order forbidden when deadline is passed

la_chariotte/order/templates/order/grouped_order_detail.html

@@ -36,7 +36,18 @@
   </div>
 
   <div class="box">
-    {% if grouped_order.item_set.first %}
+    {% if not grouped_order.is_to_be_delivered %}
+    <p>
+      <strong>Cette commande groupée est terminée</strong>, la livraison a eu lieu le {{ grouped_order.deadline }}.
+    </p>
+    {% elif not grouped_order.is_ongoing %}
+    <p>
+      <strong>La période de commande est terminée</strong> depuis le {{ grouped_order.deadline }}. 
+      Si vous aviez commandé, rendez-vous le {{ grouped_order.delivery_date }} pour récupérer vos produits !
+    </p>
+    {% elif not grouped_order.item_set.first %}
+    <p>Il n'y a pas de produits disponibles dans cette commande !</p>
+    {% else %}
     <p class="title">Commander</p>
     <form method="post" action="{% url 'order:order' grouped_order.id %}">
     <table class="table">
@@ -79,10 +90,7 @@
     <div class="buttons">
       <button type="submit" value="Order" class="button is-primary">Commander</button>
     </div>
-
   </form>
-  {% else %}
-  <p>Il n'y a pas de produits disponibles dans cette commande !</p>
   {% endif %}
   </div>
 {% endblock %}

la_chariotte/order/templates/order/grouped_order_overview.html

@@ -31,9 +31,20 @@
     <p class="title">Partager et imprimer</p>
     <div class="columns">
       <div class="column">
+        {% if not grouped_order.is_to_be_delivered %}
+        <p>
+          <strong>Cette commande groupée est terminée</strong>, la livraison a eu lieu le {{ grouped_order.deadline }}.
+        </p>
+        {% elif not grouped_order.is_ongoing %}
+        <p>
+          <strong>La période de commande est terminée</strong> depuis le {{ grouped_order.deadline }}.
+          Vous pouvez préparer la livraison, qui aura lieu le {{ grouped_order.delivery_date }} !
+        </p>
+        {% else %}
         <p>Pour partager cette commande, il vous suffit de copier ce lien et de l'envoyer à vos connaissances : </p>
         <input class="input custom-width" type="text" value={{ share_link }} id="shareLink" disabled>
         <button class="button is-info" onclick="copyLink()">Copier le lien</button>
+        {% endif %}
       </div>
       <div class="column">
         <p>Pour vous aider à distribuer les produits le jour J, vous pouvez imprimer la liste des commandes :</p>

la_chariotte/order/tests/test_views.py

@@ -336,6 +336,62 @@ class TestGroupedOrderDetailView:
             == "Veuillez commander au moins un produit"
         )
 
+    def test_deadline_passed(self, client, other_user):
+        """
+        If the deadline is passed, the user sees a message but cannot order
+        """
+        grouped_order = create_grouped_order(
+            days_before_delivery_date=5,
+            days_before_deadline=-1,
+            name="gr order test",
+            orga_user=other_user,
+        )
+        item = models.Item.objects.create(
+            name="test item 1", grouped_order=grouped_order, price=1
+        )
+        item2 = models.Item.objects.create(
+            name="test item 2", grouped_order=grouped_order, price=5
+        )
+        detail_url = reverse(
+            "order:grouped_order_detail",
+            kwargs={
+                "pk": grouped_order.pk,
+            },
+        )
+        response = client.get(detail_url)
+        assert response.status_code == 200
+        assert "test item" not in response.content.decode()
+        assert "gr order test" in response.content.decode()
+        assert "La période de commande est terminée" in response.content.decode()
+
+    def test_delivery_passed(self, client, other_user):
+        """
+        If the delivery date is passed, the user sees a message but cannot order
+        """
+        grouped_order = create_grouped_order(
+            days_before_delivery_date=-1,
+            days_before_deadline=-2,
+            name="gr order test",
+            orga_user=other_user,
+        )
+        item = models.Item.objects.create(
+            name="test item 1", grouped_order=grouped_order, price=1
+        )
+        item2 = models.Item.objects.create(
+            name="test item 2", grouped_order=grouped_order, price=5
+        )
+        detail_url = reverse(
+            "order:grouped_order_detail",
+            kwargs={
+                "pk": grouped_order.pk,
+            },
+        )
+        response = client.get(detail_url)
+        assert response.status_code == 200
+        assert "test item" not in response.content.decode()
+        assert "gr order test" in response.content.decode()
+        assert "Cette commande groupée est terminée" in response.content.decode()
+
 
 class TestGroupedOrderOverview:
     def test_get_overview(self, client_log):
@@ -432,6 +488,95 @@ class TestGroupedOrderOverview:
         response = client_log.get(orga_view_url)
         assert response.status_code == 403
 
