Lock: do not allow lock/unlock of items locked by another user

1 files changed, 28 insertions, 6 deletions

diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index c663eccbc..db0d3631b 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -2113,11 +2113,17 @@ class AlertList(JSONResponseMixin, LoginRequiredMixin,
 class QANotAvailable(IshtarMixin, LoginRequiredMixin, TemplateView):
     template_name = 'ishtar/forms/qa_message.html'
     modal_size = "small"
+    contexts = {"locked-by-others": _("Some items have been locked by other "
+                                      "user")}
 
     def get_context_data(self, **kwargs):
         data = super(QANotAvailable, self).get_context_data(**kwargs)
         data["page_name"] = _("Not available")
         data['message'] = _("Action not available for these items.")
+        if self.kwargs.get("context"):
+            context = self.kwargs.get("context")
+            if context in self.contexts:
+                data["message"] += " {}".format(self.contexts[context])
         return data
 
 
@@ -2134,7 +2140,7 @@ class QAItemForm(IshtarMixin, LoginRequiredMixin, FormView):
         # if not listed in QUICK_ACTIONS overload this method
         return self.model.get_quick_action_by_url(self.base_url)
 
-    def dispatch(self, request, *args, **kwargs):
+    def pre_dispatch(self, request, *args, **kwargs):
         assert self.model
         pks = [int(pk) for pk in kwargs.get('pks').split('-')]
         self.items = list(self.model.objects.filter(pk__in=pks))
@@ -2151,6 +2157,11 @@ class QAItemForm(IshtarMixin, LoginRequiredMixin, FormView):
                     raise Http404()
 
         self.url = request.get_full_path()
+
+    def dispatch(self, request, *args, **kwargs):
+        redirected = self.pre_dispatch(request, *args, **kwargs)
+        if redirected:
+            return redirected
         return super(QAItemForm, self).dispatch(request, *args, **kwargs)
 
     def get_form_kwargs(self):
@@ -2175,15 +2186,18 @@ class QAItemEditForm(QAItemForm):
     def get_quick_action(self):
         return self.model.QA_EDIT
 
-    def dispatch(self, request, *args, **kwargs):
+    def pre_dispatch(self, request, *args, **kwargs):
         self.confirm = kwargs.get('confirm', False) and True
-        returned = super(QAItemEditForm, self).dispatch(request, *args,
-                                                        **kwargs)
+        redirected = super(QAItemEditForm, self).pre_dispatch(
+            request, *args, **kwargs)
+        if redirected:
+            return redirected
         if hasattr(self.model, "locked"):
             for item in self.items:
                 if item.locked:
-                    return HttpResponseRedirect(reverse("qa-not-available"))
-        return returned
+                    redirected = HttpResponseRedirect(
+                        reverse("qa-not-available"))
+        return redirected
 
     def get_form_class(self):
         if len(self.items) > 1 and self.form_class_multi:
@@ -2222,6 +2236,14 @@ class QABaseLockView(QAItemForm):
     form_class = forms.QALockForm
     page_name = _("lock/unlock")
 
+    def pre_dispatch(self, request, *args, **kwargs):
+        super(QABaseLockView, self).pre_dispatch(
+            request, *args, **kwargs)
+        if [True for item in self.items
+                if item.lock_user and item.lock_user != request.user]:
+            url = reverse("qa-not-available", args=["locked-by-others"])
+            return HttpResponseRedirect(url)
+
     def form_valid(self, form):
         form.save(self.items, self.request.user)
         return HttpResponseRedirect(reverse("success"))