Add endpoint for acquiring a submission lock; do not automatically lock when getting submission

Author: pkalita-lbl

nmdc_server/api.py

@@ -649,10 +649,10 @@ async def get_submission(
     db: Session = Depends(get_db),
     user: models.User = Depends(get_current_user),
 ):
-    submission = db.query(SubmissionMetadata).get(id)
+    submission: Optional[models.SubmissionMetadata] = db.query(SubmissionMetadata).get(id)
     if submission is None:
         raise HTTPException(status_code=404, detail="Submission not found")
-    _ = crud.try_get_submission_lock(db, submission.id, user.id)
+
     if user.is_admin or crud.can_read_submission(db, id, user.orcid):
         permission_level = None
         if user.is_admin or user.orcid in submission.owners:
@@ -663,16 +663,19 @@ async def get_submission(
             permission_level = models.SubmissionEditorRole.metadata_contributor.value
         elif user.orcid in submission.viewers:
             permission_level = models.SubmissionEditorRole.viewer.value
-        return schemas_submission.SubmissionMetadataSchema(
+        submission_metadata_schema = schemas_submission.SubmissionMetadataSchema(
             status=submission.status,
             id=submission.id,
             metadata_submission=submission.metadata_submission,
             author_orcid=submission.author_orcid,
             created=submission.created,
             author=schemas.User(**submission.author.__dict__),
-            locked_by=schemas.User(**submission.locked_by.__dict__),
             permission_level=permission_level,
         )
+        if submission.locked_by is not None:
+            submission_metadata_schema.locked_by = schemas.User(**submission.locked_by.__dict__)
+        return submission_metadata_schema
+
     raise HTTPException(status_code=403, detail="Must have access.")
 
 
@@ -862,22 +865,63 @@ async def delete_submission(
     return Response(status_code=status.HTTP_204_NO_CONTENT)
 
 
+@router.put("/metadata_submission/{id}/lock")
+async def lock_submission(
+    response: Response,
+    id: str,
+    db: Session = Depends(get_db),
+    user: models.User = Depends(get_current_user),
+) -> schemas.LockOperationResult:
+    submission: Optional[SubmissionMetadata] = db.query(SubmissionMetadata).get(id)
+    if not submission:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Submission not found")
+
+    # Attempt to acquire the lock
+    lock_acquired = crud.try_get_submission_lock(db, submission.id, user.id)
+    if lock_acquired:
+        return schemas.LockOperationResult(
+            success=True,
+            message=f"Lock successfully acquired for submission with ID {id}.",
+            locked_by=submission.locked_by,
+            lock_updated=submission.lock_updated,
+        )
+    else:
+        response.status_code = status.HTTP_409_CONFLICT
+        return schemas.LockOperationResult(
+            success=False,
+            message="This submission is currently locked by a different user.",
+            locked_by=submission.locked_by,
+            lock_updated=submission.lock_updated,
+        )
+
+
 @router.put("/metadata_submission/{id}/unlock")
 async def unlock_submission(
-    id: str, db: Session = Depends(get_db), user: models.User = Depends(get_current_user)
-) -> str:
+    response: Response,
+    id: str,
+    db: Session = Depends(get_db),
+    user: models.User = Depends(get_current_user),
+) -> schemas.LockOperationResult:
     submission = db.query(SubmissionMetadata).get(id)
     if not submission:
-        raise HTTPException(status_code=404, detail="Submission not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Submission not found")
+
     # Then verify session user has the lock
     has_lock = crud.try_get_submission_lock(db, submission.id, user.id)
     if not has_lock:
-        raise HTTPException(
-            status_code=400, detail="This submission is currently being edited by a different user."
+        response.status_code = status.HTTP_409_CONFLICT
+        return schemas.LockOperationResult(
+            success=False,
+            message="This submission is currently locked by a different user.",
+            locked_by=submission.locked_by,
+            lock_updated=submission.lock_updated,
         )
     else:
         crud.release_submission_lock(db, submission.id)
-        return f"Submission lock released successfully for submission with ID {id}"
+        return schemas.LockOperationResult(
+            success=True,
+            message=f"Submission lock released successfully for submission with ID {id}",
+        )
 
 
 @router.post(

nmdc_server/schemas.py

@@ -658,3 +658,10 @@ class User(BaseModel):
 
     class Config:
         orm_mode = True
+
+
+class LockOperationResult(BaseModel):
+    success: bool
+    message: str
+    locked_by: Optional[User]
+    lock_updated: Optional[datetime]

tests/test_submission.py

@@ -27,6 +27,122 @@ def test_list_submissions(db: Session, client: TestClient, logged_in_user):
     assert response.json()["results"][0]["id"] == str(submission.id)
 
