diff --git a/seahub/api2/endpoints/copy_move_task.py b/seahub/api2/endpoints/copy_move_task.py
index cf5201ba7b..299e60c78d 100644
--- a/seahub/api2/endpoints/copy_move_task.py
+++ b/seahub/api2/endpoints/copy_move_task.py
@@ -17,6 +17,7 @@ from seahub.signals import rename_dirent_successful
 
 from seahub.views import check_folder_permission
 from seahub.utils import check_filename_with_rename
+from seahub.utils.file_op import check_file_lock
 from seahub.settings import MAX_PATH
 
 from seaserv import seafile_api
@@ -118,10 +119,15 @@ class CopyMoveTaskView(APIView):
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
         new_dirent_name = check_filename_with_rename(dst_repo_id,
-                                                     dst_parent_dir, src_dirent_name)
+                dst_parent_dir, src_dirent_name)
 
         username = request.user.username
         if operation == 'move':
+            # permission check for src parent dir
+            if check_folder_permission(request, src_repo_id, src_parent_dir) != 'rw':
+                error_msg = 'Permission denied.'
+                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
             if dirent_type == 'dir' and src_repo_id == dst_repo_id and \
                     dst_parent_dir.startswith(src_dirent_path + '/'):
 
@@ -129,10 +135,19 @@ class CopyMoveTaskView(APIView):
                     % {'src': escape(src_dirent_path), 'des': escape(dst_parent_dir)}
                 return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
 
-            # permission check for src parent dir
-            if check_folder_permission(request, src_repo_id, src_parent_dir) != 'rw':
-                error_msg = 'Permission denied.'
-                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+            if dirent_type == 'file':
+                # check file lock
+                try:
+                    is_locked, locked_by_me = check_file_lock(src_repo_id,
+                            src_dirent_path, username)
+                except Exception as e:
+                    logger.error(e)
+                    error_msg = 'Internal Server Error'
+                    return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+                if is_locked and not locked_by_me:
+                    error_msg = _("File is locked")
+                    return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
             try:
                 res = seafile_api.move_file(src_repo_id, src_parent_dir,
diff --git a/seahub/api2/endpoints/file.py b/seahub/api2/endpoints/file.py
index fa1af6fc8b..321f25f3a2 100644
--- a/seahub/api2/endpoints/file.py
+++ b/seahub/api2/endpoints/file.py
@@ -18,9 +18,11 @@ from seahub.api2.utils import api_error
 from seahub.signals import rename_dirent_successful
 
 from seahub.utils import check_filename_with_rename, is_pro_version, \
-    gen_file_upload_url, is_valid_dirent_name
+    gen_file_upload_url, is_valid_dirent_name, normalize_file_path, \
+    normalize_dir_path
 from seahub.utils.timeutils import timestamp_to_isoformat_timestr
-from seahub.views import check_folder_permission, check_file_lock
+from seahub.views import check_folder_permission
+from seahub.utils.file_op import check_file_lock
 
 from seahub.settings import MAX_UPLOAD_FILE_NAME_LEN, \
     FILE_LOCK_EXPIRATION_DAYS, OFFICE_TEMPLATE_ROOT
@@ -44,7 +46,13 @@ class FileView(APIView):
     def get_file_info(self, username, repo_id, file_path):
 
         file_obj = seafile_api.get_dirent_by_path(repo_id, file_path)
-        is_locked, locked_by_me = check_file_lock(repo_id, file_path, username)
+
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id, file_path, username)
+        except Exception as e:
+            logger.error(e)
+            is_locked = False
+
         file_info = {
             'type': 'file',
             'repo_id': repo_id,
@@ -110,10 +118,12 @@ class FileView(APIView):
 
         # argument check
         path = request.GET.get('p', None)
-        if not path or path[0] != '/':
+        if not path:
             error_msg = 'p invalid.'
             return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
 
