Implement LFS File Locking API

All the endpoints required for Git LFS 2.3.4 have been implemented, for more info please visit: https://github.com/git-lfs/git-lfs/blob/v2.3.4/docs/api/locking.md Pagination has not been added given it's optional and Kaminari doesn't support cursor based pagination yet.

Implement LFS File Locking API
All the endpoints required for Git LFS 2.3.4 have been implemented, for more info please visit: https://github.com/git-lfs/git-lfs/blob/v2.3.4/docs/api/locking.md Pagination has not been added given it's optional and Kaminari doesn't support cursor based pagination yet.
c0f35d7e · Rubén Dávila · 82e856ff · c0f35d7e · c0f35d7e · c0f35d7e
Commit c0f35d7e authored Jan 23, 2018 by Rubén Dávila
27 changed files
--- a/app/controllers/concerns/lfs_request.rb
+++ b/app/controllers/concerns/lfs_request.rb
@@ -10,6 +10,8 @@
 module LfsRequest
  extend ActiveSupport::Concern

+  CONTENT_TYPE = 'application/vnd.git-lfs+json'.freeze
+
  included do
    prepend EE::LfsRequest
    before_action :require_lfs_enabled!
@@ -51,7 +53,7 @@ module LfsRequest
        message: 'Access forbidden. Check your access level.',
        documentation_url: help_url
      },
-      content_type: "application/vnd.git-lfs+json",
+      content_type: CONTENT_TYPE,
      status: 403
    )
  end
@@ -62,7 +64,7 @@ module LfsRequest
        message: 'Not found.',
        documentation_url: help_url
      },
-      content_type: "application/vnd.git-lfs+json",
+      content_type: CONTENT_TYPE,
      status: 404
    )
  end

--- a/app/controllers/projects/lfs_api_controller.rb
+++ b/app/controllers/projects/lfs_api_controller.rb
@@ -103,7 +103,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController
        json: {
          message: lfs_read_only_message
        },
-        content_type: 'application/vnd.git-lfs+json',
+        content_type: LfsRequest::CONTENT_TYPE,
        status: 403
      )
    end

--- a/app/controllers/projects/lfs_locks_api_controller.rb
+++ b/app/controllers/projects/lfs_locks_api_controller.rb
+class Projects::LfsLocksApiController < Projects::GitHttpClientController
+  include LfsRequest
+
+  def create
+    @result = Lfs::LockFileService.new(project, user, params).execute
+
+    render_json(@result[:lock])
+  end
+
+  def unlock
+    @result = Lfs::UnlockFileService.new(project, user, params).execute
+
+    render_json(@result[:lock])
+  end
+
+  def index
+    @result = Lfs::LocksFinderService.new(project, user, params).execute
+
+    render_json(@result[:locks])
+  end
+
+  def verify
+    @result = Lfs::LocksFinderService.new(project, user, {}).execute
+
+    ours, theirs = split_by_owner(@result[:locks])
+
+    render_json({ ours: ours, theirs: theirs }, false)
+  end
+
+  private
+
+  def render_json(data, process = true)
+    render json: build_payload(data, process),
+           content_type: LfsRequest::CONTENT_TYPE,
+           status: @result[:http_status]
+  end
+
+  def build_payload(data, process)
+    serialized_data = process ? LfsFileLockSerializer.new.represent(data) : data
+
+    if @result[:status] == :success
+      serialized_data
+    else
+      # When the locking failed due to an existent Lock the existent record
+      # is returned in `@result[:lock]`
+      error_payload(@result[:message], @result[:lock] ? serialized_data : {})
+    end
+  end
+
+  def error_payload(message, custom_attrs = {})
+    custom_attrs.merge({
+      message: message,
+      documentation_url: help_url
+    })
+  end
+
+  def split_by_owner(locks)
+    groups = locks.partition { |lock| lock.user_id == user.id }
+
+    groups.map! do |records|
+      LfsFileLockSerializer.new.represent(records, root: false)
+    end
+  end
+
+  def download_request?
+    %w(index).include?(params[:action])
+  end
+
+  def upload_request?
+    %w(create unlock verify).include?(params[:action])
+  end
+end
--- a/app/models/lfs_file_lock.rb
+++ b/app/models/lfs_file_lock.rb
+class LfsFileLock < ActiveRecord::Base
+  belongs_to :project
+  belongs_to :user
+
+  validates :project_id, :user_id, :path, presence: true
+  validates :path, uniqueness: { scope: [:project_id] }
+
+  def can_be_unlocked_by?(current_user, forced = false)
+    return true if current_user.id == user_id
+
+    forced && current_user.can?(:admin_project, project)
+  end
+end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -184,6 +184,7 @@ class Project < ActiveRecord::Base
  has_many :releases
  has_many :lfs_objects_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
  has_many :lfs_objects, through: :lfs_objects_projects
+  has_many :lfs_file_locks
  has_many :project_group_links
  has_many :invited_groups, through: :project_group_links, source: :group
  has_many :pages_domains

