yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1bc741b4703a3b7253aa4e1d55ab86b5e134a846
Umbraco-CMS/docs/plans/2025-12-20-contentservice-refactor-phase1-implementation-critical-review-3.md
yv01p 9962df50ee feat(core): register IContentCrudService in DI container 
Adds IContentCrudService registration to UmbracoBuilder alongside
IContentService. Both services are now resolvable from DI.

Includes integration test verifying successful resolution.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-21 03:31:23 +00:00

21 KiB
Raw Blame History

Critical Implementation Review #3: Phase 1 ContentService CRUD Extraction

Plan Version Reviewed: 1.3 (2025-12-20) Review Date: 2025-12-20 Reviewer: Claude (Senior Staff Engineer) Plan File: docs/plans/2025-12-20-contentservice-refactor-phase1-implementation.md

1. Overall Assessment

Strengths:

  • Well-structured TDD approach with clear task breakdown
  • Versioning strategy is thoughtfully documented
  • Previous critical review feedback (reviews 1 & 2) has been systematically addressed
  • N+1 query in GetAncestors correctly fixed with batch Path parsing
  • Benchmark regression enforcement adds meaningful quality gate (20% threshold)
  • Safety bounds on DeleteLocked iteration (10,000 max) prevent infinite loops
  • Comprehensive XML documentation with preconditions for internal methods

Major Concerns:

  • Synchronous wrapper over async code in ContentServiceBase.Audit can cause deadlocks
  • Multiple nested scope creations will degrade performance
  • Versioning policy describes default interface methods but implementation uses abstract base class
  • Thread-safety issue in benchmark baseline loading
  • Lock acquisition timing allows race conditions in Save() validation

Verdict: Plan is well-structured but requires targeted fixes before implementation.

2. Critical Issues (P0 — Must Fix Before Implementation)

2.1 Synchronous Async Wrapper — Potential Deadlock

Location: ContentServiceBase.cs lines 134-136

protected void Audit(...) =>
    AuditAsync(...).GetAwaiter().GetResult();

Why it matters: .GetAwaiter().GetResult() blocks the calling thread waiting for an async operation. While ASP.NET Core doesn't use SynchronizationContext by default, this pattern:

  1. Blocks a thread pool thread unnecessarily, reducing throughput under load
  2. Breaks if someone configures a SynchronizationContext
  3. Sets a bad precedent in a base class that will be inherited by multiple services
  4. Can cause deadlocks in certain hosting scenarios (IIS in-process, custom middleware)

Impact: Application hangs under load; difficult to diagnose in production.

Recommended Fix: Provide synchronous audit path that doesn't require async:

/// <summary>
/// Records an audit entry for a content operation (synchronous).
/// </summary>
protected void Audit(AuditType type, int userId, int objectId, string? message = null, string? parameters = null)
{
    // Resolve user key synchronously - IUserIdKeyResolver should have sync overload
    // For now, use the async pattern with ConfigureAwait(false) to avoid context capture
    Guid userKey = UserIdKeyResolver.GetAsync(userId).ConfigureAwait(false).GetAwaiter().GetResult();

    AuditService.Add(
        type,
        userKey,
        objectId,
        UmbracoObjectTypes.Document.GetName(),
        message,
        parameters);
}

Alternative (Preferred Long-Term): Add IAuditService.Add() synchronous overload and IUserIdKeyResolver.Get(int userId) synchronous overload. This avoids the async-over-sync anti-pattern entirely.

Action Required:

  • Check if IAuditService has synchronous Add method
  • Check if IUserIdKeyResolver has synchronous Get method
  • If not, use ConfigureAwait(false) pattern as shown above
  • Add // TODO: Replace with sync overloads when available comment

2.2 Nested Scope Creation — Performance Degradation

Locations:

  • GetContentType() creates its own scope (lines 1338-1345)
  • GetLanguageDetailsForAuditEntry() creates its own scope (lines 1347-1356)
  • Create(int parentId, ...) calls GetById(parentId) which creates scope, then continues without scope
  • GetParent(int id) calls GetById(id) then GetById(content.ParentId) — 2 scopes

Why it matters: Each CreateCoreScope() call:

  • Acquires a database connection from the pool
  • Creates a new transaction context
  • Has overhead for read/write lock acquisition
  • Adds latency (~0.5-2ms per scope depending on connection pool state)