+        path = normalize_file_path(path)
+
         operation = request.data.get('operation', None)
         if not operation:
             error_msg = 'operation invalid.'
@@ -240,6 +250,18 @@ class FileView(APIView):
                 error_msg = 'Permission denied.'
                 return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
+            # check file lock
+            try:
+                is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+            except Exception as e:
+                logger.error(e)
+                error_msg = 'Internal Server Error'
+                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+            if is_locked and not locked_by_me:
+                error_msg = _("File is locked")
+                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
             # rename file
             new_file_name = check_filename_with_rename(repo_id, parent_dir,
                     new_file_name)
@@ -271,6 +293,8 @@ class FileView(APIView):
                 error_msg = 'dst_dir invalid.'
                 return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
 
+            dst_dir = normalize_dir_path(dst_dir)
+
             # resource check for source file
             try:
                 file_id = seafile_api.get_file_id_by_path(repo_id, path)
@@ -306,10 +330,19 @@ class FileView(APIView):
                 error_msg = 'Permission denied.'
                 return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
-            # move file
-            if dst_dir[-1] != '/': # Append '/' to the end of directory if necessary
-                dst_dir += '/'
+            # check file lock
+            try:
+                is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+            except Exception as e:
+                logger.error(e)
+                error_msg = 'Internal Server Error'
+                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
 
+            if is_locked and not locked_by_me:
+                error_msg = _("File is locked")
+                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
+            # move file
             if src_repo_id == dst_repo_id and src_dir == dst_dir:
                 file_info = self.get_file_info(username, repo_id, path)
                 return Response(file_info)
@@ -345,6 +378,8 @@ class FileView(APIView):
                 error_msg = 'dst_dir invalid.'
                 return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
 
+            dst_dir = normalize_dir_path(dst_dir)
+
             # resource check for source file
             try:
                 file_id = seafile_api.get_file_id_by_path(repo_id, path)
@@ -381,9 +416,6 @@ class FileView(APIView):
                 return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
             # copy file
-            if dst_dir[-1] != '/': # Append '/' to the end of directory if necessary
-                dst_dir += '/'
-
             if src_repo_id == dst_repo_id and src_dir == dst_dir:
                 file_info = self.get_file_info(username, repo_id, path)
                 return Response(file_info)
@@ -414,9 +446,12 @@ class FileView(APIView):
                     error_msg = 'Permission denied.'
                     return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
-                is_locked, locked_by_me = check_file_lock(repo_id, path, username)
-                if (is_locked, locked_by_me) == (None, None):
-                    error_msg = _("Check file lock error")
+                # check file lock
+                try:
+                    is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+                except Exception as e:
+                    logger.error(e)
+                    error_msg = 'Internal Server Error'
                     return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
 
                 if is_locked and not locked_by_me:
@@ -454,6 +489,7 @@ class FileView(APIView):
         if not path:
             error_msg = 'p invalid.'
             return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+        path = normalize_file_path(path)
 
         operation = request.data.get('operation', None)
         if not operation:
@@ -483,7 +519,13 @@ class FileView(APIView):
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
         username = request.user.username
-        is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+        except Exception as e:
+            logger.error(e)
+            error_msg = 'Internal Server Error'
+            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
         if operation == 'lock':
             if not is_locked:
                 # lock file
@@ -494,6 +536,10 @@ class FileView(APIView):
                     logger.error(e)
                     error_msg = 'Internal Server Error'
                     return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+            else:
+                if not locked_by_me:
+                    error_msg = _("File is locked")
+                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
 
         if operation == 'unlock':
             if is_locked:
@@ -525,6 +571,8 @@ class FileView(APIView):
             error_msg = 'p invalid.'
             return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
 
+        path = normalize_file_path(path)
+
         # resource check
         repo = seafile_api.get_repo(repo_id)
         if not repo:
@@ -537,10 +585,24 @@ class FileView(APIView):
 
