From 802da2920b53cd1aa9b616ee463c7dc80a088013 Mon Sep 17 00:00:00 2001
From: "G.Ambatte" <sean@robertson-family.nz>
Date: Sun, 25 Feb 2024 22:28:44 +1300
Subject: [PATCH 1/5] Initial functionality pass

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 10 ++++++++++
 server/homebrew.api.js                               |  7 +++++++
 2 files changed, 17 insertions(+)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index c2de04142..7c7a3ae7f 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -122,6 +122,16 @@ const errorIndex = (props)=>{
 		An error occurred while attempting to remove the user from the Homebrewery document author list!
 		
 		**Brew ID:**  ${props.brew.brewId}`,
+
+		// Brew locked by Administrators error
+		'100' : dedent`
+		## This brew has been locked.
+		
+		Please contact the Administrators to unlock this document.
+		
+		**Brew ID:**  ${props.brew.brewId}
+		
+		**Brew Title:** ${props.brew.brewTitle}`,
 	};
 };
 
diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index 20e13ec71..e55bf20a0 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -54,6 +54,13 @@ const api = {
 				});
 			stub = stub?.toObject();
 
+			if(stub.lock?.state) {
+				// State 1 : Locked for everything
+				// State 2 : Edit only
+				if(stub.lock.state == 1 || (stub.lock.state == 2 && accessType != 'edit'))
+					throw { HBErrorCode: '100', code: stub.lock.code, message: stub.lock.message, brewId: accessType === 'edit' ? stub.editId : stub.shareId, brewTitle: stub.title };
+			}
+
 			// If there is a google id, try to find the google brew
 			if(!stubOnly && (googleId || stub?.googleId)) {
 				let googleError;

From 0d1d3a180dcc717a8e8111fbada868a4116709a0 Mon Sep 17 00:00:00 2001
From: "G.Ambatte" <sean@robertson-family.nz>
Date: Wed, 28 Feb 2024 16:02:35 +1300
Subject: [PATCH 2/5] Handle missing lock property

---
 server/homebrew.api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index e55bf20a0..d0c741a43 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -54,7 +54,7 @@ const api = {
 				});
 			stub = stub?.toObject();
 
-			if(stub.lock?.state) {
+			if(stub?.lock?.state) {
 				// State 1 : Locked for everything
 				// State 2 : Edit only
 				if(stub.lock.state == 1 || (stub.lock.state == 2 && accessType != 'edit'))

From 21c0916693e8f1b0408b449d51c679e8c018f688 Mon Sep 17 00:00:00 2001
From: "G.Ambatte" <sean@robertson-family.nz>
Date: Sun, 17 Mar 2024 21:34:31 +1300
Subject: [PATCH 3/5] Switch to boolean lock state

---
 server/homebrew.api.js | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/server/homebrew.api.js b/server/homebrew.api.js
index d0c741a43..567dc9cf7 100644
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -54,11 +54,8 @@ const api = {
 				});
 			stub = stub?.toObject();
 
-			if(stub?.lock?.state) {
-				// State 1 : Locked for everything
-				// State 2 : Edit only
-				if(stub.lock.state == 1 || (stub.lock.state == 2 && accessType != 'edit'))
-					throw { HBErrorCode: '100', code: stub.lock.code, message: stub.lock.message, brewId: accessType === 'edit' ? stub.editId : stub.shareId, brewTitle: stub.title };
+			if(stub?.lock?.locked && accessType != 'edit') {
+				throw { HBErrorCode: '100', code: stub.lock.code, message: stub.lock.message, brewId: stub.shareId, brewTitle: stub.title };
 			}
 
 			// If there is a google id, try to find the google brew

From 7f168f35b894dd07d6f5f68b9d26d3afc4d7c2d6 Mon Sep 17 00:00:00 2001
From: "G.Ambatte" <sean@robertson-family.nz>
Date: Sun, 17 Mar 2024 21:35:03 +1300
Subject: [PATCH 4/5] Add test for locked brew

