[4.2] Do not checkout a record when the user is not logged in (#38796)

* Do not checkout a record when the user is not logged in * do not load early * correct return * add test
2024-06-30 00:53:41 +00:00 · 2022-10-15 10:40:34 +02:00 · 2022-10-15 10:40:34 +02:00 · 73abc86f6a
commit 73abc86f6a
parent 4388c1f64b
2 changed files with 49 additions and 4 deletions
--- a/libraries/src/MVC/Model/FormModel.php
+++ b/libraries/src/MVC/Model/FormModel.php
@ -150,7 +150,13 @@ abstract class FormModel extends BaseDatabaseModel implements FormFactoryAwareIn
                return true;
            }

-            $user            = $this->getCurrentUser();
+            $user = $this->getCurrentUser();
+
+            // When the user is a guest, don't do a checkout
+            if (!$user->id) {
+                return false;
+            }
+
            $checkedOutField = $table->getColumnAlias('checked_out');

            // Check if this is the user having previously checked out the row.
--- a/tests/Unit/Libraries/Cms/MVC/Model/FormModelTest.php
+++ b/tests/Unit/Libraries/Cms/MVC/Model/FormModelTest.php
@ -244,7 +244,7 @@ class FormModelTest extends UnitTestCase
     *
     * @since   4.2.0
     */
-    public function testSucessfullCheckout()
+    public function testSuccessfulCheckout()
    {
        $table              = $this->createStub(Table::class);
        $table->checked_out = 0;
@ -263,7 +263,11 @@ class FormModelTest extends UnitTestCase
                return null;
            }
        };
-        $model->setCurrentUser(new User());
+
+        // Must be a valid user
+        $user     = new User();
+        $user->id = 1;
+        $model->setCurrentUser($user);

        $this->assertTrue($model->checkout(1));
    }
@ -275,7 +279,7 @@ class FormModelTest extends UnitTestCase
     *
     * @since   4.2.0
     */
-    public function testSucessfullCheckoutWithEmptyRecord()
+    public function testSuccessfulCheckoutWithEmptyRecord()
    {
        $model = new class (['dbo' => $this->createStub(DatabaseInterface::class)], $this->createStub(MVCFactoryInterface::class)) extends FormModel
        {
@ -307,6 +311,41 @@ class FormModelTest extends UnitTestCase
        $mvcFactory = $this->createStub(MVCFactoryInterface::class);
        $mvcFactory->method('createTable')->willReturn($table);

+        $model = new class (['dbo' => $this->createStub(DatabaseInterface::class)], $mvcFactory) extends FormModel
+        {
+            public function getForm($data = array(), $loadData = true)
+            {
+                return null;
+            }
+        };
+
+        // Must be a valid user
+        $user     = new User();
+        $user->id = 1;
+        $model->setCurrentUser($user);
+
+        $this->assertFalse($model->checkout(1));
+    }
+
+    /**
+     * @testdox  can't checkout a record when the current user is a guest
+     *
+     * @return  void
+     *
+     * @since   4.2.0
+     */
+    public function testFailedCheckoutAsGuest()
+    {
+        $table              = $this->createStub(Table::class);
+        $table->checked_out = 0;
+        $table->method('load')->willReturn(true);
+        $table->method('hasField')->willReturn(true);
+        $table->method('checkIn')->willReturn(false);
+        $table->method('getColumnAlias')->willReturn('checked_out');
+
+        $mvcFactory = $this->createStub(MVCFactoryInterface::class);
+        $mvcFactory->method('createTable')->willReturn($table);
+
        $model = new class (['dbo' => $this->createStub(DatabaseInterface::class)], $mvcFactory) extends FormModel
        {
            public function getForm($data = array(), $loadData = true)