Block rows before some actions to prevent data damage

modules/module_blog_act_delete.go

@@ -19,6 +19,14 @@ func (this *Modules) RegisterAction_BlogDelete() *Action {
 		}
 
 		if err := wrap.DBTrans(func(tx *wrapper.Tx) error {
+			// Block rows
+			if _, err := tx.Exec("SELECT id FROM blog_posts WHERE id = ? FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+			if _, err := tx.Exec("SELECT id FROM blog_cat_post_rel WHERE post_id = ? FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+
 			// Delete target post with category connection data
 			if _, err := tx.Exec("DELETE FROM blog_posts WHERE id = ?;", pf_id); err != nil {
 				return err

modules/module_blog_act_modify.go

@@ -72,6 +72,11 @@ func (this *Modules) RegisterAction_BlogModify() *Action {
 					return err
 				}
 
+				// Block rows
+				if _, err := tx.Exec("SELECT id FROM blog_posts WHERE id = ? FOR UPDATE;", lastID); err != nil {
+					return err
+				}
+
 				// Insert post and categories relations
 				catids := utils.GetPostArrayInt("cats[]", wrap.R)
 				if len(catids) > 0 {
@@ -83,7 +88,7 @@ func (this *Modules) RegisterAction_BlogModify() *Action {
 							blog_cats
 						WHERE
 							id IN(` + strings.Join(utils.ArrayOfIntToArrayOfString(catids), ",") + `)
-						;`,
+						FOR UPDATE;`,
 					).Scan(
 						&catsCount,
 					)
@@ -112,6 +117,14 @@ func (this *Modules) RegisterAction_BlogModify() *Action {
 			wrap.Write(`window.location='/cp/blog/';`)
 		} else {
 			if err := wrap.DBTrans(func(tx *wrapper.Tx) error {
+				// Block rows
+				if _, err := tx.Exec("SELECT id FROM blog_posts WHERE id = ? FOR UPDATE;", pf_id); err != nil {
+					return err
+				}
+				if _, err := tx.Exec("SELECT id FROM blog_cat_post_rel WHERE post_id = ? FOR UPDATE;", pf_id); err != nil {
+					return err
+				}
+
 				// Update row
 				if _, err := tx.Exec(
 					`UPDATE blog_posts SET
@@ -147,7 +160,7 @@ func (this *Modules) RegisterAction_BlogModify() *Action {
 							blog_cats
 						WHERE
 							id IN(` + strings.Join(utils.ArrayOfIntToArrayOfString(catids), ",") + `)
-						;`,
+						FOR UPDATE;`,
 					).Scan(
 						&catsCount,
 					)

modules/module_blog_categories_act_delete.go

@@ -19,6 +19,15 @@ func (this *Modules) RegisterAction_BlogCategoriesDelete() *Action {
 		}
 
 		err := wrap.DBTrans(func(tx *wrapper.Tx) error {
+			// Block rows
+			if _, err := tx.Exec("SELECT id FROM blog_cats FOR UPDATE;"); err != nil {
+				return err
+			}
+			if _, err := tx.Exec("SELECT id FROM blog_cat_post_rel WHERE category_id = ? FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+
+			// Process
 			if _, err := tx.Exec("SELECT @ml := lft, @mr := rgt FROM blog_cats WHERE id = ?;", pf_id); err != nil {
 				return err
 			}

modules/module_blog_categories_act_modify.go

@@ -7,6 +7,12 @@ import (
 
 func (this *Modules) blog_ActionCategoryAdd(wrap *wrapper.Wrapper, pf_id, pf_name, pf_alias, pf_parent string) error {
 	return wrap.DBTrans(func(tx *wrapper.Tx) error {
+		// Block rows
+		if _, err := tx.Exec("SELECT id FROM blog_cats FOR UPDATE;"); err != nil {
+			return err
+		}
+
+		// Process
 		if _, err := tx.Exec("SELECT @mr := rgt FROM blog_cats WHERE id = ?;", pf_parent); err != nil {
 			return err
 		}
@@ -32,6 +38,7 @@ func (this *Modules) blog_ActionCategoryUpdate(wrap *wrapper.Wrapper, pf_id, pf_
 	if utils.StrToInt(pf_parent) == parentId {
 		// If parent not changed, just update category data
 		return wrap.DBTrans(func(tx *wrapper.Tx) error {
+			// Process
 			if _, err := tx.Exec(`
 				UPDATE blog_cats SET
 					name = ?,
@@ -52,6 +59,11 @@ func (this *Modules) blog_ActionCategoryUpdate(wrap *wrapper.Wrapper, pf_id, pf_
 
 	// Parent is changed, move category to new parent
 	return wrap.DBTrans(func(tx *wrapper.Tx) error {
+		// Block rows
+		if _, err := tx.Exec("SELECT id FROM blog_cats FOR UPDATE;"); err != nil {
+			return err
+		}
+
 		// Shift
 		if _, err := tx.Exec("SELECT @ml := lft, @mr := rgt FROM blog_cats WHERE id = ?;", pf_id); err != nil {
 			return err

modules/module_index.go

@@ -413,6 +413,7 @@ func (this *Modules) RegisterAction_IndexDelete() *Action {
 		}
 
 		err := wrap.DBTrans(func(tx *wrapper.Tx) error {
+			// Process
 			if _, err := tx.Exec("DELETE FROM pages WHERE id = ?;", pf_id); err != nil {
 				return err
 			}

modules/module_users_act_delete.go

@@ -19,6 +19,21 @@ func (this *Modules) RegisterAction_UsersDelete() *Action {
 		}
 
 		err := wrap.DBTrans(func(tx *wrapper.Tx) error {
+			// Block rows
+			if _, err := tx.Exec("SELECT id FROM blog_cats WHERE user = ? FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+			if _, err := tx.Exec("SELECT id FROM blog_posts WHERE user = ? FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+			if _, err := tx.Exec("SELECT id FROM pages WHERE user = ? FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+			if _, err := tx.Exec("SELECT id FROM users WHERE id = ? and id > 1 FOR UPDATE;", pf_id); err != nil {
+				return err
+			}
+
+			// Process
 			if _, err := tx.Exec("UPDATE blog_cats SET user = 1 WHERE user = ?;", pf_id); err != nil {
 				return err
 			}