         # permission check
         parent_dir = os.path.dirname(path)
+
+        username = request.user.username
         if check_folder_permission(request, repo_id, parent_dir) != 'rw':
             error_msg = 'Permission denied.'
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
+        # check file lock
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+        except Exception as e:
+            logger.error(e)
+            error_msg = 'Internal Server Error'
+            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+        if is_locked and not locked_by_me:
+            error_msg = _("File is locked")
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
         # delete file
         file_name = os.path.basename(path)
         try:
diff --git a/seahub/api2/views.py b/seahub/api2/views.py
index d3b6f43145..1283aa7d9a 100644
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -73,14 +73,15 @@ from seahub.utils import gen_file_get_url, gen_token, gen_file_upload_url, \
 
 from seahub.utils.file_revisions import get_file_revisions_after_renamed
 from seahub.utils.devices import do_unlink_device
-from seahub.utils.repo import get_repo_owner, get_library_storages
+from seahub.utils.repo import get_repo_owner, get_library_storages, \
+        get_locked_files_by_dir
 from seahub.utils.star import star_file, unstar_file
 from seahub.utils.file_types import DOCUMENT
 from seahub.utils.file_size import get_file_size_unit
+from seahub.utils.file_op import check_file_lock
 from seahub.utils.timeutils import utc_to_local, datetime_to_isoformat_timestr
-from seahub.views import is_registered_user, check_file_lock, \
-    group_events_data, get_diff, create_default_library, \
-    list_inner_pub_repos, check_folder_permission
+from seahub.views import is_registered_user, check_folder_permission, \
+    create_default_library, list_inner_pub_repos
 from seahub.views.ajax import get_groups_by_user, get_group_repos
 from seahub.views.file import get_file_view_path_and_perm, send_file_access_msg
 if HAS_FILE_SEARCH:
@@ -1817,27 +1818,34 @@ class OpDeleteView(APIView):
     permission_classes = (IsAuthenticated, )
 
     def post(self, request, repo_id, format=None):
+
+        parent_dir = request.GET.get('p')
+        file_names = request.POST.get("file_names")
+        if not parent_dir or not file_names:
+            return api_error(status.HTTP_404_NOT_FOUND,
+                             'File or directory not found.')
+
         repo = get_repo(repo_id)
         if not repo:
             return api_error(status.HTTP_404_NOT_FOUND, 'Library not found.')
 
         username = request.user.username
-        if check_folder_permission(request, repo_id, '/') != 'rw':
+        if check_folder_permission(request, repo_id, parent_dir) != 'rw':
             return api_error(status.HTTP_403_FORBIDDEN,
                              'You do not have permission to delete this file.')
 
-        if not check_folder_permission(request, repo_id, '/'):
-            return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
-
-        parent_dir = request.GET.get('p')
-        file_names = request.POST.get("file_names")
-
-        if not parent_dir or not file_names:
-            return api_error(status.HTTP_404_NOT_FOUND,
-                             'File or directory not found.')
+        allowed_file_names = []
+        locked_files = get_locked_files_by_dir(request, repo_id, parent_dir)
+        for file_name in file_names.split(':'):
+            if file_name not in locked_files.keys():
+                # file is not locked
+                allowed_file_names.append(file_name)
+            elif locked_files[file_name] == username:
+                # file is locked by current user
+                allowed_file_names.append(file_name)
 
         try:
-            multi_files = "\t".join(file_names.split(':'))
+            multi_files = "\t".join(allowed_file_names)
             seafile_api.del_file(repo_id, parent_dir,
                                  multi_files, username)
         except SearpcError as e:
@@ -1899,8 +1907,18 @@ class OpMoveView(APIView):
             return api_error(status.HTTP_403_FORBIDDEN,
                     'You do not have permission to move file to destination folder.')
 
