Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

useField can incorrectly update document lock #8781

Open
stofolus opened this issue Oct 18, 2024 · 0 comments
Open

useField can incorrectly update document lock #8781

stofolus opened this issue Oct 18, 2024 · 0 comments
Labels
status: needs-triage Possible bug which hasn't been reproduced yet v3

Comments

@stofolus
Copy link

Describe the Bug

When using a useForm inside a custom field component you can have a the form-state request update the "updatedAt" field on a document locked by another user.

Link to the code that reproduces this issue

https://github.com/stofolus/payload-lock-bug

Reproduction Steps

Clone the repo or use the latest website template.

The changes to the template are in the Posts collection.

  • The documentLoaded field
  • Disable autosave
  • Add document locking
versions: {
    drafts: true,
    maxPerDoc: 50,
  },

lockDocuments: {
    duration: 60,
  },

Create a couple of users.

Open and make a change to a page without saving. Then close the window. Now open the same page with another user and if you check the database you can se that with every page load the updatedAt field is updated. Even though it's tied to user1 and you are viewing the page as another user.

Now I know that you could fix this by checking if the field is readOnly before updating it. And it's absolutely resonable to do. But I still think that the form-state api should not update the locked-documents document if it's tied to another user. It's a good way to make it harder for people to accidentally create bugs

Which area(s) are affected? (Select all that apply)

Not sure

Environment Info

Binaries:
Node: 20.17.0
npm: 10.8.2
Yarn: N/A
pnpm: 9.0.2
Relevant Packages:
payload: 3.0.0-beta.116
next: 15.0.0-canary.173
@payloadcms/db-mongodb: 3.0.0-beta.116
@payloadcms/email-nodemailer: 3.0.0-beta.116
@payloadcms/graphql: 3.0.0-beta.116
@payloadcms/live-preview: 3.0.0-beta.116
@payloadcms/live-preview-react: 3.0.0-beta.116
@payloadcms/next/utilities: 3.0.0-beta.116
@payloadcms/plugin-cloud: 3.0.0-beta.116
@payloadcms/plugin-form-builder: 3.0.0-beta.116
@payloadcms/plugin-nested-docs: 3.0.0-beta.116
@payloadcms/plugin-redirects: 3.0.0-beta.116
@payloadcms/plugin-search: 3.0.0-beta.116
@payloadcms/plugin-seo: 3.0.0-beta.116
@payloadcms/richtext-lexical: 3.0.0-beta.116
@payloadcms/translations: 3.0.0-beta.116
@payloadcms/ui/shared: 3.0.0-beta.116
react: 19.0.0-rc-3edc000d-20240926
react-dom: 19.0.0-rc-3edc000d-20240926
Operating System:
Platform: linux
Arch: x64
Version: #1 SMP Fri Mar 29 23:14:13 UTC 2024
Available memory (MB): 15970
Available CPU cores: 12
@stofolus stofolus added status: needs-triage Possible bug which hasn't been reproduced yet v3 labels Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: needs-triage Possible bug which hasn't been reproduced yet v3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stofolus