YARA-725

2026-01-26 11:50:34 +03:30
parent 623f165fee
commit 8db56d38be
2 changed files with 90 additions and 17 deletions
--- a/src/expert-blame/expert-blame.service.ts
+++ b/src/expert-blame/expert-blame.service.ts
@@ -263,14 +263,30 @@ export class ExpertBlameService {
    }

    // 2. Initial validation to ensure the expert has access
-    if (String(request?.actorLocked?.actorId) === actorId && request.lockFile) {
+    // Check if locked by current expert and lock is still active
+    const isLockedByCurrentExpert = 
+      String(request?.actorLocked?.actorId) === actorId && request.lockFile;
+    
+    // Check if lock has expired
+    let isLockExpired = false;
+    if (request.unlockTime) {
+      const unlockTime = new Date(request.unlockTime).getTime();
+      const now = Date.now();
+      isLockExpired = now >= unlockTime;
+    }
+    
+    if (isLockedByCurrentExpert && !isLockExpired) {
      // This is the correct expert, and the file is locked to them, which is fine.
+      // They can access it even if they closed the browser and came back.
    } else if (
-      request.lockFile ||
+      (request.lockFile && !isLockExpired) ||
      request.blameStatus === ReqBlameStatus.ReviewRequest
    ) {
-      // The file is locked, but not by the current expert.
-      throw new BadRequestException("Request is locked by another expert");
+      // The file is locked by someone else, or lock expired but status hasn't updated yet
+      // Only block if lock is still active and not by current expert
+      if (request.lockFile && !isLockExpired && !isLockedByCurrentExpert) {
+        throw new BadRequestException("Request is locked by another expert");
+      }
    }

    // 3. Populate the resend links if the data exists
@@ -474,9 +490,18 @@ export class ExpertBlameService {
        "Access denied to this request. You are not the locked expert.",
      );
    }
-    if (request.unlockTime == null) {
+    
+    // Check if lock has expired (unlockTime has passed)
+    if (request.unlockTime) {
+      const unlockTime = new Date(request.unlockTime).getTime();
+      const now = Date.now();
+      if (now >= unlockTime) {
+        throw new ForbiddenException("Your lock time has expired.");
+      }
+    } else if (request.unlockTime == null) {
      throw new ForbiddenException("Your lock time has expired.");
    }
+    
    if (!request.lockFile) {
      throw new ForbiddenException(
        "You must lock the request before submitting a reply.",