+        allowed_obj_names = []
+        locked_files = get_locked_files_by_dir(request, repo_id, parent_dir)
+        for file_name in obj_names.split(':'):
+            if file_name not in locked_files.keys():
+                # file is not locked
+                allowed_obj_names.append(file_name)
+            elif locked_files[file_name] == username:
+                # file is locked by current user
+                allowed_obj_names.append(file_name)
+
         # check if all file/dir existes
-        obj_names = obj_names.strip(':').split(':')
+        obj_names = allowed_obj_names
         dirents = seafile_api.list_dir_by_path(repo_id, parent_dir)
         exist_obj_names = [dirent.obj_name for dirent in dirents]
         if not set(obj_names).issubset(exist_obj_names):
@@ -2481,10 +2499,16 @@ class FileView(APIView):
         if check_folder_permission(request, repo_id, parent_dir) != 'rw':
             return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
 
+        # check file lock
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+        except Exception as e:
+            logger.error(e)
+            error_msg = 'Internal Server Error'
+            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
         operation = request.data.get('operation', '')
         if operation.lower() == 'lock':
-
-            is_locked, locked_by_me = check_file_lock(repo_id, path, username)
             if is_locked:
                 return api_error(status.HTTP_403_FORBIDDEN, 'File is already locked')
 
@@ -2498,7 +2522,6 @@ class FileView(APIView):
                 return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal error')
 
         if operation.lower() == 'unlock':
-            is_locked, locked_by_me = check_file_lock(repo_id, path, username)
             if not is_locked:
                 return api_error(status.HTTP_403_FORBIDDEN, 'File is not locked')
             if not locked_by_me:
diff --git a/seahub/templates/js/templates.html b/seahub/templates/js/templates.html
index cca557039d..d28a834074 100644
--- a/seahub/templates/js/templates.html
+++ b/seahub/templates/js/templates.html
@@ -604,16 +604,20 @@
                 <a href="#" class="op-icon share sf2-icon-share sf2-x vh" title="{% trans "Share" %}" aria-label="{% trans "Share" %}"></a>
                 <% } %>
                 <% if (dirent.perm == 'rw') { %>
+                <% if (!dirent.is_locked || (dirent.is_locked && dirent.locked_by_me)) { %>
                     <a href="#" class="op-icon delete sf2-icon-delete sf2-x vh" title="{% trans "Delete" %}" aria-label="{% trans "Delete" %}"></a>
                 <% } %>
+                <% } %>
             </div>
             <% if (dirent.perm == 'rw') { %>
             <div class="sf-dropdown sf-dropdown-inline">
                 <a href="#" class="more-op-icon sf2-icon-caret-down op-icon vh sf-dropdown-toggle" title="{% trans "More Operations"%}" aria-label="{% trans "More Operations" %}"></a>
                 <div class="hide sf-dropdown-menu">
                     <ul>
+                        <% if (!dirent.is_locked || (dirent.is_locked && dirent.locked_by_me)) { %>
                         <li><a class="op rename" href="#">{% trans "Rename" %}</a></li>
                         <li><a class="op mv" href="#">{% trans "Move" %}</a></li>
+                        <% } %>
                         <li><a class="op cp" href="#">{% trans "Copy" %}</a></li>
                         <% if (is_pro) { %>
                             <% if (dirent.is_locked) { %>
@@ -726,9 +730,11 @@
                     <li><a class="op share" href="#">{% trans "Share" %}</a></li>
                     <% } %>
                     <% if (dirent.perm == 'rw') { %>
+                    <% if (!dirent.is_locked || (dirent.is_locked && dirent.locked_by_me)) { %>
                     <li><a class="op delete" href="#">{% trans "Delete" %}</a></li>
                     <li><a class="op rename" href="#">{% trans "Rename" %}</a></li>
                     <li><a class="op mv" href="#">{% trans "Move" %}</a></li>
+                    <% } %>
                     <li><a class="op cp" href="#">{% trans "Copy" %}</a></li>
                         <% if (is_pro) { %>
                         <% if (dirent.is_locked) { %>
@@ -807,9 +813,11 @@
             <li><a class="op share" href="#">{% trans "Share" %}</a></li>
             <% } %>
             <% if (dirent.perm == 'rw') { %>
+            <% if (!dirent.is_locked || (dirent.is_locked && dirent.locked_by_me)) { %>
             <li><a class="op delete" href="#">{% trans "Delete" %}</a></li>
             <li><a class="op rename" href="#">{% trans "Rename" %}</a></li>
             <li><a class="op mv" href="#">{% trans "Move" %}</a></li>
+            <% } %>
             <li><a class="op cp" href="#">{% trans "Copy" %}</a></li>
                 <% if (is_pro) { %>
                     <% if (dirent.is_locked) { %>
diff --git a/seahub/utils/file_op.py b/seahub/utils/file_op.py
new file mode 100644
index 0000000000..cd69953abf
--- /dev/null
+++ b/seahub/utils/file_op.py
@@ -0,0 +1,40 @@
+# Copyright (c) 2012-2016 Seafile Ltd.
+# encoding: utf-8
+
+import logging
+from seaserv import seafile_api
+from pysearpc import SearpcError
+
+from seahub.utils import is_pro_version
+from seahub.settings import ENABLE_FOLDER_PERM
+
+# Get an instance of a logger
+logger = logging.getLogger(__name__)
+
+def check_file_lock(repo_id, file_path, username):
+    """ Check if file is locked to current user
+
+    According to returned value of seafile_api.check_file_lock:
+    0: not locked
+    1: locked by other
+    2: locked by me
+    -1: error
+
+    Return (is_locked, locked_by_me)
+    """
+
+    if not is_pro_version() or not ENABLE_FOLDER_PERM:
+        return (False, False)
+
+    return_value = seafile_api.check_file_lock(repo_id,
+            file_path.lstrip('/'), username)
+
+    if return_value == 0:
+        return (False, False)
+    elif return_value == 1:
+        return (True , False)
+    elif return_value == 2:
+        return (True, True)
+    else:
+        raise SearpcError('check file lock error')
+
diff --git a/seahub/utils/repo.py b/seahub/utils/repo.py
index 89d51b97e2..9d78695833 100644
--- a/seahub/utils/repo.py
+++ b/seahub/utils/repo.py
@@ -89,3 +89,28 @@ def get_library_storages(request):
 
