fix(backend): moderation locking logic fix (#5979)

* fix(backend): moderation locking logic fix * fix: clippy
2026-05-03 19:29:05 +01:00
parent 2da2035a6f
commit 8a72ee9968
4 changed files with 29 additions and 28 deletions
--- a/apps/labrinth/src/routes/v3/projects.rs
+++ b/apps/labrinth/src/routes/v3/projects.rs
@@ -424,28 +424,22 @@ pub async fn project_edit_internal(
            ));
        }

-        // If a moderator (non-admin) is completing a review (changing from Processing to another
-        // status), they must hold an active non-expired lock on this project.
+        // If a moderator (non-admin) is completing a review while another moderator holds an
+        // active checklist lock, block them from changing the project status.
        if user.role.is_mod()
            && !user.role.is_admin()
            && project_item.inner.status == ProjectStatus::Processing
            && status != &ProjectStatus::Processing
-        {
-            let lock =
+            && let Some(lock) =
                DBModerationLock::get_with_user(project_item.inner.id, &pool)
-                    .await?;
-            let owns = lock.as_ref().is_some_and(|l| {
-                l.moderator_id == db_ids::DBUserId::from(user.id) && !l.expired
-            });
-            if !owns {
-                return Err(ApiError::CustomAuthentication(match lock {
-                    Some(l) => format!(
-                        "This project is currently being moderated by @{}. Please wait for them to finish or for the lock to expire.",
-                        l.moderator_username
-                    ),
-                    None => "You must hold an active moderation lock to complete this review. Open the project in the moderation checklist to acquire one.".to_string(),
-                }));
-            }
+                    .await?
+            && lock.moderator_id != db_ids::DBUserId::from(user.id)
+            && !lock.expired
+        {
+            return Err(ApiError::CustomAuthentication(format!(
+                "This project is currently being moderated by @{}. Please wait for them to finish or for the lock to expire.",
+                lock.moderator_username
+            )));
        }

        if status == &ProjectStatus::Processing {
--- a/apps/labrinth/src/test/api_v2/project.rs
+++ b/apps/labrinth/src/test/api_v2/project.rs
@@ -95,7 +95,7 @@ impl ApiProject for ApiV2 {
        let resp = self.create_project(creation_data, pat).await;
        assert_status!(&resp, StatusCode::OK);

-        // Approve as admin so fixture setup is not blocked by the moderation-lock guard.
+        // Approve as admin so fixture setup is not affected by moderation-lock contention.
        let req = TestRequest::patch()
            .uri(&format!("/v2/project/{slug}"))
            .append_pat(ADMIN_USER_PAT)
--- a/apps/labrinth/src/test/api_v3/project.rs
+++ b/apps/labrinth/src/test/api_v3/project.rs
@@ -49,8 +49,7 @@ impl ApiProject for ApiV3 {
        let resp = self.create_project(creation_data, pat).await;
        assert_status!(&resp, StatusCode::OK);

-        // Approve as admin so fixture setup is not blocked by the moderation-lock guard
-        // (non-admin moderators must hold a lock to move a project out of processing).
+        // Approve as admin so fixture setup is not affected by moderation-lock contention.
        let req = TestRequest::patch()
            .uri(&format!("/v3/project/{slug}"))
            .append_pat(ADMIN_USER_PAT)