Merge branch '18691-freeze-project'

[arvados.git] / services / api / app / models / group.rb
diff --git a/services/api/app/models/group.rb b/services/api/app/models/group.rb

index ee8690acb58b15435ba765d88cf0c96439f8e479..b1b2e942c60c4bc79c13dbe731ad9bc1112684d2 100644 (file)
--- a/services/api/app/models/group.rb
+++ b/services/api/app/models/group.rb
@@ -116,7 +116,7 @@ class Group < ArvadosModel
        if !new_record? && !current_user.can?(manage: uuid)
          raise PermissionDeniedError
        end
-      if trash_at || delete_at || !new_record? && TrashedGroup.where(group_uuid: uuid).any?
+      if trash_at || delete_at || (!new_record? && TrashedGroup.where(group_uuid: uuid).any?)
          errors.add(:frozen_by_uuid, "cannot be set on a trashed project")
        end
        if frozen_by_uuid_was.nil?
@@ -176,6 +176,18 @@ class Group < ArvadosModel
        "Group.update_frozen.select",
        [[nil, self.uuid],
         [nil, !self.frozen_by_uuid.nil?]])
+    if frozen_by_uuid
+      rows = ActiveRecord::Base.connection.exec_query(
+        "select cr.uuid, cr.state from container_requests cr, #{temptable} frozen " +
+        "where cr.owner_uuid = frozen.uuid and frozen.is_frozen " +
+        "and cr.state not in ($1, $2) limit 1",
+        "Group.update_frozen.check_container_requests",
+        [[nil, ContainerRequest::Uncommitted],
+         [nil, ContainerRequest::Final]])
+      if rows.any?
+        raise ArgumentError.new("cannot freeze project containing container request #{rows.first['uuid']} with state = #{rows.first['state']}")
+      end
+    end
      ActiveRecord::Base.connection.exec_delete(
        "delete from frozen_groups where uuid in (select uuid from #{temptable} where not is_frozen)",
        "Group.update_frozen.delete")
@@ -248,7 +260,7 @@ class Group < ArvadosModel
    def permission_to_update
      if !super
        return false
-    elsif frozen_by_uuid && frozen_by_uuid_in_database
+    elsif frozen_by_uuid && frozen_by_uuid_was
        errors.add :uuid, "#{uuid} is frozen and cannot be modified"
        return false
      else