--- a/app/serializers/lfs_file_lock_entity.rb
+++ b/app/serializers/lfs_file_lock_entity.rb
+class LfsFileLockEntity < Grape::Entity
+  root 'locks', 'lock'
+
+  expose :path
+  expose(:id) { |entity| entity.id.to_s }
+  expose(:created_at, as: :locked_at) { |entity| entity.created_at.to_s(:iso8601) }
+
+  expose :owner do
+    expose(:name) { |entity| entity.user&.name }
+  end
+end
--- a/app/serializers/lfs_file_lock_serializer.rb
+++ b/app/serializers/lfs_file_lock_serializer.rb
+class LfsFileLockSerializer < BaseSerializer
+  entity LfsFileLockEntity
+end
--- a/app/services/lfs/lock_file_service.rb
+++ b/app/services/lfs/lock_file_service.rb
+module Lfs
+  class LockFileService < BaseService
+    def execute
+      if current_lock
+        error('already created lock', 409, current_lock)
+      else
+        create_lock!
+      end
+    rescue => ex
+      error(ex.message, 500)
+    end
+
+    private
+
+    def current_lock
+      @current_lock ||= project.lfs_file_locks.find_by(path: params[:path])
+    end
+
+    def create_lock!
+      lock = project.lfs_file_locks.create!(user: current_user,
+                                            path: params[:path])
+
+      success(http_status: 201, lock: lock)
+    end
+
+    def error(message, http_status, lock = nil)
+      {
+        status: :error,
+        message: message,
+        http_status: http_status,
+        lock: lock
+      }
+    end
+  end
+end
--- a/app/services/lfs/locks_finder_service.rb
+++ b/app/services/lfs/locks_finder_service.rb
+module Lfs
+  class LocksFinderService < BaseService
+    def execute
+      success(locks: find_locks)
+    rescue => ex
+      error(ex.message, 500)
+    end
+
+    private
+
+    def find_locks
+      options = params.slice(:id, :path).compact.symbolize_keys
+
+      project.lfs_file_locks.where(options)
+    end
+  end
+end
--- a/app/services/lfs/unlock_file_service.rb
+++ b/app/services/lfs/unlock_file_service.rb
+module Lfs
+  class UnlockFileService < BaseService
+    def execute
+      @lock = project.lfs_file_locks.find_by(id: params[:id])
+
+      return error('Lock not found', 404) unless @lock
+
+      unlock_file
+    rescue => ex
+      error(ex.message, 500)
+    end
+
+    private
+
+    def unlock_file
+      forced = params[:force] == true
+
+      if @lock.can_be_unlocked_by?(current_user, forced)
+        @lock.destroy!
+
+        success(lock: @lock, http_status: :ok)
+      elsif forced
+        error('You must have master access to force delete a lock', 403)
+      else
+        error("#{@lock.path} is locked by GitLab User #{current_user.id}", 403)
+      end
+    end
+  end
+end
--- a/config/initializers/mime_types.rb
+++ b/config/initializers/mime_types.rb
@@ -14,4 +14,4 @@ Mime::Type.register "video/webm", :webm
 Mime::Type.register "video/ogg",  :ogv

 Mime::Type.unregister :json
-Mime::Type.register 'application/json', :json, %w(application/vnd.git-lfs+json application/json)
+Mime::Type.register 'application/json', :json, [LfsRequest::CONTENT_TYPE, 'application/json']
--- a/config/routes/git_http.rb
+++ b/config/routes/git_http.rb
@@ -16,6 +16,13 @@ scope(path: '*namespace_id/:project_id',
      get '/*oid', action: :deprecated
    end

+    scope(path: 'info/lfs') do
+      resources :lfs_locks, controller: :lfs_locks_api, path: 'locks' do
+        post :unlock, on: :member
+        post :verify, on: :collection
+      end
+    end
+
    # GitLab LFS object storage
    scope(path: 'gitlab-lfs/objects/*oid', controller: :lfs_storage, constraints: { oid: /[a-f0-9]{64}/ }) do
      get '/', action: :download

