3 files changed, 79 insertions, 8 deletions

diff --git a/archaeological_operations/tests.py b/archaeological_operations/tests.py
index b3eac54d3..72cecee95 100644
--- a/archaeological_operations/tests.py
+++ b/archaeological_operations/tests.py
@@ -3167,6 +3167,14 @@ class OperationQATest(OperationInitTest, TestCase):
             self.assertEqual(ope.locked, True)
             self.assertEqual(ope.lock_user, self.user)
 
+        response = c.post(url, {"action": "unlock"})
+        if response.status_code != 200:
+            self.assertRedirects(response, '/success/')
+        for ope in (op0, op1):
+            ope = models.Operation.objects.get(pk=ope.pk)
+            self.assertEqual(ope.locked, False)
+            self.assertEqual(ope.lock_user, None)
+
         c = Client()
         c.login(username=self.alt_username, password=self.alt_password)
         response = c.get(reverse('operation-qa-lock', args=[pks]))
@@ -3180,6 +3188,35 @@ class OperationQATest(OperationInitTest, TestCase):
             self.assertEqual(ope.locked, True)
             self.assertEqual(ope.lock_user, self.alt_user)
 
+        response = c.post(url, {"action": "unlock"})
+        if response.status_code != 200:
+            self.assertRedirects(response, '/success/')
+        for ope in (op0, op1):
+            ope = models.Operation.objects.get(pk=ope.pk)
+            self.assertEqual(ope.locked, False)
+            self.assertEqual(ope.lock_user, None)
+
+        # one item lock by another user
+        op0 = models.Operation.objects.get(pk=op0.pk)
+        op0.locked = True
+        op0.lock_user = self.user
+        op0.save()
+        op1 = models.Operation.objects.get(pk=op1.pk)
+        op1.locked = True
+        op1.lock_user = self.alt_user
+        op1.save()
+
+        response = c.post(url, {"action": "unlock"})
+        self.assertRedirects(response, '/qa-not-available/locked-by-others/')
+
+        op0 = models.Operation.objects.get(pk=op0.pk)
+        self.assertEqual(op0.locked, True)
+        self.assertEqual(op0.lock_user, self.user)
+
+        op1 = models.Operation.objects.get(pk=op1.pk)
+        self.assertEqual(op1.locked, True)
+        self.assertEqual(op1.lock_user, self.alt_user)
+
     def test_bulk_update(self):
         c = Client()
         pks = u"{}-{}".format(self.operations[0].pk, self.operations[1].pk)
@@ -3232,6 +3269,18 @@ class OperationQATest(OperationInitTest, TestCase):
             operation_type
         )
 
+        # one item lock by another user
+        op0 = models.Operation.objects.get(pk=self.operations[0].pk)
+        op0.locked = True
+        op0.lock_user = self.user
+        op0.save()
+
+        response = c.post(
+            reverse('operation-qa-bulk-update-confirm', args=[pks]),
+            {'qa_operation_type': operation_type.pk}
+        )
+        self.assertRedirects(response, '/qa-not-available/')
+
 
 class DocumentQATest(OperationInitTest, TestCase):
     fixtures = OPERATION_FIXTURES
diff --git a/ishtar_common/urls.py b/ishtar_common/urls.py
index 13694b10f..b8ccb5172 100644
--- a/ishtar_common/urls.py
+++ b/ishtar_common/urls.py
@@ -292,8 +292,8 @@ urlpatterns += [
             views.QADocumentForm.as_view()),
         name='document-qa-bulk-update-confirm', kwargs={"confirm": True}),
 
-    url(r'^qa-not-available/$', views.QANotAvailable.as_view(),
-        name='qa-not-available'),
+    url(r'^qa-not-available(?:/(?P<context>[0-9a-z-]+))?/$',
+        views.QANotAvailable.as_view(), name='qa-not-available'),
 ]
 
 urlpatterns += get_urls_for_model(models.Document, views)
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index c663eccbc..db0d3631b 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -2113,11 +2113,17 @@ class AlertList(JSONResponseMixin, LoginRequiredMixin,
 class QANotAvailable(IshtarMixin, LoginRequiredMixin, TemplateView):
     template_name = 'ishtar/forms/qa_message.html'
     modal_size = "small"
+    contexts = {"locked-by-others": _("Some items have been locked by other "
+                                      "user")}
 
     def get_context_data(self, **kwargs):
         data = super(QANotAvailable, self).get_context_data(**kwargs)
         data["page_name"] = _("Not available")
         data['message'] = _("Action not available for these items.")
+        if self.kwargs.get("context"):
+            context = self.kwargs.get("context")
+            if context in self.contexts:
+                data["message"] += " {}".format(self.contexts[context])
         return data
 
 
@@ -2134,7 +2140,7 @@ class QAItemForm(IshtarMixin, LoginRequiredMixin, FormView):
         # if not listed in QUICK_ACTIONS overload this method
         return self.model.get_quick_action_by_url(self.base_url)
 
-    def dispatch(self, request, *args, **kwargs):
+    def pre_dispatch(self, request, *args, **kwargs):
         assert self.model
         pks = [int(pk) for pk in kwargs.get('pks').split('-')]
         self.items = list(self.model.objects.filter(pk__in=pks))
@@ -2151,6 +2157,11 @@ class QAItemForm(IshtarMixin, LoginRequiredMixin, FormView):
                     raise Http404()
 
         self.url = request.get_full_path()
+
+    def dispatch(self, request, *args, **kwargs):
+        redirected = self.pre_dispatch(request, *args, **kwargs)
+        if redirected:
+            return redirected
         return super(QAItemForm, self).dispatch(request, *args, **kwargs)
 
     def get_form_kwargs(self):
@@ -2175,15 +2186,18 @@ class QAItemEditForm(QAItemForm):
     def get_quick_action(self):
         return self.model.QA_EDIT
 
-    def dispatch(self, request, *args, **kwargs):
+    def pre_dispatch(self, request, *args, **kwargs):
         self.confirm = kwargs.get('confirm', False) and True
-        returned = super(QAItemEditForm, self).dispatch(request, *args,
-                                                        **kwargs)
+        redirected = super(QAItemEditForm, self).pre_dispatch(
+            request, *args, **kwargs)
+        if redirected:
+            return redirected
         if hasattr(self.model, "locked"):
             for item in self.items:
                 if item.locked:
-                    return HttpResponseRedirect(reverse("qa-not-available"))
-        return returned
+                    redirected = HttpResponseRedirect(
+                        reverse("qa-not-available"))
+        return redirected
 
     def get_form_class(self):
         if len(self.items) > 1 and self.form_class_multi:
@@ -2222,6 +2236,14 @@ class QABaseLockView(QAItemForm):
     form_class = forms.QALockForm
     page_name = _("lock/unlock")
 
+    def pre_dispatch(self, request, *args, **kwargs):
+        super(QABaseLockView, self).pre_dispatch(
+            request, *args, **kwargs)
+        if [True for item in self.items
+                if item.lock_user and item.lock_user != request.user]:
+            url = reverse("qa-not-available", args=["locked-by-others"])
+            return HttpResponseRedirect(url)
+
     def form_valid(self, form):
         form.save(self.items, self.request.user)
         return HttpResponseRedirect(reverse("success"))