     return user_role_storages
 
+def get_locked_files_by_dir(request, repo_id, folder_path):
+    """ Get locked files in a folder
+
+    Returns:
+        A dict contains locked file name and locker owner.
+
+        locked_files = {
+            'file_name': 'lock_owner';
+            ...
+        }
+    """
+
+    username = request.user.username
+
+    # get lock files
+    dir_id = seafile_api.get_dir_id_by_path(repo_id, folder_path)
+    dirents = seafile_api.list_dir_with_perm(repo_id,
+            folder_path, dir_id, username, -1, -1)
+
+    locked_files = {}
+    for dirent in dirents:
+        if dirent.is_locked:
+            locked_files[dirent.obj_name] = dirent.lock_owner
+
+    return locked_files
diff --git a/seahub/views/__init__.py b/seahub/views/__init__.py
index ab0a2ea75f..e7d57810a3 100644
--- a/seahub/views/__init__.py
+++ b/seahub/views/__init__.py
@@ -47,6 +47,7 @@ from seahub.utils import render_permission_error, render_error, \
     is_org_repo_creation_allowed, is_windows_operating_system
 from seahub.utils.star import get_dir_starred_files
 from seahub.utils.repo import get_library_storages
+from seahub.utils.file_op import check_file_lock
 from seahub.utils.timeutils import utc_to_local
 from seahub.views.modules import MOD_PERSONAL_WIKI, enable_mod_for_user, \
     disable_mod_for_user
@@ -104,33 +105,6 @@ def check_folder_permission(request, repo_id, path):
     username = request.user.username
     return seafile_api.check_permission_by_path(repo_id, path, username)
 
