fix: Do not allow users to resume submitted or deleted sessions - Githubissues

theopensystemslab / planx-new

Plan✕ is a platform for creating and publishing digital planning services

https://editor.planx.uk

Mozilla Public License 2.0

14 stars 2 forks source link

fix: Do not allow users to resume submitted or deleted sessions #3828

Closed DafyddLlyr closed 3 weeks ago

DafyddLlyr commented 3 weeks ago

What's the problem?

There's a fairly frequent Airbrake issue which this is aiming to address - https://planx.airbrake.io/projects/329753/groups/3916219583995941680/notices/3919131643095484184?tab=notice-list
The /validate-session endpoint is getting called for sessions already submitted, and then throwing an error

What's the solution?

Add a check for submitted and deleted sessions, which matches the public user permission set

What I think is causing this

A user submits an application
They then try to resume (either by refreshing, or via save and return)
They are able to actually resume and hit the send component again which triggers this error
You can try this out on staging to trigger this error (e.g. https://editor.planx.dev/buckinghamshire/report-a-potential-dangerous-structure/published)

https://github.com/user-attachments/assets/02797a67-e990-4fdd-b411-859e25e4b56b

This is now resolved on the Pizza, please see https://3828.planx.pizza/buckinghamshire/report-a-potential-dangerous-structure

Why I'm not totally convinced this is what users are doing

The above seems like quite edge-case behaviour, but is happen fairly frequently, and usually a few minutes after submission
Submissions are happening as expected however - Slack notifications, email_applications audit log, and Hasura events all seem to confirm this

github-actions[bot] commented 3 weeks ago

Removed vultr server and associated DNS entries