Volunteer scheduling system audit
Closed this issue · 5 comments
Carefully review the way we initialize & modify the volunteer availability property on the server
Sometimes, the user availability hours disappear, while the days remain. This causes the frontend to break and prevents the volunteer from updating their schedule.
No clear steps to reproduce at the moment. It's mysterious, which is why this requires a careful audit.
The following steps reproduce the issue:
- Download the HTTP Request Blocker Chrome extension.
- Add to the blacklist the URL of the /api/calendar/get endpoint for the server on which you want to test. (i.e.
http://<server_name_or_ip>:3000/api/calendar/get.) - Log into the server as a volunteer and navigate to the "Schedule" page.
- Click the "Save" button (even though you don't see any hours).
- Unblock the API endpoint, then refresh the page to see that the hours have now disappeared while the days remain. (Note: To unblock the API endpoint you need to click "Save" after removing the URL from the list.)
Notes:
- This seems to mainly occur with new volunteers
- It only seems to happen with ~10% of volunteers
Note: this is definitely still an issue as of 12/4/19!
I'm not sure if this is the main cause of this issue, but if I comment out the code in the fetchData method of the CalendarView to prevent it from sending the request to obtain availability data and then click the "Save" button on the CalendarView, the updateAvailability method is called with an empty availability object, causing the user's availability data on the server to be erased with hasSchedule still set to true; subsequent getAvailability calls then see hasSchedule and do not re-initialize the data, and the issue appears even when I restore the fetchData code. A situation like this could actually occur if a temporary network glitch causes the call to /api/calendar/get to fail, since the Promise in the fetchData method has no error handler. I'm not sure how many users would click the Save button if they don't see their hours, though.
The issue also appears if I use a REST client to POST to /api/calendar/save with a valid userid and an empty availability object, as would happen if only the /api/calendar/get call were to fail.
Steps to reproduce:
- Download the HTTP Request Blocker Chrome extension.
- Add to the blacklist the URL of the
/api/calendar/getendpoint for the server on which you want to test. (i.e.http://<server_name_or_ip>:3000/api/calendar/get.) - Log into the server as a volunteer and navigate to the "Schedule" page.
- Click the "Save" button (even though you don't see any hours).
- Unblock the API endpoint, then refresh the page to see that the hours have now disappeared while the days remain. (Note: To unblock the API endpoint you need to click "Save" after removing the URL from the list.)
The issue occurs only if the request to /api/calendar/get fails but other requests succeed, which would explain why the issue appears to occur randomly and has been so difficult to reproduce.