 
+def test_obtain_submission_lock(db: Session, client: TestClient, logged_in_user):
+    submission = fakes.MetadataSubmissionFactory(
+        author=logged_in_user, author_orcid=logged_in_user.orcid
+    )
+    fakes.SubmissionRoleFactory(
+        submission=submission,
+        submission_id=submission.id,
+        user_orcid=logged_in_user.orcid,
+        role=SubmissionEditorRole.owner,
+    )
+    db.commit()
+
+    # Should be able to successfully GET this submission and the lock should not be set
+    response = client.request(method="get", url=f"/api/metadata_submission/{submission.id}")
+    assert response.status_code == 200
+    body = response.json()
+    assert body.get("locked_by") is None
+
+    # Attempt to acquire the lock
+    response = client.request(method="put", url=f"/api/metadata_submission/{submission.id}/lock")
+    assert response.status_code == 200
+    body = response.json()
+    assert body["success"] is True
+    assert body["locked_by"]["id"] == str(logged_in_user.id)
+
+    # Verify that the lock is set
+    response = client.request(method="get", url=f"/api/metadata_submission/{submission.id}")
+    assert response.status_code == 200
+    body = response.json()
+    assert body["locked_by"]["id"] == str(logged_in_user.id)
+
+
+def test_cannot_acquire_lock_on_locked_submission(db: Session, client: TestClient, logged_in_user):
+    locking_user = fakes.UserFactory()
+    submission = fakes.MetadataSubmissionFactory(
+        author=logged_in_user,
+        author_orcid=logged_in_user.orcid,
+        locked_by=locking_user,
+        lock_updated=datetime.utcnow(),
+    )
+    fakes.SubmissionRoleFactory(
+        submission=submission,
+        submission_id=submission.id,
+        user_orcid=logged_in_user.orcid,
+        role=SubmissionEditorRole.owner,
+    )
+    db.commit()
+
+    # Attempt to acquire the lock, verify that it fails and reports the current lock holder
+    response = client.request(method="put", url=f"/api/metadata_submission/{submission.id}/lock")
+    assert response.status_code == 409
+    body = response.json()
+    assert body["success"] is False
+    assert body["locked_by"]["id"] == str(locking_user.id)
+
+
+def test_release_submission_lock(db: Session, client: TestClient, logged_in_user):
+    submission = fakes.MetadataSubmissionFactory(
+        author=logged_in_user,
+        author_orcid=logged_in_user.orcid,
+        locked_by=logged_in_user,
+        lock_updated=datetime.utcnow(),
+    )
+    fakes.SubmissionRoleFactory(
+        submission=submission,
+        submission_id=submission.id,
+        user_orcid=logged_in_user.orcid,
+        role=SubmissionEditorRole.owner,
+    )
+    db.commit()
+
+    # Verify that the lock is set
+    response = client.request(method="get", url=f"/api/metadata_submission/{submission.id}")
+    assert response.status_code == 200
+    body = response.json()
+    assert body["locked_by"]["id"] == str(logged_in_user.id)
+
+    # Release the lock
+    response = client.request(method="put", url=f"/api/metadata_submission/{submission.id}/unlock")
+    assert response.status_code == 200
+    body = response.json()
+    assert body["success"] is True
+
+    # Verify that the lock is released
+    response = client.request(method="get", url=f"/api/metadata_submission/{submission.id}")
+    assert response.status_code == 200
+    body = response.json()
+    assert body["locked_by"] is None
+
+
+def test_cannot_release_other_users_submission_lock(
+    db: Session, client: TestClient, logged_in_user
+):
+    locking_user = fakes.UserFactory()
+    submission = fakes.MetadataSubmissionFactory(
+        author=logged_in_user,
+        author_orcid=logged_in_user.orcid,
+        locked_by=locking_user,
+        lock_updated=datetime.utcnow(),
+    )
+    fakes.SubmissionRoleFactory(
+        submission=submission,
+        submission_id=submission.id,
+        user_orcid=logged_in_user.orcid,
+        role=SubmissionEditorRole.owner,
+    )
+    db.commit()
+
+    # Attempt to release the lock, verify that it fails
+    response = client.request(method="put", url=f"/api/metadata_submission/{submission.id}/unlock")
+    assert response.status_code == 409
+    body = response.json()
+    assert body["success"] is False
+    assert body["locked_by"]["id"] == str(locking_user.id)
+
+
 def test_try_edit_locked_submission(db: Session, client: TestClient, logged_in_user):
     # Locked by a random user at utcnow by default
     submission = fakes.MetadataSubmissionFactory(