Merge pull request #4 from mumz0/bugfix/limit-booking-places

Bugfix/limit booking places

Author: mumz0

Diff for: clubs.json

@@ -11,6 +11,6 @@
     },
     {   "name":"She Lifts",
         "email": "kate@shelifts.co.uk",
-        "points":"12"
+        "points":"50"
     }
-]}
+]}

Diff for: server.py

@@ -8,7 +8,7 @@
 import json
 
 from flask import Flask, flash, redirect, render_template, request, session, url_for
-from werkzeug.exceptions import BadRequest
+from werkzeug.exceptions import BadRequest, Unauthorized
 
 
 def load_clubs():
@@ -38,7 +38,7 @@ def index():
     return render_template("index.html")
 
 
-@app.route("/show_summary", methods=["POST"])
+@app.route("/show_summary", methods=["POST", "GET"])
 def show_summary():
     """
     Handle POST request to render the summary page for a specific club.
@@ -55,6 +55,12 @@ def show_summary():
 
     """
     try:
+        if request.method == "GET":
+            email = session.get("email")
+            if email:
+                club = [club for club in clubs if club["email"] == email][0]
+                return render_template("welcome.html", club=club, competitions=competitions)
+
         email = request.form.get("email")
         if not email:
             flash("Email is required.")
@@ -76,7 +82,17 @@ def show_summary():
 
 @app.route("/book/<competition>/<club>")
 def book(competition, club):
-    """Render the booking page for a specific competition and club."""
+    """
+    Render the booking page for a specific competition and club.
+
+    :param competition: The name of the competition.
+    :type competition: str
+    :param club: The name of the club.
+    :type club: str
+    :return: The rendered booking page if the club and competition are found,
+             otherwise the welcome page with an error message.
+    :rtype: werkzeug.wrappers.Response
+    """
     found_club = [c for c in clubs if c["name"] == club][0]
     found_competition = [c for c in competitions if c["name"] == competition][0]
     if found_club and found_competition:
@@ -87,16 +103,44 @@ def book(competition, club):
 
 @app.route("/purchase_places", methods=["POST"])
 def purchase_places():
-    """Handle the reservation of places for a specific competition and club."""
+    """
+    Handle the reservation of places for a specific competition and club.
+
+    This function processes the form submission for booking places in a competition.
+    It checks if the user is authenticated, validates the requested number of places,
+    and updates the competition and club data accordingly.
+
+    :raises Unauthorized: If the user is not authenticated.
+    :raises BadRequest: If the requested number of places is invalid.
+    :return: The rendered welcome page with a success message if the booking is successful,
+             otherwise the welcome page with an error message.
+    :rtype: werkzeug.wrappers.Response
+    """
+    if not session.get("email"):
+        raise Unauthorized("You must be connected.")
+
     competition = [c for c in competitions if c["name"] == request.form["competition"]][0]
     club = [c for c in clubs if c["name"] == request.form["club"]][0]
     places_required = int(request.form["places"])
 
-    if places_required > int(club["points"]) or places_required > int(competition["numberOfPlaces"]):
+    # Initialize 'clubBookings' for the competition if not present
+    if "clubBookings" not in competition:
+        competition["clubBookings"] = {}
+
+    # Initialize the club's booking count for this competition if not present
+    if club["name"] not in competition["clubBookings"]:
+        competition["clubBookings"][club["name"]] = 0
+
+    if places_required > int(club["points"]) or places_required > int(competition["numberOfPlaces"]) or places_required > 12:
+        raise BadRequest("Invalid data provided")
+
+    if competition["clubBookings"][club["name"]] + places_required <= 12:
+        competition["clubBookings"][club["name"]] += places_required
+        club["points"] = int(club["points"]) - places_required
+        competition["numberOfPlaces"] = int(competition["numberOfPlaces"]) - places_required
+    else:
         raise BadRequest("Invalid data provided")
 
-    club["points"] = int(club["points"]) - places_required
-    competition["numberOfPlaces"] = int(competition["numberOfPlaces"]) - places_required
     flash("Great - booking complete!")
     return render_template("welcome.html", club=club, competitions=competitions)
 