-def check_file_lock(repo_id, file_path, username):
-    """ check if file is locked to current user
-    according to returned value of seafile_api.check_file_lock:
-
-    0: not locked
-    1: locked by other
-    2: locked by me
-    -1: error
-
-    return (is_locked, locked_by_me)
-    """
-    try:
-        return_value = seafile_api.check_file_lock(repo_id,
-            file_path.lstrip('/'), username)
-    except SearpcError as e:
-        logger.error(e)
-        return (None, None)
-
-    if return_value == 0:
-        return (False, False)
-    elif return_value == 1:
-        return (True , False)
-    elif return_value == 2:
-        return (True, True)
-    else:
-        return (None, None)
-
 def gen_path_link(path, repo_name):
     """
     Generate navigate paths and links in repo page.
@@ -873,7 +847,12 @@ def file_revisions(request, repo_id):
     can_revert_file = True
     username = request.user.username
 
-    is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+    try:
+        is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+    except Exception as e:
+        logger.error(e)
+        is_locked, locked_by_me = False, False
+
     if seafile_api.check_permission_by_path(repo_id, path, username) != 'rw' or \
         (is_locked and not locked_by_me):
         can_revert_file = False
diff --git a/seahub/views/ajax.py b/seahub/views/ajax.py
index faf6b564ba..f14ab32eab 100644
--- a/seahub/views/ajax.py
+++ b/seahub/views/ajax.py
@@ -45,9 +45,11 @@ from seahub.utils import check_filename_with_rename, EMPTY_SHA1, \
     get_repo_last_modify, gen_file_upload_url, is_org_context, \
     get_file_type_and_ext, is_pro_version
 from seahub.utils.star import get_dir_starred_files
+from seahub.utils.file_types import IMAGE, VIDEO
+from seahub.utils.file_op import check_file_lock
+from seahub.utils.repo import get_locked_files_by_dir
 from seahub.base.accounts import User
 from seahub.thumbnail.utils import get_thumbnail_src
-from seahub.utils.file_types import IMAGE, VIDEO
 from seahub.share.utils import is_repo_admin
 from seahub.base.templatetags.seahub_tags import translate_seahub_time, \
     email2nickname, tsstr_sec
@@ -420,6 +422,19 @@ def rename_dirent(request, repo_id):
             err_msg = _('Permission denied')
             return HttpResponse(json.dumps({'error': err_msg}), status=403,
                                 content_type=content_type)
+        # check file lock
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id, full_path, username)
+        except Exception as e:
+            logger.error(e)
+            err_msg = 'Internal Server Error'
+            return HttpResponse(json.dumps({'error': err_msg}), status=500,
+                                content_type=content_type)
+
+        if is_locked and not locked_by_me:
+            err_msg = _("File is locked")
+            return HttpResponse(json.dumps({'error': err_msg}), status=403,
+                                content_type=content_type)
 
     if newname == oldname:
         return HttpResponse(json.dumps({'success': True}),
@@ -478,6 +493,20 @@ def delete_dirent(request, repo_id):
             return HttpResponse(json.dumps({'error': err_msg}), status=403,
                                 content_type=content_type)
 
+        # check file lock
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id, full_path, username)
+        except Exception as e:
+            logger.error(e)
+            err_msg = 'Internal Server Error'
+            return HttpResponse(json.dumps({'error': err_msg}), status=500,
+                                content_type=content_type)
+
+        if is_locked and not locked_by_me:
+            err_msg = _("File is locked")
+            return HttpResponse(json.dumps({'error': err_msg}), status=403,
+                                content_type=content_type)
+
     # delete file/dir
     try:
         seafile_api.del_file(repo_id, parent_dir, dirent_name, username)
@@ -512,12 +541,29 @@ def delete_dirents(request, repo_id):
                 status=400, content_type=content_type)
 
