userid

plone · Jan 25, 2025 · 7717827 · 7717827
1 parent 37236d3
commit 7717827
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 7 deletions.
diff --git a/news/1867.bugfix b/news/1867.bugfix
@@ -1 +1,3 @@
-In the `creator_name` function, return the username if the user is not found, instead of raising `AttributeError`. @mamico
+In the `creator_name` function for locking endpoint, return the userid if the user is not found, instead of raising `AttributeError`. @mamico
+
+Zope locks store their creator using the userid, not the username (login name), changed accordly the `creator_name` and `creatur_url` function. @davisagli @mamico
diff --git a/src/plone/restapi/services/locking/__init__.py b/src/plone/restapi/services/locking/__init__.py
@@ -7,17 +7,17 @@
 from plone.locking.interfaces import ILockable
 
 
-def creator_name(username):
-    user = api.user.get(username=username)
+def creator_name(userid):
+    user = api.user.get(userid=userid)
     if user:
-        return user.getProperty("fullname") or username
+        return user.getProperty("fullname") or userid
     else:
-        return username
+        return userid
 
 
-def creator_url(username):
+def creator_url(userid):
     url = api.portal.get().absolute_url()
-    return f"{url}/author/{username}"
+    return f"{url}/author/{userid}"
 
 
 def creation_date(timestamp):

diff --git a/src/plone/restapi/tests/test_locking.py b/src/plone/restapi/tests/test_locking.py
@@ -131,3 +131,27 @@ def test_lock_user_removed(self):
         self.assertEqual(response.json()["creator"], "foo")
         self.assertEqual(response.json()["creator_name"], "foo")
         self.assertTrue(lockable.locked())
+
+    def test_lock_username_vs_userid(self):
+        lockable = ILockable(self.doc)
+        api.user.create(
+            username="foo1234",
+            email="foo@bar.com",
+            roles=["Manager"],
+            properties={"fullname": "Foo Bar"},
+        )
+        pas = api.portal.get_tool("acl_users")
+        # generally the username and userid are the same...
+        self.assertEqual(pas.getUserById("foo1234").getUserName(), "foo1234")
+        # ...but we can change it
+        pas.updateLoginName("foo1234", "foo")
+        self.assertEqual(pas.getUserById("foo1234").getUserName(), "foo")
+        with api.env.adopt_user(username="foo"):
+            lockable.lock()
+        transaction.commit()
+        response = self.api_session.get("/@lock")
+        self.assertEqual(response.status_code, 200)
+        # here the userid
+        self.assertEqual(response.json()["creator"], "foo1234")
+        self.assertEqual(response.json()["creator_name"], "Foo Bar")
+        self.assertTrue(lockable.locked())