Impact: A single Save() operation calling GetLanguageDetailsForAuditEntry() creates 2+ scopes. At baseline ~7ms per save, this overhead compounds:

  • 100 saves: +50-200ms overhead
  • 1000 saves: +500-2000ms overhead

Recommended Fix: Create *Locked or *Internal variants that assume caller holds scope:

// Public API - creates scope
public IContentType GetContentType(string alias)
{
    using (ICoreScope scope = ScopeProvider.CreateCoreScope(autoComplete: true))
    {
        scope.ReadLock(Constants.Locks.ContentTypes);
        return GetContentTypeLocked(alias);
    }
}

// Internal - assumes caller holds scope with appropriate lock
private IContentType GetContentTypeLocked(string alias)
{
    return _contentTypeRepository.Get(alias)
           ?? throw new ArgumentException($"No content type with alias '{alias}' exists.", nameof(alias));
}

// In Save() - reuse the scope
public OperationResult Save(IContent content, ...)
{
    using (ICoreScope scope = ScopeProvider.CreateCoreScope())
    {
        scope.WriteLock(Constants.Locks.ContentTree);
        // ...
        if (culturesChanging != null)
        {
            // Use locked variant - no nested scope
            var langs = GetLanguageDetailsForAuditEntryLocked(culturesChanging);
            Audit(AuditType.SaveVariant, userId.Value, content.Id, $"Saved languages: {langs}", langs);
        }
        // ...
    }
}

Files to Update:

  • ContentCrudService.cs: Add GetContentTypeLocked(), GetLanguageDetailsForAuditEntryLocked()
  • Update Save(), CreateAndSaveInternal() to use locked variants
  • Document preconditions in XML comments for locked methods

2.3 Interface Versioning Policy — Clarify Inheritance Requirement

Location: Versioning Strategy section (lines 28-70)

Issue: The plan states:

"When adding new methods to IContentCrudService, provide a default implementation in ContentServiceBase"

This conflates C# 8+ default interface methods with abstract base class implementations. The current design requires ContentServiceBase inheritance, which is the correct approach but needs explicit documentation.

Resolution (Agreed): Use Option B — Document that ContentServiceBase inheritance is required.

Recommended Changes:

  1. Update Versioning Strategy section — Replace lines 46-55 with:
### Interface Extensibility Model

`IContentCrudService` is designed for **composition, not direct implementation**.

**Supported usage:**
- Inject `IContentCrudService` as a dependency ✅
- Extend `ContentCrudService` via inheritance ✅
- Replace registration in DI with custom implementation inheriting `ContentServiceBase`**Unsupported usage:**
- Implement `IContentCrudService` directly without inheriting `ContentServiceBase`**Rationale:** All CRUD operations require shared infrastructure (scoping, repositories,
auditing). `ContentServiceBase` provides this infrastructure. Direct interface implementation
would require re-implementing this infrastructure correctly, which is error-prone and
creates maintenance burden.

**Adding New Methods (Umbraco internal process):**
1. Add method signature to `IContentCrudService` interface
2. Add virtual implementation to `ContentServiceBase` (if shareable) or `ContentCrudService`
3. Existing subclasses automatically inherit the new implementation
4. Mark with `[Since("X.Y")]` attribute if adding after initial release
  1. Update IContentCrudService XML documentation — Add implementation warning:
/// <summary>
/// Service for content CRUD (Create, Read, Update, Delete) operations.
/// </summary>
/// <remarks>
/// <para>
/// <strong>Implementation Note:</strong> Do not implement this interface directly.
/// Instead, inherit from <see cref="ContentServiceBase"/> which provides required
/// infrastructure (scoping, repository access, auditing). Direct implementation
/// without this base class will result in missing functionality.
/// </para>
/// <para>
/// This interface is part of the ContentService refactoring initiative.
/// It extracts core CRUD operations into a focused, testable service.
/// </para>
/// ...
/// </remarks>
public interface IContentCrudService : IService

2.4 Validation Before Lock — Race Condition Window

Location: Save() method lines 1077-1091

public OperationResult Save(IContent content, ...)
{
    PublishedState publishedState = content.PublishedState;
    // Validation happens BEFORE lock acquisition
    if (publishedState != PublishedState.Published && publishedState != PublishedState.Unpublished)
        throw new InvalidOperationException(...);

    if (content.Name != null && content.Name.Length > 255)
        throw new InvalidOperationException(...);

