add file lock check when move dirent

2025-09-02 23:48:47 +00:00 · 2019-06-17 15:04:20 +08:00
parent f177aa882f
commit 2e3b68f947
2 changed files with 82 additions and 3 deletions
--- a/seahub/api2/endpoints/repos_batch.py
+++ b/seahub/api2/endpoints/repos_batch.py
@@ -29,7 +29,7 @@ from seahub.utils import is_org_context, send_perm_audit_msg, \
        normalize_dir_path, get_folder_permission_recursively, \
        normalize_file_path, check_filename_with_rename
 from seahub.utils.repo import get_repo_owner, get_available_repo_perms, \
-        parse_repo_perm
+        parse_repo_perm, get_locked_files_by_dir

 from seahub.views import check_folder_permission
 from seahub.settings import MAX_PATH
@@ -1244,9 +1244,18 @@ class ReposAsyncBatchMoveItemView(APIView):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

-        result = {}
+        # check locked files
        username = request.user.username
+        locked_files = get_locked_files_by_dir(request, src_repo_id, src_parent_dir)
+        for dirent in src_dirents:
+            # file is locked and lock owner is not current user
+            if dirent in locked_files.keys() and \
+                    locked_files[dirent] != username:
+                error_msg = _(u'File %s is locked.') % dirent
+                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

+        # move file
+        result = {}
        formated_src_dirents = [dirent.strip('/') for dirent in src_dirents]
        src_multi = "\t".join(formated_src_dirents)
        dst_multi = "\t".join(formated_src_dirents)
@@ -1445,9 +1454,18 @@ class ReposSyncBatchMoveItemView(APIView):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

-        result = {}
+        # check locked files
        username = request.user.username
+        locked_files = get_locked_files_by_dir(request, src_repo_id, src_parent_dir)
+        for dirent in src_dirents:
+            # file is locked and lock owner is not current user
+            if dirent in locked_files.keys() and \
+                    locked_files[dirent] != username:
+                error_msg = _(u'File %s is locked.') % dirent
+                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

+        # move file
+        result = {}
        formated_src_dirents = [dirent.strip('/') for dirent in src_dirents]
        src_multi = "\t".join(formated_src_dirents)
        dst_multi = "\t".join(formated_src_dirents)
--- a/tests/api/endpoints/test_repos_batch.py
+++ b/tests/api/endpoints/test_repos_batch.py
@@ -994,6 +994,36 @@ class ReposAsyncBatchMoveItemView(BaseTestCase):
        resp = self.client.post(self.url, json.dumps(data), 'application/json')
        self.assertEqual(403, resp.status_code)

+    def test_move_with_locked_file(self):
+
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
+        self.login_as(self.user)
+
+        # share admin's tmp repo to user with 'r' permission
+        admin_repo_id = self.create_new_repo(self.admin_name)
+        seafile_api.share_repo(admin_repo_id, self.admin_name,
+                self.user_name, 'rw')
+
+        # admin lock file
+        admin_file_name = randstring(6)
+        seafile_api.post_empty_file(admin_repo_id, '/', admin_file_name,
+                self.admin_name)
+        seafile_api.lock_file(admin_repo_id, admin_file_name, self.admin_name, 0)
+
+        # user move locked file
+        data = {
+            "src_repo_id": admin_repo_id,
+            "src_parent_dir": '/',
+            "src_dirents":[admin_file_name],
+            "dst_repo_id": self.dst_repo_id,
+            "dst_parent_dir": '/',
+        }
+        resp = self.client.post(self.url, json.dumps(data), 'application/json')
+        self.assertEqual(403, resp.status_code)
+        json_resp = json.loads(resp.content)
+        assert json_resp['error_msg'] == 'File %s is locked.' % admin_file_name

 class ReposSyncBatchCopyItemView(BaseTestCase):

@@ -1539,3 +1569,34 @@ class ReposSyncBatchMoveItemView(BaseTestCase):
        }
        resp = self.client.post(self.url, json.dumps(data), 'application/json')
        self.assertEqual(403, resp.status_code)
+
+    def test_move_with_locked_file(self):
+
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
+        self.login_as(self.user)
+
+        # share admin's tmp repo to user with 'r' permission
+        admin_repo_id = self.create_new_repo(self.admin_name)
+        seafile_api.share_repo(admin_repo_id, self.admin_name,
+                self.user_name, 'rw')
+
+        # admin lock file
+        admin_file_name = randstring(6)
+        seafile_api.post_empty_file(admin_repo_id, '/', admin_file_name,
+                self.admin_name)
+        seafile_api.lock_file(admin_repo_id, admin_file_name, self.admin_name, 0)
+
+        # user move locked file
+        data = {
+            "src_repo_id": admin_repo_id,
+            "src_parent_dir": '/',
+            "src_dirents":[admin_file_name],
+            "dst_repo_id": self.dst_repo_id,
+            "dst_parent_dir": '/',
+        }
+        resp = self.client.post(self.url, json.dumps(data), 'application/json')
+        self.assertEqual(403, resp.status_code)
+        json_resp = json.loads(resp.content)
+        assert json_resp['error_msg'] == 'File %s is locked.' % admin_file_name