#520 [API/Race] Approval double-processing - duplicate workflow signals

closed critical Created 2025-12-17 14:59 · Updated 2025-12-17 15:12

Description

Edit
**File:** api/blueprints/v1/approvals.py:88-122 **Problem:** Two users clicking Approve simultaneously can both read status='pending', both update to 'approved', and both send signals. Results in duplicate workflow execution. **Fix:** Use optimistic locking: ```sql UPDATE workflow_approvals SET status = 'approved', approved_by = %s, approved_at = NOW() WHERE approval_key = %s AND status = 'pending' RETURNING * -- If rowcount == 0, approval already processed ``` **Impact:** Duplicate workflow steps, potential data corruption.

Comments

Loading comments...

Context

Loading context...

Audit History

View All
Loading audit history...
Quick Actions
Edit
Status
Priority
Danger Zone