Update Session Notes
POST/api/v1/devices/:device_id/notes
Update notes for the current active session.
Mobile-facing endpoint (preserved contract from v1.20). Each call:
- Truncates the payload to 2000 chars.
- Writes the truncated body to device.current_session_notes (mobile pre-fill cache).
- Upserts a SessionNote row keyed on (active_session, author=request.auth) so the manager-side GET in v1.23 sees an authored note row.
The upsert is idempotent across repeated POSTs during the same shift — calls 2..N update the same row's body and refresh created_at. A new shift gets a new SessionNote because the (session, author) key differs.
Concurrency (CR-01): the (session, author) upsert is serialized via select_for_update() on the Device row inside transaction.atomic(). Two concurrent POSTs from the same authenticated user (offline-buffered flush, mobile retry storm, multi-tab race) block at the lock so the second caller sees the first caller's row via update_or_create.get() and falls into the UPDATE branch — preventing duplicate (session, author) rows. The Device row lock serializes per-device POSTs without holding a workspace-wide lock.
BYOD Security: Only the device owner can update notes (enforced by get_device_with_permission(require_write=True)). Must have an active or paused shift to update notes.
Notes are limited to 2000 characters.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 422
OK
Bad Request
Unauthorized
Forbidden
Not Found
Validation Error