+    def test_deadline_passed(self, client_log):
+        """
+        If the deadline is passed, the user sees a message but cannot share link
+        """
+        grouped_order = create_grouped_order(
+            days_before_delivery_date=5,
+            days_before_deadline=-1,
+            name="gr order test",
+            orga_user=auth.get_user(client_log),
+        )
+        item = models.Item.objects.create(
+            name="test item 1", grouped_order=grouped_order, price=1
+        )
+        item2 = models.Item.objects.create(
+            name="test item 2", grouped_order=grouped_order, price=5
+        )
+        orga_view_url = reverse(
+            "order:grouped_order_overview",
+            kwargs={
+                "pk": grouped_order.pk,
+            },
+        )
+        response = client_log.get(orga_view_url)
+        assert response.status_code == 200
+        assert "Pour partager cette commande" not in response.content.decode()
+        assert "gr order test" in response.content.decode()
+        assert "La période de commande est terminée" in response.content.decode()
+
+    def test_delivery_passed(self, client_log):
+        """
+        If the delivery date is passed, the user sees a message but cannot share link
+        """
+        grouped_order = create_grouped_order(
+            days_before_delivery_date=-1,
+            days_before_deadline=-2,
+            name="gr order test",
+            orga_user=auth.get_user(client_log),
+        )
+        item = models.Item.objects.create(
+            name="test item 1", grouped_order=grouped_order, price=1
+        )
+        item2 = models.Item.objects.create(
+            name="test item 2", grouped_order=grouped_order, price=5
+        )
+        orga_view_url = reverse(
+            "order:grouped_order_overview",
+            kwargs={
+                "pk": grouped_order.pk,
+            },
+        )
+        response = client_log.get(orga_view_url)
+        assert response.status_code == 200
+        assert "Pour partager cette commande" not in response.content.decode()
+        assert "gr order test" in response.content.decode()
+        assert "Cette commande groupée est terminée" in response.content.decode()
+
+
+class TestOrder:
+    def test_order_deadline_passed(self, client, other_user):
+        """A user orders when the deadline is passed. They get a 403 error"""
+        grouped_order = create_grouped_order(
+            days_before_delivery_date=5,
+            days_before_deadline=-1,
+            name="gr order test",
+            orga_user=other_user,
+        )
+        item = models.Item.objects.create(
+            name="test item 1", grouped_order=grouped_order, price=2
+        )
+
+        # some items are ordered
+        order_url = reverse(
+            "order:order",
+            kwargs={
+                "grouped_order_id": grouped_order.pk,
+            },
+        )
+        response = client.post(
+            order_url,
+            {
+                f"quantity_{item.pk}": 4,
+                "first_name": "Prénom",
+                "last_name": "Nom",
+                "phone": "0645632569",
+                "email": "test@mail.fr",
+            },
+        )
+        assert response.status_code == 403
+
 
 class TestGroupedOrderCreateView:
     def test_create_grouped_order(self, client_log):

la_chariotte/order/views.py

@@ -1,7 +1,7 @@
 from io import BytesIO
 
+from django import http
 from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
-from django.http import FileResponse, HttpResponse, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
 from django.template.loader import get_template
 from django.urls import reverse, reverse_lazy
@@ -144,6 +144,8 @@ class ItemCreateView(UserPassesTestMixin, generic.CreateView):
 def order(request, grouped_order_id):
     """Creates an AnonymousUser, and an Order for this GroupedOrder, with related OrderedItems"""
     grouped_order = get_object_or_404(GroupedOrder, pk=grouped_order_id)
+    if not grouped_order.is_ongoing():
+        return http.HttpResponseForbidden()
     # get a dict with (quantity_{{item_id}}:{{quantity}})
     orders_dict = {
         key: value for key, value in request.POST.items() if key.startswith("quantity")
@@ -176,10 +178,10 @@ def order(request, grouped_order_id):
         )
     else:
         order.compute_order_price()
-        # Always return an HttpResponseRedirect after successfully dealing
+        # Always return an http.HttpResponseRedirect after successfully dealing
         # with POST data. This prevents data from being posted twice if a
         # user hits the Back button.
-        return HttpResponseRedirect(
+        return http.HttpResponseRedirect(
             reverse("order:order_confirm", args=(grouped_order.pk, order.pk))
         )
 
@@ -234,4 +236,4 @@ class GroupedOrderSheetView(GroupedOrderOverview, GroupedOrderSheetMixin):
 
         result = BytesIO()
         pdf = pisa.pisaDocument(BytesIO(html.encode("UTF-8")), result)
-        return HttpResponse(result.getvalue(), content_type="application/pdf")
+        return http.HttpResponse(result.getvalue(), content_type="application/pdf")