---
 server/homebrew.api.spec.js | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/server/homebrew.api.spec.js b/server/homebrew.api.spec.js
index 55a8c414f..8a4748e38 100644
--- a/server/homebrew.api.spec.js
+++ b/server/homebrew.api.spec.js
@@ -117,7 +117,7 @@ describe('Tests for api', ()=>{
 					id : '123456789012345678901234567890123abcdefghijkl'
 				}
 			});
-			
+
 			expect(googleId).toEqual('123456789012345678901234567890123');
 			expect(id).toEqual('abcdefghijkl');
 		});
@@ -128,7 +128,7 @@ describe('Tests for api', ()=>{
 					id : '123456789012345678901234567890123abcdefghij'
 				}
 			});
-			
+
 			expect(googleId).toEqual('123456789012345678901234567890123');
 			expect(id).toEqual('abcdefghij');
 		});
@@ -298,6 +298,18 @@ describe('Tests for api', ()=>{
 			expect(model.get).toHaveBeenCalledWith({ shareId: '1' });
 			expect(google.getGoogleBrew).toHaveBeenCalledWith('2', '1', 'share');
 		});
+
+		it('access is denied to a locked brew', async()=>{
+			const lockBrew = { title: 'test brew', shareId: '1', lock: { locked: true, code: 404, message: 'brew locked' } };
+			model.get = jest.fn(()=>toBrewPromise(lockBrew));
+			api.getId = jest.fn(()=>({ id: '1', googleId: undefined }));
+
+			const fn = api.getBrew('share', false);
+			const req = { brew: {} };
+			const next = jest.fn();
+
+			await expect(fn(req, null, next)).rejects.toEqual({ 'HBErrorCode': '100', 'brewId': '1', 'brewTitle': 'test brew', 'code': 404, 'message': 'brew locked' });
+		});
 	});
 
 	describe('mergeBrewText', ()=>{

From 13d679c4bf5ffd2210786d314d50e8fd21475f6b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Mar 2024 21:26:34 +0000
Subject: [PATCH 5/5] Bump mongoose from 8.2.1 to 8.2.2

Bumps [mongoose](https://github.com/Automattic/mongoose) from 8.2.1 to 8.2.2.
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Automattic/mongoose/compare/8.2.1...8.2.2)

---
updated-dependencies:
- dependency-name: mongoose
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3c9d01f06..ce48f758e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -36,7 +36,7 @@
         "marked-smartypants-lite": "^1.0.2",
         "markedLegacy": "npm:marked@^0.3.19",
         "moment": "^2.30.1",
-        "mongoose": "^8.2.1",
+        "mongoose": "^8.2.2",
         "nanoid": "3.3.4",
         "nconf": "^0.12.1",
         "react": "^18.2.0",
@@ -10529,9 +10529,9 @@
       }
     },
     "node_modules/mongoose": {
-      "version": "8.2.1",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.2.1.tgz",
-      "integrity": "sha512-UgZZbXSJH0pdU936qj3FyVI+sBsMoGowFnL5R/RYrA50ayn6+ZYdVr8ehsRgNxRcMYwoNld5XzHIfkFRJTePEw==",
+      "version": "8.2.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.2.2.tgz",
+      "integrity": "sha512-6sMxe1d3k/dBjiOX4ExNTNOP0g1x0iq8eXyg+ttgIXM3HLnQ0IUyXRwVVAPFFY6O4/8uYN5dB0Ec72FrexbPpw==",
       "dependencies": {
         "bson": "^6.2.0",
         "kareem": "2.5.1",
diff --git a/package.json b/package.json
index 9ba33019c..31b0daf2e 100644
--- a/package.json
+++ b/package.json
@@ -107,7 +107,7 @@
     "marked-smartypants-lite": "^1.0.2",
     "markedLegacy": "npm:marked@^0.3.19",
     "moment": "^2.30.1",
-    "mongoose": "^8.2.1",
+    "mongoose": "^8.2.2",
     "nanoid": "3.3.4",
     "nconf": "^0.12.1",
     "react": "^18.2.0",