Prevent deleting data when non-existing customer

[Matt75]

Questions	Answers
Description?	Prevent deleting data when non-existing customer
Type?	bug fix
BC breaks?	no
Deprecations?	no
Fixed ticket?	https://github.com/PrestaShop/psgdpr/issues/77
How to test?	For example ps-admin/index.php?controller=AdminAjaxPsgdpr&token=0fdd3c1562cd6e510b7f8f1bc9b35d56&ajax=true&action=DeleteCustomer&delete=customer&value=0 (Do not forget to change token by yours in this example)

Prevent deleting data when non-existing customer, eg. $customer->id = 0

• All specific price not associated to a customer will be deleted
• All cart rules not associated to a customer will be deleted
• All anonymous customer thread and messages will be deleted

Bug reported from Addons

[camlafit]

Hello

Thank for this PR.

As said these methods are public (also deleteDataFromPrestashop). These methods can be used to create a cron and anonymize old accounts (our use case).
An other case, any ajax call can send an erroneous id_customer.
Other use case on db overload and query partially broken and not secured.

[sarahdib]

@Matt75 in which case the id_customer = 0 ?

[Matt75]

@sarahdib Problem is only when id_customer = 0 ;)
As said by @camlafit, on cron job or when url is manually changed.

For example ps-admin/index.php?controller=AdminAjaxPsgdpr&token=0fdd3c1562cd6e510b7f8f1bc9b35d56&ajax=true&action=DeleteCustomer&delete=customer&value=0 (Do not forget to change token by yours in this example)

[sarahdib]

@Matt75 yes but I can't reproduce a case with id_customer = 0 in order to test. Do you now when a customer id is 0 ?

[Matt75]

@sarahdib No need to have a customer id = 0 ... it never happens but if id_customer = 0 is given, gpdr module delete :

• All specific price not associated to a customer will be deleted
• All cart rules not associated to a customer will be deleted
• All anonymous customer thread and messages will be deleted

[sarahdib]

@Matt75 Thanks :)

[camlafit]

\o/