fix the member not found check

app/constants/categories.py

@@ -1,4 +1,4 @@
-CATEGORIES = [
+HEAD_CATEGORIES = [
     {"name": "Groceries", "icon": "🛒", "budget": 0, "spent": 0, "remaining": 0},
     {"name": "Food", "icon": "🍽", "budget": 0, "spent": 0, "remaining": 0},
     {"name": "Transport", "icon": "🚌", "budget": 0, "spent": 0, "remaining": 0},
@@ -11,4 +11,13 @@ CATEGORIES = [
     {"name": "Insurance", "icon": "🛡", "budget": 0, "spent": 0, "remaining": 0},
 ]
 
+MEMBER_CATEGORIES = [
+    {"name": "Food", "icon": "🍽", "budget": 0, "spent": 0, "remaining": 0},
+    {"name": "Transport", "icon": "🚌", "budget": 0, "spent": 0, "remaining": 0},
+    {"name": "Entertainment", "icon": "🎉", "budget": 0, "spent": 0, "remaining": 0},
+    {"name": "Education", "icon": "📚", "budget": 0, "spent": 0, "remaining": 0},
+    {"name": "Gifts", "icon": "🎁", "budget": 0, "spent": 0, "remaining": 0},
+    {"name": "Rent", "icon": "🏠", "budget": 0, "spent": 0, "remaining": 0},
+
+]
 

app/routers/categorybudget.py

@@ -7,10 +7,12 @@ from app.db.categories_budget import CategoryBudget   # <-- import
 from app.deps.deps import get_current_user
 from app.schemas.schemas import UpdateCategoryBudgetRequest  # <-- import
 from app.db.models_family import Family, FamilyMember
-
+from app.utils.member_utils import get_or_assign_member
+from app.constants.categories import HEAD_CATEGORIES, MEMBER_CATEGORIES
 router = APIRouter(prefix="/categories", tags=["categories"])
 
 
+@router.post("/update-budget")
 @router.post("/update-budget")
 def update_category_budget(
     payload: UpdateCategoryBudgetRequest,
@@ -23,24 +25,39 @@ def update_category_budget(
     if current_user.role == "head":
         scope = "family"
         owner_id = None
+        allowed_categories = [c["name"] for c in HEAD_CATEGORIES]
 
     elif current_user.role == "member":
-        fm = db.query(FamilyMember).filter(
-            FamilyMember.family_code == family_code,
-            FamilyMember.user_id == current_user.id
-        ).first()
-
-        if not fm:
-            raise HTTPException(400, "Member record not found")
+        # 🔥 auto-link or fetch member slot
+        fm = get_or_assign_member(
+            db=db,
+            family_code=family_code,
+            user_id=current_user.id
+        )
 
         scope = "member"
         owner_id = fm.id
+        allowed_categories = [c["name"] for c in MEMBER_CATEGORIES]
 
     else:
         raise HTTPException(403, "Invalid role")
 
     # ---------------- UPDATE BUDGETS ----------------
     for item in payload.budgets:
+
+        # 🔒 category-level security
+        if item.category not in allowed_categories:
+            raise HTTPException(
+                status_code=400,
+                detail=f"Category '{item.category}' not allowed for this role"
+            )
+
+        if item.budget < 0:
+            raise HTTPException(
+                status_code=400,
+                detail="Budget must be >= 0"
+            )
+
         row = db.query(CategoryBudget).filter(
             CategoryBudget.family_code == family_code,
             CategoryBudget.category_name == item.category,

app/routers/expense.py

@@ -9,33 +9,12 @@ from app.db.models_expenses import ExpenseDB
 from app.deps.deps import get_current_user
 from app.schemas.schemas import AddExpenseRequest
 from app.db.categories_budget import CategoryBudget
+from app.utils.member_utils import get_or_assign_member
+from app.constants.categories import HEAD_CATEGORIES, MEMBER_CATEGORIES
 # from app.constants import CATEGORIES 
 
 router = APIRouter(prefix="/expense", tags=["expense"])
 
