Backport of LFS File Locking API

11 files changed, 208 insertions, 3 deletions

diff --git a/app/controllers/concerns/lfs_request.rb b/app/controllers/concerns/lfs_request.rb
index 4311f9d4db9..5e4e8a87153 100644
--- a/app/controllers/concerns/lfs_request.rb
+++ b/app/controllers/concerns/lfs_request.rb
@@ -10,6 +10,8 @@
 module LfsRequest
   extend ActiveSupport::Concern
 
+  CONTENT_TYPE = 'application/vnd.git-lfs+json'.freeze
+
   included do
     before_action :require_lfs_enabled!
     before_action :lfs_check_access!
@@ -50,7 +52,7 @@ module LfsRequest
         message: 'Access forbidden. Check your access level.',
         documentation_url: help_url
       },
-      content_type: "application/vnd.git-lfs+json",
+      content_type: CONTENT_TYPE,
       status: 403
     )
   end
@@ -61,7 +63,7 @@ module LfsRequest
         message: 'Not found.',
         documentation_url: help_url
       },
-      content_type: "application/vnd.git-lfs+json",
+      content_type: CONTENT_TYPE,
       status: 404
     )
   end
diff --git a/app/controllers/projects/lfs_api_controller.rb b/app/controllers/projects/lfs_api_controller.rb
index 536f908d2c5..c77f10ef1dd 100644
--- a/app/controllers/projects/lfs_api_controller.rb
+++ b/app/controllers/projects/lfs_api_controller.rb
@@ -98,7 +98,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController
         json: {
           message: lfs_read_only_message
         },
-        content_type: 'application/vnd.git-lfs+json',
+        content_type: LfsRequest::CONTENT_TYPE,
         status: 403
       )
     end
diff --git a/app/controllers/projects/lfs_locks_api_controller.rb b/app/controllers/projects/lfs_locks_api_controller.rb
new file mode 100644
index 00000000000..3fff0fd69ae
--- /dev/null
+++ b/app/controllers/projects/lfs_locks_api_controller.rb
@@ -0,0 +1,70 @@
+class Projects::LfsLocksApiController < Projects::GitHttpClientController
+  include LfsRequest
+
+  def create
+    @result = Lfs::LockFileService.new(project, user, params).execute
+
+    render_json(@result[:lock])
+  end
+
+  def unlock
+    @result = Lfs::UnlockFileService.new(project, user, params).execute
+
+    render_json(@result[:lock])
+  end
+
+  def index
+    @result = Lfs::LocksFinderService.new(project, user, params).execute
+
+    render_json(@result[:locks])
+  end
+
+  def verify
+    @result = Lfs::LocksFinderService.new(project, user, {}).execute
+
+    ours, theirs = split_by_owner(@result[:locks])
+
+    render_json({ ours: ours, theirs: theirs }, false)
+  end
+
+  private
+
+  def render_json(data, process = true)
+    render json: build_payload(data, process),
+           content_type: LfsRequest::CONTENT_TYPE,
+           status: @result[:http_status]
+  end
+
+  def build_payload(data, process)
+    data = LfsFileLockSerializer.new.represent(data) if process
+
+    return data if @result[:status] == :success
+
+    # When the locking failed due to an existent Lock, the existent record
+    # is returned in `@result[:lock]`
+    error_payload(@result[:message], @result[:lock] ? data : {})
+  end
+
+  def error_payload(message, custom_attrs = {})
+    custom_attrs.merge({
+      message: message,
+      documentation_url: help_url
+    })
+  end
+
+  def split_by_owner(locks)
+    groups = locks.partition { |lock| lock.user_id == user.id }
+
+    groups.map! do |records|
+      LfsFileLockSerializer.new.represent(records, root: false)
+    end
+  end
+
+  def download_request?
+    params[:action] == 'index'
+  end
+
+  def upload_request?
+    %w(create unlock verify).include?(params[:action])
+  end
+end
diff --git a/app/models/lfs_file_lock.rb b/app/models/lfs_file_lock.rb
new file mode 100644
index 00000000000..50bb6ca382d
--- /dev/null
+++ b/app/models/lfs_file_lock.rb
@@ -0,0 +1,12 @@
+class LfsFileLock < ActiveRecord::Base
+  belongs_to :project
+  belongs_to :user
+
+  validates :project_id, :user_id, :path, presence: true
+
+  def can_be_unlocked_by?(current_user, forced = false)
+    return true if current_user.id == user_id
+
+    forced && current_user.can?(:admin_project, project)
+  end
+end
diff --git a/app/models/project.rb b/app/models/project.rb
index fd8917467e9..0590cc1c720 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -179,6 +179,7 @@ class Project < ActiveRecord::Base
   has_many :releases
   has_many :lfs_objects_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
   has_many :lfs_objects, through: :lfs_objects_projects
+  has_many :lfs_file_locks
   has_many :project_group_links
   has_many :invited_groups, through: :project_group_links, source: :group
   has_many :pages_domains
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 3d6f8f0c305..1cf55fd4332 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -164,6 +164,13 @@ class Repository
     commits
   end
 
