimed? (eg
38. $dao->lock()? CRM_Utils_Lock::claim(...)) How do we identify the holder of the lock? How
39. is that identity passed along? (e.g. PHP SESSION ID could be used transparently but
40. probably doesn't work with REST consumers)
41.  
42. 8. (For optimistic locks based on contact graph) How can we tell when a series of
43. updates are all related -- ie being updated at the same time by the same lock holder? e.g.
44. This might break in oplocking because the 'modified_date' changes. The problem affects API chaining (which is sugar for making a series of API calls):
45.  
46. $contact = civicrm_api('contact', 'get', ...);
47. civicrm_api('email', 'create', array(
48. 'option.locktoken' => $contact['modified_time'],
49. );
50. civicrm_api('phone', 'create', array(
51. 'option.locktoken' => $contact['modified_time'],
52. );