feat: add form locking mechanism

Chartman123 · Chartman123 · commit fc37acbb7c43 · 2025-05-12T00:46:03.000+02:00
- Implemented form locking functionality to prevent concurrent edits.
- Updated API responses to include `lockedBy` and `lockedUntil` fields.
- Enhanced permission checks to ensure only the form owner can transfer ownership.
- Revised documentation to reflect changes in form data structure and API behavior.

Signed-off-by: Christian Hartmann &lt;chris-hartmann@gmx.de&gt;
diff --git a/docs/API_v3.md b/docs/API_v3.md
@@ -90,7 +90,9 @@ Returns condensed objects of all Forms beeing owned by the authenticated user.
       "submit"
     ],
     "partial": true,
-    "state": 0
+    "state": 0,
+    "lockedBy": null,
+    "lockedUntil": null
   },
   {
     "id": 3,
@@ -103,7 +105,9 @@ Returns condensed objects of all Forms beeing owned by the authenticated user.
       "submit"
     ],
     "partial": true,
-    "state": 0
+    "state": 0,
+    "lockedBy": "someUser"
+    "lockedUntil": 123456789
   }
 ]
 ```
@@ -166,6 +170,8 @@ Returns the full-depth object of the requested form (without submissions).
   "showExpiration": false,
   "canSubmit": true,
   "state": 0,
+  "lockedBy": null,
+  "lockedUntil": null,
   "permissions": [
     "edit",
     "results",
diff --git a/docs/DataStructure.md b/docs/DataStructure.md
@@ -26,6 +26,8 @@ This document describes the Object-Structure, that is used within the Forms App
 | expires              | unix-timestamp                       |                                         | When the form should expire. Timestamp `0` indicates _never_                                                                     |
 | isAnonymous          | Boolean                              |                                         | If Answers will be stored anonymously                                                                                            |
 | state                | Integer                              | [Form state](#form-state)               | The state of the form                                                                                                            |
+| lockedBy             | String                               |                                         | The user ID for who has exclusive edit access at the moment                                                                      |
+| lockedUntil          | unix timestamp                       |                                         | When the form lock will expire                                                                                                   |
 | submitMultiple       | Boolean                              |                                         | If users are allowed to submit multiple times to the form                                                                        |
 | allowEditSubmissions | Boolean                              |                                         | If users are allowed to edit or delete their response                                                                            |
 | showExpiration       | Boolean                              |                                         | If the expiration date will be shown on the form                                                                                 |
@@ -57,6 +59,8 @@ This document describes the Object-Structure, that is used within the Forms App
   ],
   "questions": [],
   "state": 0,
+  "lockedBy": null,
+  "lockedUntil": null,
   "shares": []
   "submissions": [],
 }
diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php
@@ -267,7 +267,8 @@ public function updateForm(int $formId, array $keyValuePairs): DataResponse {
 			'keyValuePairs' => $keyValuePairs
 		]);
 
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
 
 		// Don't allow empty array
 		if (sizeof($keyValuePairs) === 0) {
@@ -277,6 +278,12 @@ public function updateForm(int $formId, array $keyValuePairs): DataResponse {
 
 		// Process owner transfer
 		if (sizeof($keyValuePairs) === 1 && key_exists('ownerId', $keyValuePairs)) {
+			// Only allow owner transfer if current user is the form owner
+			if ($this->currentUser->getUID() !== $form->getOwnerId()) {
+				$this->logger->debug('Only the form owner can transfer ownership');
+				throw new OCSForbiddenException('Only the form owner can transfer ownership');
+			}
+
 			$this->logger->debug('Updating owner: formId: {formId}, userId: {uid}', [
