Denying Edits On Sent Invitations With HTTP Status Codes
When sending Invitations, editing should be impossible. Deny edits via UI changes or back-end validation. Use HTTP status code 422 (unprocessable entity) for update requests on sent Invitations.
Say we have an Invitation model. Invitations can be fully CRUDed while they are in draft, but once they are sent, editing should be impossible. To deny edits, we could start with changes to the UI - perhaps remove links/buttons leading to edit, but this does not preclude users navigating to edit form directly. Perhaps we can modify the edit form also, make everything disabled, remove submit button. This should be safe enough for internal systems, but a system facing public internet should probably also have some safety on the back-end - at least in update action and maybe even in the model val...