--- a/db/migrate/20180116193854_create_lfs_file_locks.rb
+++ b/db/migrate/20180116193854_create_lfs_file_locks.rb
+class CreateLfsFileLocks < ActiveRecord::Migration
+  DOWNTIME = false
+
+  def change
+    create_table :lfs_file_locks do |t|
+      t.references :project, null: false, index: true, foreign_key: { on_delete: :cascade }
+      t.references :user, null: false, index: true, foreign_key: { on_delete: :cascade }
+      t.string :path
+      t.datetime :created_at, null: false
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1302,6 +1302,16 @@ ActiveRecord::Schema.define(version: 20180204200836) do
    t.string "filter"
  end

+  create_table "lfs_file_locks", force: :cascade do |t|
+    t.integer "project_id", null: false
+    t.integer "user_id", null: false
+    t.string "path"
+    t.datetime "created_at", null: false
+  end
+
+  add_index "lfs_file_locks", ["project_id"], name: "index_lfs_file_locks_on_project_id", using: :btree
+  add_index "lfs_file_locks", ["user_id"], name: "index_lfs_file_locks_on_user_id", using: :btree
+
  create_table "lfs_objects", force: :cascade do |t|
    t.string "oid", null: false
    t.integer "size", limit: 8, null: false
@@ -2552,6 +2562,8 @@ ActiveRecord::Schema.define(version: 20180204200836) do
  add_foreign_key "label_priorities", "projects", on_delete: :cascade
  add_foreign_key "labels", "namespaces", column: "group_id", on_delete: :cascade
  add_foreign_key "labels", "projects", name: "fk_7de4989a69", on_delete: :cascade
+  add_foreign_key "lfs_file_locks", "projects", on_delete: :cascade
+  add_foreign_key "lfs_file_locks", "users", on_delete: :cascade
  add_foreign_key "lists", "boards", name: "fk_0d3f677137", on_delete: :cascade
  add_foreign_key "lists", "labels", name: "fk_7a5553d60f", on_delete: :cascade
  add_foreign_key "members", "users", name: "fk_2e88fb7ce9", on_delete: :cascade

--- a/ee/app/controllers/concerns/ee/lfs_request.rb
+++ b/ee/app/controllers/concerns/ee/lfs_request.rb
@@ -17,7 +17,7 @@ module EE
          message: ::Gitlab::RepositorySizeError.new(project).push_error(@exceeded_limit), # rubocop:disable Gitlab/ModuleWithInstanceVariables
          documentation_url: help_url
        },
-        content_type: "application/vnd.git-lfs+json",
+        content_type: ::LfsRequest::CONTENT_TYPE,
        status: 406
      )
    end

--- a/lib/gitlab/import_export/import_export.yml
+++ b/lib/gitlab/import_export/import_export.yml
@@ -27,6 +27,8 @@ project_tree:
  - :releases
  - project_members:
    - :user
+  - lfs_file_locks:
+    - :user
  - merge_requests:
    - notes:
      - :author

