add checks

app/controllers/start_form_controller.rb

@@ -108,13 +108,16 @@ class StartFormController < ApplicationController
   end
 
   def can_resubmit?(submitter)
-    %w[api embed mcp].exclude?(submitter.submission.source) &&
+    submitter.completed_at? && submitter.completed_at > 14.days.ago &&
+      %w[api embed mcp].exclude?(submitter.submission.source) &&
       submitter.account.account_configs.find_or_initialize_by(key: AccountConfig::ALLOW_TO_RESUBMIT).value != false
   end
 
   def authorize_start!
-    return redirect_to submit_form_path(@resubmit_submitter.slug) if @resubmit_submitter && @template.archived_at?
-    return redirect_to start_form_path(@template.slug) if @template.archived_at?
+    is_archived = @template.archived_at? || @template.account.archived_at?
+
+    return redirect_to submit_form_path(@resubmit_submitter.slug) if @resubmit_submitter && is_archived
+    return redirect_to start_form_path(@template.slug) if is_archived
 
     return if @resubmit_submitter
     return if @template.shared_link? || (current_user && current_ability.can?(:read, @template))

app/controllers/submit_form_decline_controller.rb

@@ -7,7 +7,8 @@ class SubmitFormDeclineController < ApplicationController
   before_action :load_submitter
 
   def create
-    return redirect_to submit_form_path(@submitter.slug) if @submitter.declined_at? ||
+    return redirect_to submit_form_path(@submitter.slug) if declining_disabled? ||
+                                                            @submitter.declined_at? ||
                                                             @submitter.completed_at? ||
                                                             @submitter.submission.archived_at? ||
                                                             @submitter.submission.expired? ||
@@ -35,6 +36,10 @@ class SubmitFormDeclineController < ApplicationController
 
   private
 
+  def declining_disabled?
+    @submitter.account.account_configs.find_by(key: AccountConfig::ALLOW_TO_DECLINE_KEY)&.value == false
+  end
+
   def load_submitter
     @submitter = Submitter.find_by!(slug: params[:submit_form_slug])
   end

app/controllers/submitters_controller.rb

@@ -13,7 +13,7 @@ class SubmittersController < ApplicationController
   def update
     submission = @submitter.submission
 
-    if @submitter.submission_events.exists?(event_type: 'start_form') || submission.archived_at? || submission.expired?
+    unless submitter_editable?(submission)
       return redirect_back fallback_location: submission_path(submission), alert: I18n.t('submitter_cannot_be_updated')
     end
 
@@ -48,6 +48,12 @@ class SubmittersController < ApplicationController
 
   private
 
+  def submitter_editable?(submission)
+    !@submitter.submission_events.exists?(event_type: 'start_form') &&
+      !@submitter.completed_at? && !@submitter.declined_at? &&
+      !submission.archived_at? && !submission.expired? && !submission.template&.archived_at?
+  end
+
   def maybe_resend_email_sms(submitter, params)
     if params[:send_email] == '1' && submitter.email.present?
       is_sent_recently = Docuseal.multitenant? &&

app/controllers/submitters_resubmit_controller.rb

@@ -5,6 +5,8 @@ class SubmittersResubmitController < ApplicationController
 
   def update
     return redirect_to submit_form_path(slug: @submitter.slug) if @submitter.email != current_user.email
+    return redirect_to submit_form_path(slug: @submitter.slug) if @submitter.completed_at.blank? ||
+                                                                  @submitter.completed_at < 1.month.ago
 
     submission = @submitter.account.submissions.new(created_by_user: current_user,
                                                     submitters_order: :preserved,

app/jobs/send_submitter_invitation_email_job.rb

@@ -7,7 +7,9 @@ class SendSubmitterInvitationEmailJob
     submitter = Submitter.find(params['submitter_id'])
 
     return if submitter.completed_at?
+    return if submitter.declined_at?
     return if submitter.submission.archived_at?
+    return if submitter.submission.expired?
     return if submitter.template&.archived_at?
     return if submitter.submission.source == 'invite' && !Accounts.can_send_emails?(submitter.account, on_events: true)
 

app/views/submit_form/completed.html.erb

@@ -43,7 +43,7 @@
       <% end %>
     </div>
     <% undefined_submitters = Templates.filter_undefined_submitters(@submitter.submission.template_submitters) %>
-    <% if undefined_submitters.size == 1 && undefined_submitters.first['uuid'] == @submitter.uuid && %w[api embed mcp].exclude?(@submitter.submission.source) && @submitter.account.account_configs.find_or_initialize_by(key: AccountConfig::ALLOW_TO_RESUBMIT).value != false && @submitter.template && !@submitter.template.archived_at? %>
+    <% if undefined_submitters.size == 1 && undefined_submitters.first['uuid'] == @submitter.uuid && @submitter.completed_at? && @submitter.completed_at > 14.days.ago && %w[api embed mcp].exclude?(@submitter.submission.source) && @submitter.account.account_configs.find_or_initialize_by(key: AccountConfig::ALLOW_TO_RESUBMIT).value != false && @submitter.template && !@submitter.template.archived_at? %>
       <div class="divider uppercase"><%= t('or') %></div>
       <toggle-submit class="block">
         <%= button_to button_title(title: t('resubmit'), disabled_with: t('resubmit'), icon: svg_icon('reload', class: 'w-6 h-6')), resubmit_form_path, params: { resubmit: @submitter.slug }, method: :put, class: 'white-button w-full' %>