From 87ec135deab6d95a4f098f03614c197e07d609c9 Mon Sep 17 00:00:00 2001
From: Julien Denizot <luunz71@gmail.com>
Date: Wed, 6 Nov 2024 13:54:10 +0100
Subject: [PATCH 1/2] Fix points redemption validation to prevent overspending

---
 .gitignore |  3 ++-
 server.py  | 26 +++++++++++++++++++++-----
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2cba99d87..e66b85740 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@ lib
 .Python
 tests/
 .envrc
-__pycache__
\ No newline at end of file
+__pycache__
+*pyvenv.cfg
diff --git a/server.py b/server.py
index 4084baeac..e553d1d9d 100644
--- a/server.py
+++ b/server.py
@@ -43,12 +43,28 @@ def book(competition,club):
 
 @app.route('/purchasePlaces',methods=['POST'])
 def purchasePlaces():
-    competition = [c for c in competitions if c['name'] == request.form['competition']][0]
+    competition = [
+        c for c in competitions
+        if c['name'] == request.form['competition']
+    ][0]
     club = [c for c in clubs if c['name'] == request.form['club']][0]
     placesRequired = int(request.form['places'])
-    competition['numberOfPlaces'] = int(competition['numberOfPlaces'])-placesRequired
-    flash('Great-booking complete!')
-    return render_template('welcome.html', club=club, competitions=competitions)
+
+    if int(club['points']) < placesRequired:
+        flash("You do not have enough points to book that many places.")
+        return render_template(
+            'welcome.html', club=club, competitions=competitions
+        )
+
+    club['points'] = int(club['points']) - placesRequired
+
+    competition['numberOfPlaces'] = (
+        int(competition['numberOfPlaces']) - placesRequired
+    )
+    flash('Great - booking complete !')
+    return render_template(
+        'welcome.html', club=club, competitions=competitions
+    )
 
 
 # TODO: Add route for points display
@@ -56,4 +72,4 @@ def purchasePlaces():
 
 @app.route('/logout')
 def logout():
-    return redirect(url_for('index'))
\ No newline at end of file
+    return redirect(url_for('index'))

From 73d449285b33b2c7bc9d9dc77a4750fa0da06f59 Mon Sep 17 00:00:00 2001
From: Julien Denizot <luunz71@gmail.com>
Date: Wed, 13 Nov 2024 09:52:26 +0100
Subject: [PATCH 2/2] Add test for redeem points validation in purchase places

---
 tests/unit/test_purchase_places.py | 35 ++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 tests/unit/test_purchase_places.py

diff --git a/tests/unit/test_purchase_places.py b/tests/unit/test_purchase_places.py
new file mode 100644
index 000000000..f4c289eb2
--- /dev/null
+++ b/tests/unit/test_purchase_places.py
@@ -0,0 +1,35 @@
+import sys
+import os
+import pytest
+sys.path.insert(
+    0, os.path.abspath(
+        os.path.join(os.path.dirname(__file__), '../../')
+    )
+)
+
+from server import app, clubs, competitions # noqa
+
+
+@pytest.fixture
+def client():
+    app.config['TESTING'] = True
+    with app.test_client() as client:
+        yield client
+
+
+def test_purchase_places_not_enough_points(client):
+    response = client.post('/purchasePlaces', data={
+        'competition': 'Spring Festival',
+        'club': 'Iron Temple',
+        'places': 5
+    })
+
+    assert b"You do not have enough points to book that many places." \
+           in response.data
+
+    club = next(c for c in clubs if c['name'] == 'Iron Temple')
+    competition = next(
+        c for c in competitions if c['name'] == 'Spring Festival'
+    )
+    assert str(club['points']) == "4"
+    assert str(competition['numberOfPlaces']) == "25"