--- a/spec/factories/lfs_file_locks.rb
+++ b/spec/factories/lfs_file_locks.rb
+FactoryBot.define do
+  factory :lfs_file_lock do
+    user
+    project
+    path 'README.md'
+  end
+end
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -305,6 +305,7 @@ project:
 - fork_network_member
 - fork_network
 - custom_attributes
+- lfs_file_locks
 award_emoji:
 - awardable
 - user
@@ -322,3 +323,5 @@ issue_assignees:
 epic_issues:
 - issue
 - epic
+lfs_file_locks:
+- user
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -550,3 +550,9 @@ ProjectCustomAttribute:
 - project_id
 - key
 - value
+LfsFileLock:
+- id
+- path
+- user_id
+- project_id
+- created_at
--- a/spec/models/lfs_file_lock_spec.rb
+++ b/spec/models/lfs_file_lock_spec.rb
+require 'rails_helper'
+
+describe LfsFileLock do
+  set(:lfs_file_lock) { create(:lfs_file_lock) }
+  subject { lfs_file_lock }
+
+  it { is_expected.to belong_to(:project) }
+  it { is_expected.to belong_to(:user) }
+
+  it { is_expected.to validate_presence_of(:project_id) }
+  it { is_expected.to validate_presence_of(:user_id) }
+  it { is_expected.to validate_presence_of(:path) }
+  it { is_expected.to validate_uniqueness_of(:path).scoped_to(:project_id) }
+
+  describe '#can_be_unlocked_by?' do
+    let(:developer) { create(:user) }
+    let(:master)    { create(:user) }
+
+    before do
+      project = lfs_file_lock.project
+
+      project.add_developer(developer)
+      project.add_master(master)
+    end
+
+    context "when it's forced" do
+      it 'can be unlocked by the author' do
+        user = lfs_file_lock.user
+
+        expect(lfs_file_lock.can_be_unlocked_by?(user, true)).to eq(true)
+      end
+
+      it 'can be unlocked by a master' do
+        expect(lfs_file_lock.can_be_unlocked_by?(master, true)).to eq(true)
+      end
+
+      it "can't be unlocked by other user" do
+        expect(lfs_file_lock.can_be_unlocked_by?(developer, true)).to eq(false)
+      end
+    end
+
+    context "when it isn't forced" do
+      it 'can be unlocked by the author' do
+        user = lfs_file_lock.user
+
+        expect(lfs_file_lock.can_be_unlocked_by?(user)).to eq(true)
+      end
+
+      it "can't be unlocked by a master" do
+        expect(lfs_file_lock.can_be_unlocked_by?(master)).to eq(false)
+      end
+
+      it "can't be unlocked by other user" do
+        expect(lfs_file_lock.can_be_unlocked_by?(developer)).to eq(false)
+      end
+    end
+  end
+end
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -81,6 +81,7 @@ describe Project do
    it { is_expected.to have_many(:members_and_requesters) }
    it { is_expected.to have_many(:clusters) }
    it { is_expected.to have_many(:custom_attributes).class_name('ProjectCustomAttribute') }
+    it { is_expected.to have_many(:lfs_file_locks) }

    context 'after initialized' do
      it "has a project_feature" do

--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -1302,7 +1302,7 @@ describe 'Git LFS API and storage' do
  end

  def post_lfs_json(url, body = nil, headers = nil)
-    post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => 'application/vnd.git-lfs+json'))
+    post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE))
  end

