Add fields for lockedAt and lockedBy to the APD schema. Create constants for APD_EVENT_TYPE with APD_LOCKED and APD_UNLOCKED.
Locking
When a user calls the get APD endpoint, check to see if the lockedAt and lockedBy fields of the APD have values. If they do, then the user can got access the APD and an error message should be returned. If the fields are empty, then they should be updated with the current time and current user. An entry should also be added to the apd_events table in postgress using createEventForAPD with an APD_LOCKED event.
Unlocking
Add an endpoint to unlock an APD that calls a function to unlock an APD. It should clear out lockedAt and lockedBy in the APD. It should also call the createEventForAPD with an APD_UNLOCKED event, the metadata field can be used to save the reason for the unlock [LOGOUT, TIMEOUT, LEFT_APD, CLOSED_WINDOW] which might give interesting stats.
This new endpoint should be called by the frontend actions that track logging out, timing out, leaving an APD, or closing an APD.
Acceptance criteria
[ ] when a user opens an unlocked APD
[ ] the APD is updated with their information in the locked fields
[ ] the event is recorded in postgres
[ ] when a user attempts to open a locked APD, they receive an error message
[ ] when a user unlocks an APD
[ ] the APD is updated to have empty lockedAt and lockedBy fields
[ ] the event is recorded in postgres
Testing criteria
Given
When
Then
Covered
an unlocked APD
a user opens the APD
the APD is updated with the current date and username and the lock even is logged
a locked APD
another user attempts to open the APD
an error message is returned
a locked APD
the locking user logs out
the APD is updated to empty out the lock fields and the unlock event is logged
a locked APD
the locking user's session times out
the APD is updated to empty out the lock fields and the unlock event is logged
a locked APD
the locking user navigates away from the APD
the APD is updated to empty out the lock fields and the unlock event is logged
a locked APD
the locking user closes the window
the APD is updated to empty out the lock fields and the unlock event is logged
Description and related issues
Add fields for lockedAt and lockedBy to the APD schema. Create constants for APD_EVENT_TYPE with
APD_LOCKEDandAPD_UNLOCKED.Locking When a user calls the get APD endpoint, check to see if the lockedAt and lockedBy fields of the APD have values. If they do, then the user can got access the APD and an error message should be returned. If the fields are empty, then they should be updated with the current time and current user. An entry should also be added to the apd_events table in postgress using
createEventForAPDwith anAPD_LOCKEDevent.Unlocking Add an endpoint to unlock an APD that calls a function to unlock an APD. It should clear out lockedAt and lockedBy in the APD. It should also call the
createEventForAPDwith anAPD_UNLOCKEDevent, the metadata field can be used to save the reason for the unlock [LOGOUT, TIMEOUT, LEFT_APD, CLOSED_WINDOW] which might give interesting stats.This new endpoint should be called by the frontend actions that track logging out, timing out, leaving an APD, or closing an APD.
Acceptance criteria
Testing criteria