 				'formId' => $formId,
 				'uid' => $keyValuePairs['ownerId']
@@ -477,7 +484,9 @@ public function getQuestion(int $formId, int $questionId): DataResponse {
 	#[BruteForceProtection(action: 'form')]
 	#[ApiRoute(verb: 'POST', url: '/api/v3/forms/{formId}/questions')]
 	public function newQuestion(int $formId, ?string $type = null, string $text = '', ?int $fromId = null): DataResponse {
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -608,7 +617,9 @@ public function updateQuestion(int $formId, int $questionId, array $keyValuePair
 
 		// Make sure we query the form first to check the user has permissions
 		// So the user does not get information about "questions" if they do not even have permissions to the form
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -682,7 +693,9 @@ public function deleteQuestion(int $formId, int $questionId): DataResponse {
 		]);
 
 
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -748,7 +761,9 @@ public function reorderQuestions(int $formId, array $newOrder): DataResponse {
 			'newOrder' => $newOrder
 		]);
 
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -847,7 +862,9 @@ public function newOption(int $formId, int $questionId, array $optionTexts): Dat
 			'text' => $optionTexts,
 		]);
 
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -929,7 +946,9 @@ public function updateOption(int $formId, int $questionId, int $optionId, array
 			'keyValuePairs' => $keyValuePairs
 		]);
 
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -996,7 +1015,9 @@ public function deleteOption(int $formId, int $questionId, int $optionId): DataR
 			'optionId' => $optionId
 		]);
 
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -1052,7 +1073,9 @@ public function deleteOption(int $formId, int $questionId, int $optionId): DataR
 	#[BruteForceProtection(action: 'form')]
 	#[ApiRoute(verb: 'PATCH', url: '/api/v3/forms/{formId}/questions/{questionId}/options')]
 	public function reorderOptions(int $formId, int $questionId, array $newOrder) {
-		$form = $this->getFormIfAllowed($formId);
+		$form = $this->getFormIfAllowed($formId, Constants::PERMISSION_EDIT);
+		$this->obtainFormLock($form);
+
 		if ($this->formsService->isFormArchived($form)) {
 			$this->logger->debug('This form is archived and can not be modified');
 			throw new OCSForbiddenException('This form is archived and can not be modified');
@@ -1790,6 +1813,12 @@ private function getFormIfAllowed(int $formId, string $permissions = 'all'): For
 					throw new NoSuchFormException('This form is not owned by the current user and user has no `results_delete` permission', Http::STATUS_FORBIDDEN);
 				}
 				break;
+			case Constants::PERMISSION_EDIT:
+				if (!$this->formsService->canEditForm($form)) {
+					$this->logger->debug('This form is not owned by the current user and user has no `edit` permission');
+					throw new NoSuchFormException('This form is not owned by the current user and user has no `edit` permission', Http::STATUS_FORBIDDEN);
+				}
+				break;
 			default:
 				// By default we request full permissions
 				if ($form->getOwnerId() !== $this->currentUser->getUID()) {
@@ -1800,4 +1829,23 @@ private function getFormIfAllowed(int $formId, string $permissions = 'all'): For
 		}
 		return $form;
 	}
+
+	/**
+	 * Locks the given form for the current user for a duration of 15 minutes.
+	 *
+	 * @param Form $form The form instance to lock.
+	 */
+	private function obtainFormLock(Form $form): void {
+		// Only lock if not locked or locked by current user, or lock has expired
+		if (
+			$form->getLockedBy() === null ||
+			$form->getLockedBy() === $this->currentUser->getUID() ||
+			$form->getLockedUntil() < time()
+		) {
+			$form->setLockedBy($this->currentUser->getUID());
+			$form->setLockedUntil(time() + 15 * 60);
+		} else {
+			throw new OCSForbiddenException('Form is currently locked by another user.');
+		}
+	}
 }
diff --git a/lib/Db/Form.php b/lib/Db/Form.php
@@ -47,6 +47,10 @@
  * @psalm-method 0|1|2 getState()
  * @method void setState(int|null $value)
  * @psalm-method void setState(0|1|2|null $value)
+ * @method string getLockedBy()
+ * @method void setLockedBy(string $value)
+ * @method int getLockedUntil()
+ * @method void setLockedUntil(int $value)
  */
 class Form extends Entity {
 	protected $hash;
@@ -65,6 +69,8 @@ class Form extends Entity {
 	protected $submissionMessage;
 	protected $lastUpdated;
 	protected $state;
+	protected $lockedBy;
+	protected $lockedUntil;
 
 	/**
 	 * Form constructor.