  def json_response

--- a/spec/requests/lfs_locks_api_spec.rb
+++ b/spec/requests/lfs_locks_api_spec.rb
+require 'spec_helper'
+
+describe 'Git LFS File Locking API' do
+  include WorkhorseHelpers
+
+  let(:project)   { create(:project) }
+  let(:master)    { create(:user) }
+  let(:developer) { create(:user) }
+  let(:guest)     { create(:user) }
+  let(:path)      { 'README.md' }
+  let(:headers) do
+    {
+      'Authorization' => authorization
+    }.compact
+  end
+
+  shared_examples 'unauthorized request' do
+    context 'when user is not authorized' do
+      let(:authorization) { authorize_user(guest) }
+
+      it 'returns a forbidden 403 response' do
+        post_lfs_json url, body, headers
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
+  end
+
+  before do
+    allow(Gitlab.config.lfs).to receive(:enabled).and_return(true)
+
+    project.add_developer(master)
+    project.add_developer(developer)
+    project.add_guest(guest)
+  end
+
+  describe 'Create File Lock endpoint' do
+    let(:url)           { "#{project.http_url_to_repo}/info/lfs/locks" }
+    let(:authorization) { authorize_user(developer) }
+    let(:body)          { { path: path } }
+
+    include_examples 'unauthorized request'
+
+    context 'with an existent lock' do
+      before do
+        lock_file('README.md', developer)
+      end
+
+      it 'responds with 409' do
+        post_lfs_json url, body, headers
+
+        expect(response).to have_gitlab_http_status(409)
+
+        expect(json_response.keys).to match_array(%w(lock message documentation_url))
+        expect(json_response['message']).to match(/already created lock/)
+      end
+    end
+
+    context 'without an existent lock' do
+      it 'responds with 201' do
+        post_lfs_json url, body, headers
+
+        expect(response).to have_gitlab_http_status(201)
+
+        expect(json_response['lock'].keys).to match_array(%w(id path locked_at owner))
+      end
+    end
+  end
+
+  describe 'Listing File Locks endpoint' do
+    let(:url)           { "#{project.http_url_to_repo}/info/lfs/locks" }
+    let(:authorization) { authorize_user(developer) }
+
+    include_examples 'unauthorized request'
+
+    it 'responds with 200' do
+      lock_file('README.md', developer)
+      lock_file('README', developer)
+
+      do_get url, nil, headers
+
+      expect(response).to have_gitlab_http_status(200)
+
+      expect(json_response['locks'].size).to eq(2)
+      expect(json_response['locks'].first.keys).to match_array(%w(id path locked_at owner))
+    end
+  end
+
+  describe 'List File Locks for verification endpoint' do
+    let(:url)           { "#{project.http_url_to_repo}/info/lfs/locks/verify" }
+    let(:authorization) { authorize_user(developer) }
+
+    include_examples 'unauthorized request'
+
+    it 'responds with 200' do
+      lock_file('README.md', master)
+      lock_file('README', developer)
+
+      post_lfs_json url, nil, headers
+
+      expect(response).to have_gitlab_http_status(200)
+
+      expect(json_response['ours'].size).to eq(1)
+      expect(json_response['ours'].first['path']).to eq('README')
+      expect(json_response['theirs'].size).to eq(1)
+      expect(json_response['theirs'].first['path']).to eq('README.md')
+    end
+  end
+
+  describe 'Delete File Lock endpoint' do
+    let!(:lock)         { lock_file('README.md', developer) }
+    let(:url)           { "#{project.http_url_to_repo}/info/lfs/locks/#{lock[:id]}/unlock" }
+    let(:authorization) { authorize_user(developer) }
+
+    include_examples 'unauthorized request'
+
+    context 'with an existent lock' do
+      it 'responds with 200' do
+        post_lfs_json url, nil, headers
+
+        expect(response).to have_gitlab_http_status(200)
+
+        expect(json_response['lock'].keys).to match_array(%w(id path locked_at owner))
+      end
+    end
+  end
+
+  def lock_file(path, author)
+    result = Lfs::LockFileService.new(project, author, { path: path }).execute
+
+    result[:lock]
+  end
+
+  def authorize_user(user)
+    ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.password)
+  end
+
+  def post_lfs_json(url, body = nil, headers = nil)
+    post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE))
+  end
+
+  def do_get(url, params = nil,  headers = nil)
+    get(url, (params || {}), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE))
+  end
+
+  def json_response
+    @json_response ||= JSON.parse(response.body)
+  end
+end
--- a/spec/serializers/lfs_file_lock_entity_spec.rb
+++ b/spec/serializers/lfs_file_lock_entity_spec.rb
+require 'spec_helper'
+
+describe LfsFileLockEntity do
+  let(:user)     { create(:user) }
+  let(:resource) { create(:lfs_file_lock, user: user) }
+
+  let(:request) { double('request', current_user: user) }
+
+  subject { described_class.new(resource, request: request).as_json }
+
+  it 'exposes basic attrs of the lock' do
+    expect(subject).to include(:id, :path, :locked_at)
+  end
+
+  it 'exposes the owner info' do
+    expect(subject).to include(:owner)
+    expect(subject[:owner][:name]).to eq(user.name)
+  end
+end
--- a/spec/services/lfs/lock_file_service_spec.rb
+++ b/spec/services/lfs/lock_file_service_spec.rb
+require 'spec_helper'
+
+describe Lfs::LockFileService do
+  let(:project) { create(:project) }
+  let(:user)    { create(:user) }
+
+  subject { described_class.new(project, user, params) }
+
+  describe '#execute' do
+    let(:params) { { path: 'README.md' } }
+
+    context 'with an existent lock' do
+      let!(:lock) { create(:lfs_file_lock, project: project) }
