From 76113337e08f8c169acf91bafd8d52052493fea8 Mon Sep 17 00:00:00 2001
From: Andreas <mail@devmount.de>
Date: Fri, 20 Dec 2024 12:58:37 +0100
Subject: [PATCH] Check for slot status before confirming or rejecting a
 booking request (#798)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🔨 Check for slot status before confirming or rejecting a booking request

* 🔨 Extend tests

* 🔨 Remove useless code
---
 backend/src/appointment/routes/schedule.py |  1 +
 backend/test/integration/test_schedule.py  | 24 ++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/backend/src/appointment/routes/schedule.py b/backend/src/appointment/routes/schedule.py
index f61298502..8e3baed88 100644
--- a/backend/src/appointment/routes/schedule.py
+++ b/backend/src/appointment/routes/schedule.py
@@ -467,6 +467,7 @@ def decide_on_schedule_availability_slot(
         not slot
         or not repo.schedule.has_slot(db, schedule.id, slot.id)
         or slot.booking_tkn != data.slot_token
+        or slot.booking_status != BookingStatus.requested
     ):
         raise validation.SlotNotFoundException()
 
diff --git a/backend/test/integration/test_schedule.py b/backend/test/integration/test_schedule.py
index 5bd77d4d9..08791aeb9 100644
--- a/backend/test/integration/test_schedule.py
+++ b/backend/test/integration/test_schedule.py
@@ -698,6 +698,7 @@ def test_fail_not_utc(self, with_client, mock_connector, setup_schedule):
                 headers=auth_headers,
             )
             assert response.status_code == 404, response.text
+
             data = response.json()
 
             assert data.get('detail', {}).get('id') == 'SLOT_NOT_FOUND'
@@ -726,6 +727,7 @@ def test_fail_slot_duration_mismatch(self, with_client, mock_connector, setup_sc
                 headers=auth_headers,
             )
             assert response.status_code == 404, response.text
+
             data = response.json()
 
             assert data.get('detail', {}).get('id') == 'SLOT_NOT_FOUND'
@@ -755,6 +757,7 @@ def test_fail_on_invalid_weekday(self, with_client, mock_connector, setup_schedu
                 headers=auth_headers,
             )
             assert response.status_code == 404, response.text
+
             data = response.json()
 
             assert data.get('detail', {}).get('id') == 'SLOT_NOT_FOUND'
@@ -783,6 +786,7 @@ def test_fail_on_before_time_range(self, with_client, mock_connector, setup_sche
                 headers=auth_headers,
             )
             assert response.status_code == 404, response.text
+
             data = response.json()
 
             assert data.get('detail', {}).get('id') == 'SLOT_NOT_FOUND'
@@ -811,6 +815,7 @@ def test_fail_on_after_time_range(self, with_client, mock_connector, setup_sched
                 headers=auth_headers,
             )
             assert response.status_code == 404, response.text
+
             data = response.json()
 
             assert data.get('detail', {}).get('id') == 'SLOT_NOT_FOUND'
@@ -893,6 +898,16 @@ def test_confirm(
             assert slot.booking_status == models.BookingStatus.booked
             assert appointment.status == models.AppointmentStatus.closed
 
+        # Now try to confirm the same event again
+        response = with_client.put(
+            '/schedule/public/availability/booking',
+            json=availability,
+            headers=auth_headers,
+        )
+
+        assert response.status_code == 404, response.text
+
+
     def test_deny(
         self,
         with_db,
@@ -959,3 +974,12 @@ def test_deny(
 
             assert slot is None
             assert appointment is None
+
+        # Now try to deny the same event again
+        response = with_client.put(
+            '/schedule/public/availability/booking',
+            json=availability,
+            headers=auth_headers,
+        )
+
+        assert response.status_code == 404, response.text