+  # Returns a list of commits that are not present in any reference
+  def new_commits(newrev)
+    refs = ::Gitlab::Git::RevList.new(raw, newrev: newrev).new_refs
+
+    refs.map { |sha| commit(sha.strip) }
+  end
+
   # Gitaly migration: https://gitlab.com/gitlab-org/gitaly/issues/384
   def find_commits_by_message(query, ref = nil, path = nil, limit = 1000, offset = 0)
     unless exists? && has_visible_content? && query.present?
diff --git a/app/serializers/lfs_file_lock_entity.rb b/app/serializers/lfs_file_lock_entity.rb
new file mode 100644
index 00000000000..264a77adc3f
--- /dev/null
+++ b/app/serializers/lfs_file_lock_entity.rb
@@ -0,0 +1,11 @@
+class LfsFileLockEntity < Grape::Entity
+  root 'locks', 'lock'
+
+  expose :path
+  expose(:id) { |entity| entity.id.to_s }
+  expose(:created_at, as: :locked_at) { |entity| entity.created_at.to_s(:iso8601) }
+
+  expose :owner do
+    expose(:name) { |entity| entity.user&.name }
+  end
+end
diff --git a/app/serializers/lfs_file_lock_serializer.rb b/app/serializers/lfs_file_lock_serializer.rb
new file mode 100644
index 00000000000..ba8fb1a461d
--- /dev/null
+++ b/app/serializers/lfs_file_lock_serializer.rb
@@ -0,0 +1,3 @@
+class LfsFileLockSerializer < BaseSerializer
+  entity LfsFileLockEntity
+end
diff --git a/app/services/lfs/lock_file_service.rb b/app/services/lfs/lock_file_service.rb
new file mode 100644
index 00000000000..bbe10f84ef4
--- /dev/null
+++ b/app/services/lfs/lock_file_service.rb
@@ -0,0 +1,39 @@
+module Lfs
+  class LockFileService < BaseService
+    def execute
+      unless can?(current_user, :push_code, project)
+        raise Gitlab::GitAccess::UnauthorizedError, 'You have no permissions'
+      end
+
+      create_lock!
+    rescue ActiveRecord::RecordNotUnique
+      error('already locked', 409, current_lock)
+    rescue Gitlab::GitAccess::UnauthorizedError => ex
+      error(ex.message, 403)
+    rescue => ex
+      error(ex.message, 500)
+    end
+
+    private
+
+    def current_lock
+      project.lfs_file_locks.find_by(path: params[:path])
+    end
+
+    def create_lock!
+      lock = project.lfs_file_locks.create!(user: current_user,
+                                            path: params[:path])
+
+      success(http_status: 201, lock: lock)
+    end
+
+    def error(message, http_status, lock = nil)
+      {
+        status: :error,
+        message: message,
+        http_status: http_status,
+        lock: lock
+      }
+    end
+  end
+end
diff --git a/app/services/lfs/locks_finder_service.rb b/app/services/lfs/locks_finder_service.rb
new file mode 100644
index 00000000000..13c6cc6f81c
--- /dev/null
+++ b/app/services/lfs/locks_finder_service.rb
@@ -0,0 +1,17 @@
+module Lfs
+  class LocksFinderService < BaseService
+    def execute
+      success(locks: find_locks)
+    rescue => ex
+      error(ex.message, 500)
+    end
+
+    private
+
+    def find_locks
+      options = params.slice(:id, :path).compact.symbolize_keys
+
+      project.lfs_file_locks.where(options)
+    end
+  end
+end
diff --git a/app/services/lfs/unlock_file_service.rb b/app/services/lfs/unlock_file_service.rb
new file mode 100644
index 00000000000..6c93dc69bb0
--- /dev/null
+++ b/app/services/lfs/unlock_file_service.rb
@@ -0,0 +1,43 @@
+module Lfs
+  class UnlockFileService < BaseService
+    def execute
+      unless can?(current_user, :push_code, project)
+        raise Gitlab::GitAccess::UnauthorizedError, 'You have no permissions'
+      end
+
+      unlock_file
+    rescue Gitlab::GitAccess::UnauthorizedError => ex
+      error(ex.message, 403)
+    rescue ActiveRecord::RecordNotFound
+      error('Lock not found', 404)
+    rescue => ex
+      error(ex.message, 500)
+    end
+
+    private
+
+    def unlock_file
+      forced = params[:force] == true
+
+      if lock.can_be_unlocked_by?(current_user, forced)
+        lock.destroy!
+
+        success(lock: lock, http_status: :ok)
+      elsif forced
+        error('You must have master access to force delete a lock', 403)
+      else
+        error("#{lock.path} is locked by GitLab User #{lock.user_id}", 403)
+      end
+    end
+
+    def lock
+      return @lock if defined?(@lock)
+
+      @lock = if params[:id].present?
+                project.lfs_file_locks.find(params[:id])
+              elsif params[:path].present?
+                project.lfs_file_locks.find_by!(path: params[:path])
+              end
+    end
+  end
+end