     # permission checking
-    username = request.user.username
     deleted = []
     undeleted = []
+    allowed_dirents_names = []
+    username = request.user.username
+
+    locked_files = get_locked_files_by_dir(request, repo_id, parent_dir)
+
+    # check parent dir perm for files
+    if check_folder_permission(request, repo_id, parent_dir) != 'rw':
+        undeleted += dirents_names
+    else:
+        for dirent_name in dirents_names:
+            if dirent_name not in locked_files.keys():
+                # file is not locked
+                allowed_dirents_names.append(dirent_name)
+            elif locked_files[dirent_name] == username:
+                # file is locked by current user
+                allowed_dirents_names.append(dirent_name)
+            else:
+                undeleted.append(dirent_name)
 
     multi_files = ''
-    for dirent_name in dirents_names:
+    for dirent_name in allowed_dirents_names:
         full_path = posixpath.join(parent_dir, dirent_name)
         if check_folder_permission(request, repo.id, full_path) != 'rw':
             undeleted.append(dirent_name)
@@ -648,12 +694,21 @@ def mv_dirents(request, src_repo_id, src_path, dst_repo_id, dst_path,
     allowed_files = []
     allowed_dirs = []
 
+    locked_files = get_locked_files_by_dir(request, src_repo_id, src_path)
+
     # check parent dir perm for files
     if check_folder_permission(request, src_repo_id, src_path) != 'rw':
-        allowed_files = []
         failed += obj_file_names
     else:
-        allowed_files = obj_file_names
+        for file_name in obj_file_names:
+            if file_name not in locked_files.keys():
+                # file is not locked
+                allowed_files.append(file_name)
+            elif locked_files[file_name] == username:
+                # file is locked by current user
+                allowed_files.append(file_name)
+            else:
+                failed.append(file_name)
 
     for obj_name in obj_dir_names:
         src_dir = posixpath.join(src_path, obj_name)
diff --git a/seahub/views/file.py b/seahub/views/file.py
index 9dddef8b6d..ea908c57e0 100644
--- a/seahub/views/file.py
+++ b/seahub/views/file.py
@@ -34,7 +34,6 @@ from django.utils.translation import ugettext as _
 from django.views.decorators.http import require_POST
 from django.template.defaultfilters import filesizeformat
 from django.views.decorators.csrf import csrf_exempt
-from constance import config
 
 from seaserv import seafile_api
 from seaserv import get_repo, send_message, get_commits, \
@@ -43,7 +42,6 @@ from seaserv import get_repo, send_message, get_commits, \
 from pysearpc import SearpcError
 
 from seahub.wopi.utils import get_wopi_dict
-from seahub.avatar.templatetags.group_avatar_tags import grp_avatar
 from seahub.auth.decorators import login_required
 from seahub.base.decorators import repo_passwd_set_required
 from seahub.share.models import FileShare, check_share_link_common
@@ -55,17 +53,20 @@ from seahub.utils import render_error, is_org_context, \
     render_permission_error, is_pro_version, is_textual_file, \
     mkstemp, EMPTY_SHA1, HtmlDiff, gen_inner_file_get_url, \
     user_traffic_over_limit, get_file_audit_events_by_path, \
-    generate_file_audit_event_type, FILE_AUDIT_ENABLED, gen_token, \
-    get_site_scheme_and_netloc, get_conf_text_ext
+    generate_file_audit_event_type, FILE_AUDIT_ENABLED, \
+    get_site_scheme_and_netloc, get_conf_text_ext, \
+    HAS_OFFICE_CONVERTER, FILEEXT_TYPE_MAP
+
 from seahub.utils.ip import get_remote_ip
 from seahub.utils.timeutils import utc_to_local
-from seahub.utils.file_types import (IMAGE, PDF, DOCUMENT, SPREADSHEET, AUDIO,
-                                     MARKDOWN, TEXT, VIDEO)
+from seahub.utils.file_types import (IMAGE, PDF,
+        DOCUMENT, SPREADSHEET, AUDIO, MARKDOWN, TEXT, VIDEO)
 from seahub.utils.star import is_file_starred
-from seahub.utils import HAS_OFFICE_CONVERTER, FILEEXT_TYPE_MAP
-from seahub.utils.http import json_response, int_param, BadRequestException, RequestForbbiddenException
-from seahub.views import check_folder_permission, check_file_lock, \
-    get_unencry_rw_repos_by_user
+from seahub.utils.http import json_response, int_param, \
+        BadRequestException, RequestForbbiddenException
+from seahub.utils.file_op import check_file_lock
+from seahub.views import check_folder_permission, \
+        get_unencry_rw_repos_by_user
 
 if HAS_OFFICE_CONVERTER:
     from seahub.utils import (
@@ -450,7 +451,11 @@ def _file_view(request, repo_id, path):
         raw_path, inner_path, user_perm = get_file_view_path_and_perm(
             request, repo_id, obj_id, path)
 