-HEAD_CATEGORIES = [
-    {"name": "Groceries", "icon": "🛒", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Food", "icon": "🍽", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Transport", "icon": "🚌", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Health", "icon": "💊", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Gifts", "icon": "🎁", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Rent", "icon": "🏠", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Utilities", "icon": "⚡", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Entertainment", "icon": "🎉", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Education", "icon": "📚", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Insurance", "icon": "🛡", "budget": 0, "spent": 0, "remaining": 0},
-]
-
-MEMBER_CATEGORIES = [
-    {"name": "Food", "icon": "🍽", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Transport", "icon": "🚌", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Entertainment", "icon": "🎉", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Education", "icon": "📚", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Gifts", "icon": "🎁", "budget": 0, "spent": 0, "remaining": 0},
-    {"name": "Rent", "icon": "🏠", "budget": 0, "spent": 0, "remaining": 0},
-
-]
-
 
 @router.get("/categories")
 def get_categories(
@@ -46,13 +25,12 @@ def get_categories(
 
     # ---------------- ROLE CHECK ----------------
     if current_user.role == "member":
-        fm = db.query(FamilyMember).filter(
-            FamilyMember.family_code == family_code,
-            FamilyMember.user_id == current_user.id
-        ).first()
-
-        if not fm:
-            raise HTTPException(400, "Member record not found")
+        # 🔥 Auto-assign or fetch member slot
+        fm = get_or_assign_member(
+            db=db,
+            family_code=family_code,
+            user_id=current_user.id
+        )
 
         scope = "member"
         owner_id = fm.id
@@ -70,7 +48,6 @@ def get_categories(
         CategoryBudget.owner_id == owner_id
     ).all()
 
-    # Safe lookup
     db_map = {row.category_name: row for row in rows}
 
     # ---------------- BUILD RESPONSE ----------------
@@ -81,6 +58,7 @@ def get_categories(
         icon = cat["icon"]
 
         row = db_map.get(name)
+
         budget = row.budget if row else 0
         spent = row.spent if row else 0
 
@@ -98,6 +76,7 @@ def get_categories(
         "categories": result
     }
 
+
 @router.post("/add")
 def add_expense(
     payload: AddExpenseRequest,
@@ -117,7 +96,7 @@ def add_expense(
         allowed_categories = [c["name"] for c in MEMBER_CATEGORIES]
     else:
         allowed_categories = [c["name"] for c in HEAD_CATEGORIES]
-    
+
     if payload.category not in allowed_categories:
         raise HTTPException(400, "Invalid category")
 
@@ -130,13 +109,12 @@ def add_expense(
 
     # ---------------- MEMBER ----------------
     if current_user.role == "member":
-        fm = db.query(FamilyMember).filter(
-            FamilyMember.family_code == family.family_code,
-            FamilyMember.user_id == current_user.id
-        ).first()
-
-        if not fm:
-            raise HTTPException(400, "Member record not found")
+        # 🔥 Auto-link or fetch member slot
+        fm = get_or_assign_member(
+            db=db,
+            family_code=family.family_code,
+            user_id=current_user.id
+        )
 
         member_id = fm.id
         scope = "member"
@@ -155,6 +133,7 @@ def add_expense(
 
             member_id = chosen.id
         # scope stays "family"
+        # owner_id stays None
 
     # ---------------- CREATE EXPENSE ----------------
     exp = ExpenseDB(
@@ -203,7 +182,6 @@ def add_expense(
         }
     }
 
-
 @router.get("/list")
 def list_expenses(
     current_user: UserDB = Depends(get_current_user),

app/utils/member_utils.py

@@ -0,0 +1,29 @@
+from fastapi import HTTPException
+from sqlalchemy.orm import Session
+
+from app.models.family_member import FamilyMember
+
+
+def get_or_assign_member(db: Session, family_code: str, user_id: int) -> FamilyMember:
+    # Try already linked member
+    fm = db.query(FamilyMember).filter(
+        FamilyMember.family_code == family_code,
+        FamilyMember.user_id == user_id
+    ).first()
+
+    if fm:
+        return fm
+
+    # Assign to empty member slot
+    fm = db.query(FamilyMember).filter(
+        FamilyMember.family_code == family_code,
+        FamilyMember.user_id.is_(None)
+    ).first()
+
+    if not fm:
+        raise HTTPException(400, "No available member slot")
+
+    fm.user_id = user_id
+    db.commit()
+    db.refresh(fm)
+    return fm