AI fiyat önerisi: iki yönetici aynı anda apply yaptı — pizza fiyatı 3 kez değişti, state guard (PR #621 FFF F4)

Tekirdag Suleymanpasa Corlu Cad nda 43 yaslarinda "Marmara Pizzeria" sahibi Ahmet, 11 yil modern Italian pizzeria mutfak sefi Murat + isletme manager Sevcan ile birlikte. 3 unun de thMenu admin tam erisim. Pro tier AI Pricing Suggestions 3 ay once aktif — haftalik cron Margherita 9.50€ → 10.50€ "son 60 gun maliyet artisi %12." Pazartesi 14:32:08 Ahmet (Tablet A) Apply tikladi, modal "Yeni fiyat 10.50€ Confirm" confirmed. 14:32:14 Sevcan (Tablet B) ayni suggestion Dismiss tikladi "biraz fazla." Sali sabah menu Margherita **10.50€**. Murat: "10.50? Sevcan dismiss yapmistim demisti." Carsamba sabah **9.50€** (Murat manuel revert). 3 manager 3 mental state. Forensik PATCH handler: apps/web-admin/src/app/api/ai-pricing-suggestions/[id]/route.ts hiçbir state precondition, hicbir OCC race-guard. **4 kirik**: (1) status precondition yok pending → applied/dismissed/applied→dismissed serbest; (2) expires_at check yok; (3) OCC race-guard yok concurrent PATCH last-writer-wins; (4) applied→dismissed transition inde products.price invert edilmiyor. Sevcan in PATCH i Ahmet ten 6sn sonra geldi, status applied tan dismissed e gecti sessizce, ama products.price 10.50 kaldi. **PR #621 batch FFF F4** fix 2-katmanli: **Layer 1 state precondition + expires check**: SELECT * FROM ai_pricing_suggestions WHERE id = ? AND restaurant_id = ?; if status !== "pending" → 422 invalid_state; if expires_at < now → 422 suggestion_expired. **Layer 2 OCC race-guard via WHERE clause**: UPDATE SET status = ?, applied_at = ? WHERE id = ? AND status = "pending"; meta.changes === 0 → 409 state_conflict "Another user updated this suggestion just now. Refresh and retry."; side-effect products.price update inside same logical transaction (D1 batch). **Bonus UI feedback**: "Applied by Ahmet on Pazartesi 14:32" / "Dismissed by Sevcan on Pazartesi 14:32" multi-manager visibility per row; 409 conflict modal kim ne yapti gorunur. Platform-wide audit 60 gun 47 affected suggestion (multi-manager concurrent edit, applied-then-dismissed-without-revert, expired-then-applied). Restaurant ownership proactive email + 1-ay Pro tier extension + Ahmet Hall of Fame mention "Helped us harden ai-pricing-suggestions state machine." Pattern: **PATCH endpoint bir entity nin state ini degistiriyorsa + side-effect (price update, refund, push) tetikliyorsa: pre-flight state precondition (state == expected_initial) + OCC race-guard via UPDATE WHERE clause + meta.changes === 0 → 409 + UI feedback "user X did Y on Z time" multi-manager visibility zorunlu.** Implementation checklist: (1) state machine document; (2) pre-flight precondition; (3) OCC race-guard UPDATE WHERE; (4) side-effects same logical transaction; (5) UI 409 conflict modal + audit trail per row; (6) audit log every PATCH attempt outcome; (7) quarterly grep PATCH.*status manuel inspect; (8) pentest 100 concurrent PATCH same id different action atomically one wins. Lorenzo Florence Oltrarno "Trattoria Santo Spirito" Tuscan trattoria with kitchen lead Giacomo + floor manager Chiara same flow.

İlgili makaleler