Diff for: templates/booking.html

@@ -6,13 +6,26 @@
     <title>Booking for {{ competition['name'] }} || GUDLFT</title>
 </head>
 <body>
+    <a href="/show_summary" style="text-decoration: none; color: inherit;">
+        Retour
+    </a>
     <h2>{{ competition['name'] }}</h2>
     Places available: {{ competition['numberOfPlaces'] }}
+    <p>
+        Places already booked:
+        {% if 'clubBookings' in competition and club['name'] in competition['clubBookings'] %}
+            {{ competition['clubBookings'][club['name']]}}/12
+        {% else %}
+            0/12
+        {% endif %}
+    </p>
     <form id="bookingForm" action="/purchase_places" method="post" onsubmit="validateBooking(event)">
         <input type="hidden" name="club" value="{{ club['name'] }}">
         <input type="hidden" name="competition" value="{{ competition['name'] }}">
         <input type="hidden" id="availablePlaces" value="{{ competition['numberOfPlaces'] }}">
         <input type="hidden" id="clubPlaces" value="{{ club['points'] }}">
+        <input type="hidden" id="competitionBookings" value="{% if 'clubBookings' in competition and club['name'] in competition['clubBookings'] %}{{ competition['clubBookings'][club['name']] }}{% else %}0{% endif %}">
+        <input type="hidden" id="clubName" value="{{ club['name'] }}">
         <label for="places">How many places?</label>
         <input type="number" name="places" id="places">
         <button type="submit">Book</button>
@@ -33,6 +46,7 @@ <h2>{{ competition['name'] }}</h2>
             const availablePlaces = parseInt(document.getElementById('availablePlaces').value, 10);
             const clubPlaces = parseInt(document.getElementById('clubPlaces').value, 10);
             const errorDiv = document.getElementById('error-message');
+            const placesAlreadyBooked = parseInt(document.getElementById('competitionBookings').value, 10);
 
             // Clear previous error message
             errorDiv.textContent = '';
@@ -46,6 +60,10 @@ <h2>{{ competition['name'] }}</h2>
                 errorDiv.textContent = "You cannot book more places than are available in the competition.";
                 return;
             }
+            if (numberOfPlaces > maxPlaces || placesAlreadyBooked + numberOfPlaces > maxPlaces) {
+                errorDiv.textContent = "You cannot book more than 12 places.";
+                return;
+            }
             if (numberOfPlaces > clubPlaces) {
                 errorDiv.textContent = "You cannot book more places than you have.";
                 return;

Diff for: templates/welcome.html

@@ -5,32 +5,36 @@
     <title>Summary | GUDLFT Registration</title>
 </head>
 <body>
-        <h2>Welcome, {{club['email']}} </h2><a href="{{url_for('logout')}}">Logout</a>
+    <h2>Welcome, {{ club['email'] }} </h2><a href="{{ url_for('logout') }}">Logout</a>
 
-    {% with messages = get_flashed_messages()%}
+    {% with messages = get_flashed_messages() %}
     {% if messages %}
         <ul>
-       {% for message in messages %}
-            <li style="color: red;">{{ message }}</li>
-        {% endfor %}
-       </ul>
-    {% endif%}
-    Points available: {{club['points']}}
+            {% for message in messages %}
+                <li style="color: red;">{{ message }}</li>
+            {% endfor %}
+        </ul>
+    {% endif %}
+    {% endwith %}
+
+    Points available: {{ club['points'] }}
     <h3>Competitions:</h3>
     <ul>
-        {% for comp in competitions%}
+        {% for comp in competitions %}
         <li>
-            {{comp['name']}}<br />
-            Date: {{comp['date']}}</br>
-            Number of Places: {{comp['numberOfPlaces']}}
-            {%if comp['numberOfPlaces']|int >0%}
-            <a href="{{ url_for('book',competition=comp['name'],club=club['name']) }}">Book Places</a>
-            {%endif%}
+            {{ comp['name'] }}<br />
+            Date: {{ comp['date'] }}<br />
+            Number of Places: {{ comp['numberOfPlaces'] }}
+            {% if comp['numberOfPlaces']|int > 0 %}
+                {% if (comp['clubBookings'][club['name']] if 'clubBookings' in comp and club['name'] in comp['clubBookings'] else 0) < 12 %}
+                    <a href="{{ url_for('book', competition=comp['name'], club=club['name']) }}">Book Places</a>
+                {% else %}
+                    <span style="color: green;">Max places booked</span>
+                {% endif %}
+            {% endif %}
         </li>
         <hr />
         {% endfor %}
     </ul>
-    {%endwith%}
-
 </body>
 </html>

Diff for: tests/integration_tests/test_integration.py

@@ -123,6 +123,64 @@ def test_login_no_email(client):
     assert "Email is required" in response_text
 