    EventMessages eventMessages = EventMessagesFactory.Get();

    using (ICoreScope scope = ScopeProvider.CreateCoreScope())
    {
        // Lock acquired AFTER validation
        scope.WriteLock(Constants.Locks.ContentTree);

Why it matters: The content object's state could theoretically change between validation and lock acquisition if:

  • Another thread modifies the same IContent instance
  • The object is shared across async contexts

While unlikely in typical usage, this violates transactional consistency principles.

Recommended Fix: Move validation inside the locked section:

public OperationResult Save(IContent content, ...)
{
    EventMessages eventMessages = EventMessagesFactory.Get();

    using (ICoreScope scope = ScopeProvider.CreateCoreScope())
    {
        scope.WriteLock(Constants.Locks.ContentTree);

        // Validate AFTER acquiring lock — content state is now stable
        PublishedState publishedState = content.PublishedState;
        if (publishedState != PublishedState.Published && publishedState != PublishedState.Unpublished)
        {
            throw new InvalidOperationException(
                $"Cannot save (un)publishing content with name: {content.Name} - and state: {content.PublishedState}");
        }

        if (content.Name != null && content.Name.Length > 255)
        {
            throw new InvalidOperationException(
                $"Content with the name {content.Name} cannot be more than 255 characters in length.");
        }

        // Continue with save...

Trade-off: Lock is held slightly longer during validation. However, validation is O(1) string length check, so impact is negligible (~microseconds).

3. High Priority Issues (P1 — Should Fix)

3.1 Thread-Unsafe Baseline Loading in Benchmarks

Location: ContentServiceBenchmarkBase.cs lines 1688-1689

private Dictionary<string, BenchmarkResult>? _baseline;

protected void AssertNoRegression(...)
{
    _baseline ??= LoadBaseline();  // Race condition if tests run in parallel

Why it matters: NUnit can run tests in parallel (default behavior). Multiple threads checking _baseline == null simultaneously could:

  • Both see null and both call LoadBaseline()
  • Cause file I/O contention
  • Result in JsonSerializer errors if file is read concurrently
  • Produce inconsistent baseline state

Recommended Fix: Use Lazy<T> for thread-safe initialization:

private static readonly Lazy<Dictionary<string, BenchmarkResult>> _baselineLoader =
    new(() => LoadBaselineInternal(), LazyThreadSafetyMode.ExecutionAndPublication);

private static Dictionary<string, BenchmarkResult> Baseline => _baselineLoader.Value;

protected void AssertNoRegression(string name, long elapsedMs, int itemCount, double thresholdPercent = DefaultRegressionThreshold)
{
    RecordBenchmark(name, elapsedMs, itemCount);

    if (Baseline.TryGetValue(name, out var baselineResult))
    {
        // ... regression check logic
    }
}

private static Dictionary<string, BenchmarkResult> LoadBaselineInternal()
{
    // ... existing LoadBaseline logic, but static
}

3.2 Baseline Path Uses Relative Navigation — Brittle

Location: ContentServiceBenchmarkBase.cs lines 1670-1673

private static readonly string BaselinePath = Path.Combine(
    TestContext.CurrentContext.TestDirectory,
    "..", "..", "..", "..", "..",
    "docs", "plans", "baseline-phase0.json");

Why it matters: TestContext.CurrentContext.TestDirectory varies by:

  • Test runner (Visual Studio, Rider, dotnet CLI, NCrunch)
  • Build configuration (Debug/Release)
  • CI/CD environment (GitHub Actions, Azure DevOps)

Five .. navigations are fragile and will break when project structure changes.

