From ef5a99f4812f957aebb7b9da05c73410be880f4b Mon Sep 17 00:00:00 2001
From: AlexTraveylan <monsieurdemares@gmail.com>
Date: Sun, 11 Aug 2024 22:58:54 +0200
Subject: [PATCH] fix un bug qui permettait d'outrepasser l'abonnement pour le
 nombre de membres

---
 tasks_api/invitation/invitation_api.py        | 48 +++++++++++++++----
 .../tests/integration/test_invitation.py      | 43 +++++++++++++++++
 2 files changed, 83 insertions(+), 8 deletions(-)

diff --git a/tasks_api/invitation/invitation_api.py b/tasks_api/invitation/invitation_api.py
index 7a2c4a4..d97725c 100644
--- a/tasks_api/invitation/invitation_api.py
+++ b/tasks_api/invitation/invitation_api.py
@@ -38,14 +38,30 @@ def create_invitation(request: CustomRequest):
     """Create an invitation."""
 
     family_members = request.member.family.members.all()
-    if (
-        len(family_members)
-        >= SUBSCRIPTION_PLANS_RESTRICTIONS[request.subcription_plan]["max_members"]
-    ):
+
+    members_could_join = (
+        SUBSCRIPTION_PLANS_RESTRICTIONS[request.subcription_plan]["max_members"]
+        - family_members.count()
+    )
+
+    if members_could_join <= 0:
         return JsonResponse(
             {"message": "You have reached the maximum number of members."}, status=403
         )
 
+    current_valid_invitations = Invitation.objects.filter(
+        family=request.member.family, expired_at__gt=timezone.now(), is_used=False
+    )
+
+    possible_in_use_invitations = current_valid_invitations.count()
+    max_current_invitations = members_could_join - possible_in_use_invitations
+
+    if max_current_invitations <= 0:
+        return JsonResponse(
+            {"message": "You have reached the maximum number of invitations."},
+            status=403,
+        )
+
     new_code = create_random_invitation_code()
     expire_date_one_week = timezone.now() + timezone.timedelta(days=7)
 
@@ -64,14 +80,30 @@ def create_invitation_with_email(
     """Create an invitation with email."""
 
     family_members = request.member.family.members.all()
-    if (
-        len(family_members)
-        >= SUBSCRIPTION_PLANS_RESTRICTIONS[request.subcription_plan]["max_members"]
-    ):
+
+    members_could_join = (
+        SUBSCRIPTION_PLANS_RESTRICTIONS[request.subcription_plan]["max_members"]
+        - family_members.count()
+    )
+
+    if members_could_join <= 0:
         return JsonResponse(
             {"message": "You have reached the maximum number of members."}, status=403
         )
 
+    current_valid_invitations = Invitation.objects.filter(
+        family=request.member.family, expired_at__gt=timezone.now(), is_used=False
+    )
+
+    possible_in_use_invitations = current_valid_invitations.count()
+    max_current_invitations = members_could_join - possible_in_use_invitations
+
+    if max_current_invitations <= 0:
+        return JsonResponse(
+            {"message": "You have reached the maximum number of invitations."},
+            status=403,
+        )
+
     new_code = create_random_invitation_code()
     expire_date_one_week = timezone.now() + timezone.timedelta(days=7)
 
diff --git a/tasks_api/tests/integration/test_invitation.py b/tasks_api/tests/integration/test_invitation.py
index 5add31c..2082b77 100644
--- a/tasks_api/tests/integration/test_invitation.py
+++ b/tasks_api/tests/integration/test_invitation.py
@@ -3,6 +3,7 @@
 import pytest
 from django.utils import timezone
 
+from tasks_api.family_settings.models import FamilySettings
 from tasks_api.invitation.models import Invitation
 from tasks_api.tests.factories import InvitationFactory
 
@@ -108,3 +109,45 @@ def test_clean_invitations(client, data_test):
     assert should_not_be_deleted_cause_used in invitations
     assert should_not_be_deleted_cause_not_family in invitations
     assert should_be_deleted_cause_perimed not in invitations
+
+
+@pytest.mark.django_db
+def test_create_invitation_with_max_invitations(client, data_test):
+    """Test the deletion of expired and unused invitations."""
+
+    # Given a family with 1 member and 1 invitation active with FREE plan (max_members = 2)
+    InvitationFactory(
+        family=data_test.family,
+        is_used=False,
+        expired_at=timezone.now() + timezone.timedelta(days=1),
+    )
+
+    # When I try to create a new invitation
+    headers = {"Authorization": f"Bearer {data_test.token.to_jwt_token()}"}
+    response = client.get("/api/invitation/", headers=headers)
+
+    # Then I should get a 403 error cause he can use the still active invitation
+    assert response.status_code == 403
+
+
+@pytest.mark.django_db
+def test_create_invitation_but_now_with_basic_plan(client, data_test):
+    """Test the deletion of expired and unused invitations."""
+
+    # Given a family with 1 member and 1 invitation active with BASIC plan (max_members = 3)
+    settings = FamilySettings.objects.filter(family=data_test.family).first()
+    settings.subscription_plan = "BASIC"
+    settings.save()
+
+    InvitationFactory(
+        family=data_test.family,
+        is_used=False,
+        expired_at=timezone.now() + timezone.timedelta(days=1),
+    )
+
+    # When I try to create a new invitation
+    headers = {"Authorization": f"Bearer {data_test.token.to_jwt_token()}"}
+    response = client.get("/api/invitation/", headers=headers)
+
+    # Then I should get a 201 response, because he can have a 3rd member
+    assert response.status_code == 201