From abbca58b4d9260b7a4991931376801d3cd5fdc03 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Thu, 6 Jan 2022 13:31:44 +1100
Subject: [PATCH] Do not allow an invoice to be created for a deleted client

---
 .../Requests/Invoice/StoreInvoiceRequest.php  |  2 +-
 .../ClientDeletedInvoiceCreationTest.php      | 78 +++++++++++++++++++
 tests/Feature/InvoiceTest.php                 | 15 ++++
 3 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 tests/Feature/ClientDeletedInvoiceCreationTest.php

diff --git a/app/Http/Requests/Invoice/StoreInvoiceRequest.php b/app/Http/Requests/Invoice/StoreInvoiceRequest.php
index b0fe7266fd8a..527c108cdbdd 100644
--- a/app/Http/Requests/Invoice/StoreInvoiceRequest.php
+++ b/app/Http/Requests/Invoice/StoreInvoiceRequest.php
@@ -47,7 +47,7 @@ class StoreInvoiceRequest extends Request
             $rules['documents'] = 'file|mimes:png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:20000';
         }
 
-        $rules['client_id'] = 'bail|required|exists:clients,id,company_id,'.auth()->user()->company()->id;
+        $rules['client_id'] = 'bail|required|exists:clients,id,company_id,'.auth()->user()->company()->id.',is_deleted,0';
         // $rules['client_id'] = ['required', Rule::exists('clients')->where('company_id', auth()->user()->company()->id)];
 
         $rules['invitations.*.client_contact_id'] = 'distinct';
diff --git a/tests/Feature/ClientDeletedInvoiceCreationTest.php b/tests/Feature/ClientDeletedInvoiceCreationTest.php
new file mode 100644
index 000000000000..09429203658b
--- /dev/null
+++ b/tests/Feature/ClientDeletedInvoiceCreationTest.php
@@ -0,0 +1,78 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://opensource.org/licenses/AAL
+ */
+namespace Tests\Feature;
+
+use App\Models\Client;
+use App\Models\ClientContact;
+use App\Models\Invoice;
+use App\Utils\Traits\MakesHash;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+use Illuminate\Support\Facades\Session;
+use Tests\MockAccountData;
+use Tests\TestCase;
+
+/**
+ * @test
+ * @covers App\Http\Controllers\InvoiceController
+ */
+class ClientDeletedInvoiceCreationTest extends TestCase
+{
+    use MakesHash;
+    use DatabaseTransactions;
+    use MockAccountData;
+
+    public function setUp() :void
+    {
+        parent::setUp();
+
+        Session::start();
+
+        $this->faker = \Faker\Factory::create();
+
+        Model::reguard();
+
+        $this->makeTestData();
+    }
+
+    public function testClientedDeletedAttemptingToCreateInvoice()
+    {
+                /* Test fire new invoice */
+        $data = [
+            'client_id' => $this->client->hashed_id,
+            'number' => 'dude',
+        ];
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/invoices/', $data)
+        ->assertStatus(200);
+
+        $this->client->is_deleted = true;
+        $this->client->save();
+
+
+        $data = [
+            'client_id' => $this->client->hashed_id,
+            'number' => 'dude2',
+        ];
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/invoices/', $data)
+        ->assertStatus(302);
+
+
+    }
+
+}
diff --git a/tests/Feature/InvoiceTest.php b/tests/Feature/InvoiceTest.php
index 68341e10b631..87d37188f2f1 100644
--- a/tests/Feature/InvoiceTest.php
+++ b/tests/Feature/InvoiceTest.php
@@ -220,4 +220,19 @@ class InvoiceTest extends TestCase
             ])->put('/api/v1/invoices/'.$arr['data']['id'], $data)
             ->assertStatus(200);
     }
+
+    public function testClientedDeletedAttemptingToCreateInvoice()
+    {
+                /* Test fire new invoice */
+        $data = [
+            'client_id' => $this->client->hashed_id,
+            'number' => 'dude',
+        ];
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/invoices/', $data)
+        ->assertStatus(200);
+    }
 }