Recommended Fix: Use repository root detection:

private static string FindRepositoryRoot()
{
    var dir = new DirectoryInfo(TestContext.CurrentContext.TestDirectory);
    while (dir != null)
    {
        if (File.Exists(Path.Combine(dir.FullName, "umbraco.sln")))
        {
            return dir.FullName;
        }
        dir = dir.Parent;
    }
    throw new InvalidOperationException(
        $"Cannot find repository root (umbraco.sln) starting from {TestContext.CurrentContext.TestDirectory}");
}

private static readonly Lazy<string> _repositoryRoot = new(FindRepositoryRoot);

private static string BaselinePath => Path.Combine(_repositoryRoot.Value, "docs", "plans", "baseline-phase0.json");

3.3 GetByIds Dictionary Key Collision Risk

Location: ContentCrudService.cs lines 909-910

var index = items.ToDictionary(x => x.Id, x => x);

Why it matters: If DocumentRepository.GetMany() returns duplicates (due to repository bug, database inconsistency, or future ORM change), .ToDictionary() throws ArgumentException: An item with the same key has already been added.

Impact: Service method crashes with unhelpful exception instead of gracefully handling data inconsistency.

Recommended Fix: Use safe dictionary construction:

// Option 1: Take first occurrence (matches current behavior intent)
var index = items.GroupBy(x => x.Id).ToDictionary(g => g.Key, g => g.First());

// Option 2: Use TryAdd pattern (more explicit)
var index = new Dictionary<int, IContent>();
foreach (var item in items)
{
    index.TryAdd(item.Id, item);  // Silently ignores duplicates
}

Apply same fix to GetByIds(IEnumerable<Guid>) (line 931).

3.4 Missing ContentSchedule Support in Batch Save

Location: IContentCrudService.cs lines 436-438

OperationResult Save(IEnumerable<IContent> contents, int userId = Constants.Security.SuperUserId);

The batch Save doesn't accept ContentScheduleCollection, but the single-item Save does:

OperationResult Save(IContent content, int? userId = null, ContentScheduleCollection? contentSchedule = null);

Why it matters: Users needing to save multiple items with individual schedules must:

  1. Make N individual Save() calls (defeats batching purpose)
  2. Or call batch Save() then separately persist schedules (inconsistent transaction)

Recommended Fix (Documentation): Add XML doc noting the limitation:

/// <summary>
/// Saves multiple documents.
/// </summary>
/// <param name="contents">The documents to save.</param>
/// <param name="userId">Optional id of the user saving the content.</param>
/// <returns>The operation result.</returns>
/// <remarks>
/// This method does not support content schedules. To save content with schedules,
/// use the single-item <see cref="Save(IContent, int?, ContentScheduleCollection?)"/> overload.
/// </remarks>
OperationResult Save(IEnumerable<IContent> contents, int userId = Constants.Security.SuperUserId);

Future Enhancement (Optional): Consider adding:

OperationResult Save(IEnumerable<(IContent Content, ContentScheduleCollection? Schedule)> items, int userId = ...);

4. Medium Priority Issues (P2 — Recommended)

4.1 Unit Test Mock Setup Repetition

Location: ContentCrudServiceTests.cs lines 570-579 (repeated 6+ times)

Each test repeats the same ~10-line CreateCoreScope mock setup.

Recommendation: Extract to helper:

private ICoreScope CreateMockScopeWithReadLock()
{
    var scope = new Mock<ICoreScope>();
    scope.Setup(x => x.ReadLock(It.IsAny<int[]>()));
    _scopeProvider.Setup(x => x.CreateCoreScope(
        It.IsAny<IsolationLevel>(),
        It.IsAny<RepositoryCacheMode>(),
        It.IsAny<IEventDispatcher?>(),
        It.IsAny<IScopedNotificationPublisher?>(),
        It.IsAny<bool?>(),
        It.IsAny<bool>(),
        It.IsAny<bool>()))
        .Returns(scope.Object);
    return scope.Object;
}

private ICoreScope CreateMockScopeWithWriteLock()
{
    var scope = CreateMockScopeWithReadLock();
    Mock.Get(scope).Setup(x => x.WriteLock(It.IsAny<int[]>()));
    Mock.Get(scope).Setup(x => x.Notifications).Returns(Mock.Of<IScopedNotificationPublisher>());
    return scope;
}

4.2 Benchmark Threshold Should Be Configurable

Location: ContentServiceBenchmarkBase.cs line 1683

private const double DefaultRegressionThreshold = 20.0;

Recommendation: Allow CI override via environment variable:

private static readonly double RegressionThreshold =
    double.TryParse(Environment.GetEnvironmentVariable("BENCHMARK_REGRESSION_THRESHOLD"), out var t)
        ? t
        : 20.0;

This allows tightening thresholds in CI while keeping development lenient.