@@ -149,6 +155,8 @@ public function setAccess(array $access): void {
 	 *   lastUpdated: int,
 	 *   submissionMessage: ?string,
 	 *   state: 0|1|2,
+	 *   locked_by: ?string,
+	 *   locked_until: ?int,
 	 *  }
 	 */
 	public function read() {
@@ -170,6 +178,8 @@ public function read() {
 			'lastUpdated' => (int)$this->getLastUpdated(),
 			'submissionMessage' => $this->getSubmissionMessage(),
 			'state' => $this->getState(),
+			'locked_by' => $this->getLockedBy(),
+			'locked_until' => $this->getLockedUntil(),
 		];
 	}
 }
diff --git a/lib/Migration/Version050200Date20250512004000.php b/lib/Migration/Version050200Date20250512004000.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Forms\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\Types;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version050200Date20250512004000 extends SimpleMigrationStep {
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+		$table = $schema->getTable('forms_v2_forms');
+
+		if (!$table->hasColumn('locked_by')) {
+			$table->addColumn('locked_by', Types::STRING, [
+				'notnull' => false,
+				'default' => null,
+			]);
+		}
+
+		if (!$table->hascolumn('locked_until')) {
+			$table->addColumn('locked_until', Types::INTEGER, [
+				'notnull' => false,
+				'default' => null,
+				'comment' => 'unix-timestamp',
+			]);
+		}
+
+		return $schema;
+	}
+}
diff --git a/lib/ResponseDefinitions.php b/lib/ResponseDefinitions.php
@@ -117,7 +117,7 @@
  *   expires: int,
  *   fileFormat: ?string,
  *   fileId: ?int,
- *   filePath?: ?string,
+ *   filePath?: string,
  *   isAnonymous: bool,
  *   lastUpdated: int,
  *   submitMultiple: bool,
@@ -127,6 +127,8 @@
  *   permissions: list<FormsPermission>,
  *   questions: list<FormsQuestion>,
  *   state: 0|1|2,
+ *   lockedBy: ?string,
+ *   lockedUntil: ?int,
  *   shares: list<FormsShare>,
  *   submissionCount?: int,
  *   submissionMessage: ?string,
diff --git a/lib/Service/FormsService.php b/lib/Service/FormsService.php
@@ -319,6 +319,10 @@ public function getPermissions(Form $form): array {
 	 * @return boolean
 	 */
 	public function canEditForm(Form $form): bool {
+		// Check if form is currently locked by another user
+		if ($form->getLockedBy() !== $this->currentUser->getUID() && $form->getLockedUntil() >= time()) {
+			return false;
+		}
 		return in_array(Constants::PERMISSION_EDIT, $this->getPermissions($form));
 	}
 
diff --git a/openapi.json b/openapi.json
@@ -111,6 +111,8 @@
                     "permissions",
                     "questions",
                     "state",
+                    "lockedBy",
+                    "lockedUntil",
                     "shares",
                     "submissionMessage"
                 ],
@@ -152,8 +154,7 @@
                         "nullable": true
                     },
                     "filePath": {
-                        "type": "string",
-                        "nullable": true
+                        "type": "string"
                     },
                     "isAnonymous": {
                         "type": "boolean"
@@ -195,6 +196,15 @@
                             2
                         ]
                     },
+                    "lockedBy": {
+                        "type": "string",
+                        "nullable": true
+                    },
+                    "lockedUntil": {
+                        "type": "integer",
+                        "format": "int64",
+                        "nullable": true
+                    },
                     "shares": {
                         "type": "array",
                         "items": {