-    is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+    try:
+        is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+    except Exception as e:
+        logger.error(e)
+        is_locked, locked_by_me = False, False
 
     # check if use office web app to view/edit file
     if not repo.encrypted and ENABLE_OFFICE_WEB_APP:
@@ -1159,9 +1164,11 @@ def file_edit_submit(request, repo_id):
     if check_folder_permission(request, repo_id, parent_dir) != 'rw':
         return error_json(_(u'Permission denied'))
 
-    is_locked, locked_by_me = check_file_lock(repo_id, path, username)
-    if (is_locked, locked_by_me) == (None, None):
-        return error_json(_(u'Check file lock error'))
+    try:
+        is_locked, locked_by_me = check_file_lock(repo_id, path, username)
+    except Exception as e:
+        logger.error(e)
+        return error_json(_(u'Internal Server Error'))
 
     if is_locked and not locked_by_me:
         return error_json(_(u'File is locked'))
diff --git a/seahub/wopi/views.py b/seahub/wopi/views.py
index a6a1068bc8..d8fe2bfad9 100644
--- a/seahub/wopi/views.py
+++ b/seahub/wopi/views.py
@@ -19,9 +19,9 @@ from pysearpc import SearpcError
 from seaserv import seafile_api
 
 from seahub.base.accounts import User
-from seahub.views import check_file_lock
 from seahub.utils import gen_inner_file_get_url, \
     gen_file_upload_url, get_file_type_and_ext, is_pro_version
+from seahub.utils.file_op import check_file_lock
 from seahub.base.templatetags.seahub_tags import email2nickname
 
 from seahub.settings import SITE_ROOT
@@ -174,8 +174,15 @@ class WOPIFilesView(APIView):
 
         filename = os.path.basename(file_path)
         filetype, fileext = get_file_type_and_ext(filename)
-        is_locked, locked_by_me = check_file_lock(repo_id,
-                file_path, request_user)
+
+        try:
+            is_locked, locked_by_me = check_file_lock(repo_id,
+                    file_path, request_user)
+        except Exception as e:
+            logger.error(e)
+            return HttpResponse(json.dumps({}),
+                    status=500, content_type=json_content_type)
+
         perm = seafile_api.check_permission_by_path(repo_id,
                 file_path, request_user)
 
diff --git a/static/scripts/app/views/dir.js b/static/scripts/app/views/dir.js
index 0257fa590c..163813172b 100644
--- a/static/scripts/app/views/dir.js
+++ b/static/scripts/app/views/dir.js
@@ -1321,7 +1321,7 @@ define([
                                 error: function(xhr) {
                                     var err;
                                     if (xhr.responseText) {
-                                        err = $.parseJSON(xhr.responseText).error;
+                                        err = $.parseJSON(xhr.responseText).error||$.parseJSON(xhr.responseText).error_msg;
                                     } else {
                                         err = gettext("Failed. Please check the network.");
                                     }
diff --git a/static/scripts/app/views/dirent.js b/static/scripts/app/views/dirent.js
index 00fe12d7fd..8af7f10fab 100644
--- a/static/scripts/app/views/dirent.js
+++ b/static/scripts/app/views/dirent.js
@@ -281,7 +281,7 @@ define([
                 },
                 error: function(xhr) {
                     if (xhr.responseText) {
-                        Common.feedback($.parseJSON(xhr.responseText).error);
+                        Common.feedback($.parseJSON(xhr.responseText).error||$.parseJSON(xhr.responseText).error_msg, 'error');
                     } else {
                         Common.feedback(gettext("Please check the network."), 'error');
                     }