fix(risk_acceptance): reinstate findings when expiration date updated via API#15147
Open
Jino-T wants to merge 1 commit into
Open
fix(risk_acceptance): reinstate findings when expiration date updated via API#15147Jino-T wants to merge 1 commit into
Jino-T wants to merge 1 commit into
Conversation
… via API RiskAcceptanceSerializer.update() never called ra_helper.reinstate() when expiration_date changed, unlike the legacy Django view which does so at engagement/views.py. This caused two bugs reported together: 1. Findings stayed Active after a user updated the expiration date from a past date to a future date via the Edit Risk Acceptance form (Vue UI). reinstate() sets them back to inactive/risk_accepted. 2. Findings stayed Inactive on subsequent expiry cycles. Because reinstate() was never called, expiration_date_handled was never cleared. The Celery expiration task filters on expiration_date_handled__isnull=True, so the RA was permanently excluded from every future expiry run. Fix: capture old_expiration_date before super().update(), then call ra_helper.reinstate() when the date changes — matching the logic that already existed in the legacy view. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[sc-13436]
Summary
RiskAcceptanceSerializer.update()never calledra_helper.reinstate()whenexpiration_datechanged, unlike the legacy Django view (engagement/views.py:1308-1310) which does so correctly.reinstate()is never called, so findings remainactive=True / risk_accepted=Falseinstead of being set back to inactive/risk-accepted.reinstate()was never called,expiration_date_handledwas never cleared. The Celery expiration task queries withexpiration_date_handled__isnull=True, so the RA is permanently excluded from every future expiry run and findings are never reactivated when the RA expires again.Fix
Capture
old_expiration_datebeforesuper().update(), then callra_helper.reinstate()when the date changes — matching the logic that already exists in the legacy Django view.reinstate()handles both outcomes internally: it reinstates findings (only whenexpiration_date_handledis set) and unconditionally clearsexpiration_date_handledandexpiration_date_warned, making the RA eligible for the next Celery expiry cycle.Test plan
active=False / risk_accepted=Trueexpiration_date_handledisNoneafter the update — verify the Celery task will pick it up on the next expiry cycleexpiration_date_handledstaysNone🤖 Generated with Claude Code