Do not allow an invoice to be created for a deleted client

app/Http/Requests/Invoice/StoreInvoiceRequest.php

@@ -47,7 +47,7 @@ class StoreInvoiceRequest extends Request
             $rules['documents'] = 'file|mimes:png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:20000';
         }
 
-        $rules['client_id'] = 'bail|required|exists:clients,id,company_id,'.auth()->user()->company()->id;
+        $rules['client_id'] = 'bail|required|exists:clients,id,company_id,'.auth()->user()->company()->id.',is_deleted,0';
         // $rules['client_id'] = ['required', Rule::exists('clients')->where('company_id', auth()->user()->company()->id)];
 
         $rules['invitations.*.client_contact_id'] = 'distinct';

tests/Feature/ClientDeletedInvoiceCreationTest.php

@@ -0,0 +1,78 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://opensource.org/licenses/AAL
+ */
+namespace Tests\Feature;
+
+use App\Models\Client;
+use App\Models\ClientContact;
+use App\Models\Invoice;
+use App\Utils\Traits\MakesHash;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+use Illuminate\Support\Facades\Session;
+use Tests\MockAccountData;
+use Tests\TestCase;
+
+/**
+ * @test
+ * @covers App\Http\Controllers\InvoiceController
+ */
+class ClientDeletedInvoiceCreationTest extends TestCase
+{
+    use MakesHash;
+    use DatabaseTransactions;
+    use MockAccountData;
+
+    public function setUp() :void
+    {
+        parent::setUp();
+
+        Session::start();
+
+        $this->faker = \Faker\Factory::create();
+
+        Model::reguard();
+
+        $this->makeTestData();
+    }
+
+    public function testClientedDeletedAttemptingToCreateInvoice()
+    {
+                /* Test fire new invoice */
+        $data = [
+            'client_id' => $this->client->hashed_id,
+            'number' => 'dude',
+        ];
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/invoices/', $data)
+        ->assertStatus(200);
+
+        $this->client->is_deleted = true;
+        $this->client->save();
+
+
+        $data = [
+            'client_id' => $this->client->hashed_id,
+            'number' => 'dude2',
+        ];
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/invoices/', $data)
+        ->assertStatus(302);
+
+
+    }
+
+}

tests/Feature/InvoiceTest.php

@@ -220,4 +220,19 @@ class InvoiceTest extends TestCase
             ])->put('/api/v1/invoices/'.$arr['data']['id'], $data)
             ->assertStatus(200);
     }
+
+    public function testClientedDeletedAttemptingToCreateInvoice()
+    {
+                /* Test fire new invoice */
+        $data = [
+            'client_id' => $this->client->hashed_id,
+            'number' => 'dude',
+        ];
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/invoices/', $data)
+        ->assertStatus(200);
+    }
 }