 
+def test_get_welcome_page_with_email_in_session(client, mocker):
+    """
+    Test accessing the welcome page with a valid email in the session.
+
+    This test verifies that the welcome page is accessible and displays the correct
+    information when a valid email is present in the session.
+
+    :param client: The Flask test client.
+    :type client: flask.testing.FlaskClient
+    :param mocker: The mock object.
+    :type mocker: pytest_mock.MockerFixture
+    :return: None
+    """
+    clubs = mocker.patch("server.clubs", sample_clubs()["clubs"])
+    with client.session_transaction() as sess:
+        sess["email"] = clubs[0]["email"]
+
+    response = client.get("/show_summary")
+    assert response.status_code == 200
+    assert b"Welcome" in response.data
+    assert b"Points available" in response.data
+
+
+def test_get_welcome_page_without_email_in_session(client):
+    """
+    Test accessing the welcome page without an email in the session.
+
+    This test verifies that the user is redirected to the home page when no email
+    is present in the session.
+
+    :param client: The Flask test client.
+    :type client: flask.testing.FlaskClient
+    :return: None
+    """
+    response = client.get("/show_summary")
+    assert response.status_code == 302
+    assert response.headers["Location"] == "http://localhost/"
+
+
+def test_get_welcome_page_with_invalid_email_in_session(client):
+    """
+    Test accessing the welcome page with an invalid email in the session.
+
+    This test verifies that the user is redirected to the home page when an invalid
+    email is present in the session.
+
+    :param client: The Flask test client.
+    :type client: flask.testing.FlaskClient
+    :return: None
+    """
+    with client.session_transaction() as sess:
+        sess["email"] = "invalid@example.com"
+
+    response = client.get("/show_summary")
+    assert response.status_code == 302
+    assert response.headers["Location"] == "http://localhost/"
+
+
 def test_purchase_success(client, mocker):
     """
     Test the purchase process when it is successful.
@@ -213,6 +271,25 @@ def test_purchase_exceeding_club_points(client, mocker):
     assert "Invalid data provided" in response_text
 
 
+def test_purchase_places_exceeding_maximum_places(client, mocker):
+    """
+    Test that attempting to purchase more than the maximum allowed places (12) results in a BadRequest.
+
+    :param client: The Flask test client.
+    :type client: flask.testing.FlaskClient
+    :param mocker: The mock object.
+    :type mocker: pytest_mock.MockerFixture
+    :return: None
+    """
+    mocker.patch("server.clubs", sample_clubs()["clubs"])
+    mocker.patch("server.competitions", sample_competitions()["competitions"])
+    with client.session_transaction() as session:
+        session["email"] = "club1@test.com"
+    response = client.post("/purchase_places", data={"competition": "Comp1", "club": "Club1", "places": 13})
+    assert response.status_code == 400
+    assert b"Invalid data provided" in response.data
+
+
 def test_deduct_club_points_and_competition_places_after_purchase_process(client, mocker):
     """
     Test the deduction of club points and competition places after a purchase.
@@ -246,3 +323,56 @@ def test_deduct_club_points_and_competition_places_after_purchase_process(client
     assert "Great - booking complete!" in response_text
     assert club["points"] == int(inital_club_points) - places_required
     assert competition["numberOfPlaces"] == int(initial_competition_places) - places_required
+
+
+def test_access_without_email_in_session(client, mocker):
+    """
+    Test that accessing a route without an email in the session raises an Unauthorized exception.
+
+    :param client: The Flask test client.
+    :type client: flask.testing.FlaskClient
+    :param mocker: The mock object.
+    :type mocker: pytest_mock.MockerFixture
+    :return: None
+    """
+    clubs = mocker.patch("server.clubs", sample_clubs()["clubs"])
+    competitions = mocker.patch("server.competitions", sample_competitions()["competitions"])
+    places_required = 2
+
+    # No email set in session
+    with client.session_transaction() as session:
+        session["email"] = None
+
+    response = client.post(
+        "/purchase_places", data={"competition": competitions[0]["name"], "club": clubs[0]["name"], "places": places_required}, follow_redirects=True
+    )
+
+    # Check for Unauthorized exception
+    assert response.status_code == 401
+    assert b"You must be connected." in response.data
+
+
+def test_update_booking_insufficient_points(client, mocker):
+    """
+    Test the update of a booking when the club has insufficient points.
+
+    This test verifies that the booking is not updated if the club does not
+    have enough points to book the required places.
+
+    :return: None
+    """
+    clubs = mocker.patch("server.clubs", sample_clubs()["clubs"])
+    competitions = mocker.patch("server.competitions", sample_competitions()["competitions"])
+    places_required = 14
+
+    with client.session_transaction() as session:
+        session["email"] = clubs[0]["email"]
+
+    response = client.post(
+        "/purchase_places", data={"competition": competitions[0]["name"], "club": clubs[0]["name"], "places": places_required}, follow_redirects=True
+    )
+
+    assert response.status_code == 400
+    assert int(competitions[0]["clubBookings"][clubs[0]["name"]]) == 0
+    assert int(clubs[0]["points"]) == 13
+    assert int(competitions[0]["numberOfPlaces"]) == 25