bug: stale results-entry sessions can overwrite already-scored results #121
Description
Problem
An old admin results-entry session can still overwrite stored results after the fixture has already been scored.
ResultsEntryHandler.handle_dm() only checks that the fixture still exists:
fixture = await self.db.get_fixture_by_id(fixture_id)
if not fixture:
...Then the confirmation button calls:
await self.handler.save_results(self.user_id, self.fixture_id, self.results)And save_results() writes with an upsert:
INSERT INTO results ...
ON CONFLICT(fixture_id)
DO UPDATE SET ...There is no revalidation that the fixture is still open, that results were not already saved by another admin/session, or that scores were not already calculated.
Impact
- A stale DM session can silently replace the saved results for a scored fixture.
- If scores were already calculated, the replacement does not automatically recalculate standings on this path.
- That creates a stored-results / stored-scores mismatch.
Code references
typer_bot/handlers/results_handler.py:79typer_bot/handlers/results_handler.py:160typer_bot/database/database.py:569
Suggested direction
Revalidate at save time, not only when the DM message is first parsed.
Likely simplest rule:
- results-entry sessions only save for open fixtures
- if results already exist, reject the stale save and tell the admin to use the correction flow
- if the fixture has already been scored, either reject the save or route through the existing recalc-aware correction path
Acceptance criteria
- A stale results-entry session cannot overwrite results for an already-scored fixture.
- Stored results and stored scores cannot diverge through this workflow.
- Tests cover the stale-session overwrite case.