feat: add team invite code retrieval endpoint (#220)

* feat: add team invite code retrieval endpoint

- Introduced TeamInviteCodeView to allow team creators or POCs to retrieve the invite code for their teams.
- Updated urls.py to include a new route for accessing the invite code.
- This feature enhances team management by providing authorized users with easy access to invite codes.

* refactor: improve code readability in team views and URLs

- Reformatted import statements in `urls.py` for better organization and clarity.
- Enhanced the response formatting in `TeamInviteCodeView` to improve readability and maintain consistency in the API response structure.

These changes contribute to cleaner code and improved maintainability.

---------

Co-authored-by: Amit Prakash <[email protected]>

Author: amit-flx

todo/urls.py

@@ -5,7 +5,13 @@
 from todo.views.auth import GoogleLoginView, GoogleCallbackView, LogoutView
 from todo.views.role import RoleListView, RoleDetailView
 from todo.views.label import LabelListView
-from todo.views.team import TeamListView, TeamDetailView, JoinTeamByInviteCodeView, AddTeamMembersView
+from todo.views.team import (
+    TeamListView,
+    TeamDetailView,
+    JoinTeamByInviteCodeView,
+    AddTeamMembersView,
+    TeamInviteCodeView,
+)
 from todo.views.watchlist import WatchlistListView, WatchlistDetailView, WatchlistCheckView
 from todo.views.task_assignment import TaskAssignmentView, TaskAssignmentDetailView
 from todo.views.task import AssignTaskToUserView
@@ -15,6 +21,7 @@
     path("teams/join-by-invite", JoinTeamByInviteCodeView.as_view(), name="join_team_by_invite"),
     path("teams/<str:team_id>", TeamDetailView.as_view(), name="team_detail"),
     path("teams/<str:team_id>/members", AddTeamMembersView.as_view(), name="add_team_members"),
+    path("teams/<str:team_id>/invite-code", TeamInviteCodeView.as_view(), name="team_invite_code"),
     path("tasks", TaskListView.as_view(), name="tasks"),
     path("tasks/<str:task_id>", TaskDetailView.as_view(), name="task_detail"),
     path("tasks/<str:task_id>/update", TaskUpdateView.as_view(), name="update_task_and_assignee"),

todo/views/team.py

@@ -18,6 +18,7 @@
 from drf_spectacular.types import OpenApiTypes
 from todo.dto.team_dto import TeamDTO
 from todo.services.user_service import UserService
+from todo.repositories.team_repository import TeamRepository
 
 
 class TeamListView(APIView):
@@ -327,3 +328,42 @@ def _handle_validation_errors(self, errors):
             errors=[{"detail": str(error)} for error in errors.values()],
         )
         return Response(data=error_response.model_dump(mode="json"), status=400)
+
+
+class TeamInviteCodeView(APIView):
+    @extend_schema(
+        operation_id="get_team_invite_code",
+        summary="Get team invite code (creator or POC only)",
+        description="Return the invite code for a team if the requesting user is the creator or POC of the team.",
+        tags=["teams"],
+        parameters=[
+            OpenApiParameter(
+                name="team_id",
+                type=OpenApiTypes.STR,
+                location=OpenApiParameter.PATH,
+                description="Unique identifier of the team",
+                required=True,
+            ),
+        ],
+        responses={
+            200: OpenApiResponse(description="Invite code returned successfully"),
+            403: OpenApiResponse(description="Forbidden - not creator or POC"),
+            404: OpenApiResponse(description="Team not found"),
+        },
+    )
+    def get(self, request: Request, team_id: str):
+        """
+        Return the invite code for a team if the requesting user is the creator or POC of the team.
+        """
+        user_id = request.user_id
+        team = TeamRepository.get_by_id(team_id)
+        if not team:
+            return Response({"detail": "Team not found."}, status=status.HTTP_404_NOT_FOUND)
+        is_creator = str(team.created_by) == str(user_id)
+        is_poc = str(team.poc_id) == str(user_id)
+        if is_creator or is_poc:
+            return Response({"invite_code": team.invite_code}, status=status.HTTP_200_OK)
+        return Response(
+            {"detail": "You are not authorized to view the invite code for this team."},
+            status=status.HTTP_403_FORBIDDEN,
+        )