+
+      it "doesn't succeed" do
+        expect(subject.execute[:status]).to eq(:error)
+      end
+
+      it "doesn't create the Lock" do
+        expect do
+          subject.execute
+        end.not_to change { LfsFileLock.count }
+      end
+    end
+
+    context 'without an existent lock' do
+      it "succeeds" do
+        expect(subject.execute[:status]).to eq(:success)
+      end
+
+      it "creates the Lock" do
+        expect do
+          subject.execute
+        end.to change { LfsFileLock.count }.by(1)
+      end
+    end
+
+    context 'when an error is raised' do
+      it "doesn't succeed" do
+        allow_any_instance_of(described_class).to receive(:create_lock!).and_raise(StandardError)
+
+        expect(subject.execute[:status]).to eq(:error)
+      end
+    end
+  end
+end
--- a/spec/services/lfs/locks_finder_service_spec.rb
+++ b/spec/services/lfs/locks_finder_service_spec.rb
+require 'spec_helper'
+
+describe Lfs::LocksFinderService do
+  let(:project) { create(:project) }
+  let(:user)    { create(:user) }
+  let(:params)  { Hash.new }
+
+  subject { described_class.new(project, user, params) }
+
+  shared_examples 'no results' do
+    it 'returns an empty list' do
+      result = subject.execute
+
+      expect(result[:status]).to eq(:success)
+      expect(result[:locks]).to be_blank
+    end
+  end
+
+  describe '#execute' do
+    let!(:lock_1) { create(:lfs_file_lock, project: project) }
+    let!(:lock_2) { create(:lfs_file_lock, project: project, path: 'README') }
+
+    context 'find by id' do
+      context 'with results' do
+        let(:params) do
+          { id: lock_1.id }
+        end
+
+        it 'returns the record' do
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+          expect(result[:locks].size).to eq(1)
+          expect(result[:locks].first).to eq(lock_1)
+        end
+      end
+
+      context 'without results' do
+        let(:params) do
+          { id: 123 }
+        end
+
+        include_examples 'no results'
+      end
+    end
+
+    context 'find by path' do
+      context 'with results' do
+        let(:params) do
+          { path: lock_1.path }
+        end
+
+        it 'returns the record' do
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+          expect(result[:locks].size).to eq(1)
+          expect(result[:locks].first).to eq(lock_1)
+        end
+      end
+
+      context 'without results' do
+        let(:params) do
+          { path: 'not-found' }
+        end
+
+        include_examples 'no results'
+      end
+    end
+
+    context 'find all' do
+      context 'with results' do
+        it 'returns all the records' do
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+          expect(result[:locks].size).to eq(2)
+        end
+      end
+
+      context 'without results' do
+        before do
+          LfsFileLock.delete_all
+        end
+
+        include_examples 'no results'
+      end
+    end
+
+    context 'when an error is raised' do
+      it "doesn't succeed" do
+        allow_any_instance_of(described_class).to receive(:find_locks).and_raise(StandardError)
+
+        result = subject.execute
+
+        expect(result[:status]).to eq(:error)
+        expect(result[:locks]).to be_blank
+      end
+    end
+  end
+end
--- a/spec/services/lfs/unlock_file_service_spec.rb
+++ b/spec/services/lfs/unlock_file_service_spec.rb
+require 'spec_helper'
+
+describe Lfs::UnlockFileService do
+  let(:project) { create(:project) }
+  let(:user)    { create(:user) }
+  let!(:lock)   { create(:lfs_file_lock, user: user, project: project) }
+
+  subject { described_class.new(project, user, params) }
+
+  describe '#execute' do
+    context 'when lock does not exists' do
+      let(:params) { { id: 123 } }
+      it "doesn't succeed" do
+        result = subject.execute
+
+        expect(result[:status]).to eq(:error)
+        expect(result[:http_status]).to eq(404)
+      end
+    end
+
+    context 'when unlocked by the author' do
+      let(:params) { { id: lock.id } }
+
+      it "succeeds" do
+        result = subject.execute
+
+        expect(result[:status]).to eq(:success)
+        expect(result[:lock]).to be_present
+      end
+    end
+
+    context 'when unlocked by a different user' do
+      let(:user) { create(:user) }
+
+      it "doesn't succeed" do
+        result = subject.execute
+
+        expect(result[:status]).to eq(:error)
+        expect(result[:message]).to match(/is locked by GitLab User #{user.id}/)
+        expect(result[:http_status]).to eq(403)
+      end
+    end
+
+    context 'when forced' do
+      let(:developer) { create(:user) }
+      let(:master)    { create(:user) }
+
+      before do
+        project.add_developer(developer)
+        project.add_master(master)
+      end
+
+      context 'by a regular user' do
+        let(:user) { developer }
+        let(:params) do
+          { id: lock.id,
+            force: true }
+        end
+
+        it "doesn't succeed" do
+          result = subject.execute
+
+          expect(result[:status]).to eq(:error)
+          expect(result[:message]).to match(/You must have master access/)
+          expect(result[:http_status]).to eq(403)
+        end
+      end
+
+      context 'by a master user' do
+        let(:user) { developer }
+        let(:params) do
+          { id: lock.id,
+            force: true }
+        end
+
+        it "succeeds" do
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+          expect(result[:lock]).to be_present
+        end
+      end
+    end
+  end
+end