From e324a083d5df260c4eb2e5a98b7bc7cd769ebe21 Mon Sep 17 00:00:00 2001
From: Jason Moore <jason.moore@dbca.wa.gov.au>
Date: Fri, 23 Oct 2020 15:28:43 +0800
Subject: [PATCH] Restrict Basket to OPEN and SUBMITTED

---
 ledger/basket/middleware.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ledger/basket/middleware.py b/ledger/basket/middleware.py
index c46d636fa4..e549a1845a 100755
--- a/ledger/basket/middleware.py
+++ b/ledger/basket/middleware.py
@@ -38,6 +38,10 @@ def get_cookie_basket(self, cookie_key, request, manager):
                 basket_id = Signer(sep='|').unsign(basket_hash)
                 #basket = Basket.objects.get(pk=basket_id, owner=None, status=Basket.OPEN)
                 basket = Basket.objects.get(pk=basket_id)
+                if basket.status != 'OPEN' or basket.status != 'SUBMITTED':
+                      pass
+                else:
+                    basket = None
             except (BadSignature, Basket.DoesNotExist):
                 request.cookies_to_delete.append(cookie_key)
         return basket