4.3 Missing Test Category Attributes

Location: ContentCrudServiceTests.cs

The unit tests lack [Category("UnitTest")] attribute, making it harder to filter:

# Can't easily run only unit tests
dotnet test --filter "Category=UnitTest"

Recommendation: Add category:

[TestFixture]
[Category("UnitTest")]
public class ContentCrudServiceTests

4.4 Summary Table File Count Mismatch

Location: Task 7 Summary (line 1916)

The table states "4 new files" but Task 2 creates IContentCrudService.cs as a 5th file.

Files created:

  1. ContentServiceBase.cs
  2. ContentServiceConstants.cs
  3. IContentCrudService.cs
  4. ContentCrudService.cs
  5. ContentCrudServiceTests.cs

Fix: Update summary to "5 new files".

4.5 GetAncestors Return Order Inconsistency

Location: ContentCrudService.cs lines 988-998

Documentation says:

Returns: The ancestor documents, from parent to root.

Implementation does:

var ancestorIds = content.Path
    .Split(',')
    .Skip(1)  // Skip root (-1)
    .Select(int.Parse)
    .Where(id => id != content.Id)
    .ToArray();

return GetByIds(ancestorIds);  // Returns in path order: root -> parent

Path format is -1,123,456,789 where 123 is closest to root, 789 is the item. After Skip(1) and excluding self: [123, 456] — this is root-to-parent order.

Recommendation: Either:

  1. Fix documentation: "from root to parent"
  2. Or reverse the array: ancestorIds.Reverse().ToArray()

Check existing ContentService.GetAncestors behavior for consistency.

5. Questions for Clarification

# Question Impact
1 Is there an async version of this interface planned? Many services in codebase have *Async variants. Affects whether to add async methods now or later
2 What should happen if baseline-phase0.json is missing in CI? Current: skip silently. Alternative: fail hard. Affects CI reliability
3 GetPagedDescendantsLocked is private but mentioned in interface method count (24 total). Should it be internal/protected? Documentation accuracy
4 Does IUserIdKeyResolver have a synchronous Get method, or only GetAsync? Affects 2.1 fix approach

6. Implementation Checklist Update

Add these items to the existing checklist in the plan:

### Critical Review 3 Changes Required

**P0 - Must Fix:**
- [ ] Fix `Audit()` async wrapper (use `ConfigureAwait(false)` or sync overloads)
- [ ] Add `*Locked` variants for `GetContentType`, `GetLanguageDetailsForAuditEntry`
- [ ] Update Versioning Strategy to document `ContentServiceBase` inheritance requirement
- [ ] Add implementation warning to `IContentCrudService` XML docs
- [ ] Move `Save()` validation inside locked section

**P1 - Should Fix:**
- [ ] Make baseline loading thread-safe with `Lazy<T>`
- [ ] Use repository root detection for baseline path
- [ ] Handle duplicate keys in `GetByIds` dictionary construction
- [ ] Add XML doc to batch `Save` noting schedule limitation

**P2 - Recommended:**
- [ ] Extract mock setup helpers in unit tests
- [ ] Add `[Category("UnitTest")]` to test fixture
- [ ] Update summary table to "5 new files"
- [ ] Verify/fix `GetAncestors` return order documentation
- [ ] Make regression threshold configurable via environment variable

7. Final Recommendation

Approve with Changes

The plan is well-structured and has comprehensively addressed feedback from reviews 1 and 2. The identified issues are targeted and fixable without architectural changes.

Priority Summary

Priority Count Effort Estimate
P0 (Must Fix) 4 ~2-3 hours
P1 (Should Fix) 4 ~1-2 hours
P2 (Recommended) 5 ~30 min

Before Implementation:

  1. Apply all P0 fixes to the plan
  2. Apply P1 fixes (strongly recommended)
  3. P2 can be addressed during implementation

Sign-off Criteria:

  • All P0 items resolved in plan v1.4
  • P1 items either resolved or documented as known limitations
  • Plan version incremented with "Critical Review 3 Changes Applied" section

Review Complete: 2025-12-20 Next Action: Update plan to v1.4 with fixes, then proceed to implementation

Reference in New Issue View Git Blame Copy Permalink