fix: prevent clubs from redeeming more points than available

Aurelien7777 · Aurelien7777 · commit 6c9f55c90ac9 · 2026-04-30T10:15:03.000+02:00
diff --git a/pytest.ini b/pytest.ini
@@ -0,0 +1,3 @@
+[pytest]
+filterwarnings =
+    ignore::DeprecationWarning
diff --git a/server.py b/server.py
@@ -46,9 +46,15 @@ def purchasePlaces():
     competition = [c for c in competitions if c['name'] == request.form['competition']][0]
     club = [c for c in clubs if c['name'] == request.form['club']][0]
     placesRequired = int(request.form['places'])
-    competition['numberOfPlaces'] = int(competition['numberOfPlaces'])-placesRequired
-    flash('Great-booking complete!')
-    return render_template('welcome.html', club=club, competitions=competitions)
+    
+    point_club = int(club['points'])
+    if point_club < placesRequired:
+        flash('You are not authorized to book this number of places!')
+        return render_template('welcome.html', club=club, competitions=competitions)
+    else:
+        flash('Great-booking complete!')
+        competition['numberOfPlaces'] = int(competition['numberOfPlaces'])-placesRequired
+        return render_template('welcome.html', club=club, competitions=competitions)
 
 
 # TODO: Add route for points display
diff --git a/templates/welcome.html b/templates/welcome.html
@@ -5,7 +5,8 @@
     <title>Summary | GUDLFT Registration</title>
 </head>
 <body>
-        <h2>Welcome, {{club['email']}} </h2><a href="{{url_for('logout')}}">Logout</a>
+        <h2>Welcome, {{club['email']}} 
+        </h2><a href="{{url_for('logout')}}">Logout</a>
 
     {% with messages = get_flashed_messages()%}
     {% if messages %}
@@ -15,7 +16,9 @@ <h2>Welcome, {{club['email']}} </h2><a href="{{url_for('logout')}}">Logout</a>
         {% endfor %}
        </ul>
     {% endif%}
+
     Points available: {{club['points']}}
+
     <h3>Competitions:</h3>
     <ul>
         {% for comp in competitions%}
diff --git a/test/test_server.py b/test/test_server.py
@@ -0,0 +1,42 @@
+def test_show_summary_with_valid_email(client):
+    response = client.post("/showSummary", data={
+        "email": "admin@irontemple.com"
+    })
+
+    assert response.status_code == 200
+    assert b"Welcome" in response.data
+
+def test_show_summary_with_unknown_email(client):
+    response = client.post("/showSummary", data={
+        "email": "unknown@test.com"
+    }, follow_redirects=True)
+
+    assert response.status_code == 200
+    assert b"Sorry, that email was not found" in response.data
+    
+
+
+
+def test_purchase_places_with_valid_number_of_places(client):
+    response = client.post("/purchasePlaces", data={
+        "competition": "Spring Festival",
+        "club": "Iron Temple",
+        "places": "2"
+    }, follow_redirects=True)
+    
+    assert response.status_code == 200
+    assert b"Great-booking complete!" in response.data
+    
+def test_purchase_places_with_too_many_places(client):
+    response = client.post("/purchasePlaces", data={
+        "competition": "Spring Festival",
+        "club": "Iron Temple",
+        "places": "5", 
+    })
+    
+    assert response.status_code == 200
+    assert b"You are not authorized to book this number of places" in response.data
+    
+
+
+

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[pytest]`
	`2`	`+filterwarnings =`
	`3`	`+ ignore::DeprecationWarning`