krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(challenge): don't pierce privacy on GET/:id

Browse Source
This commit is contained in:
SabreCat
2023-08-15 15:21:28 -05:00
parent 8f64afe9df
commit 1ea954ab10
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
website/server/models/challenge.js
View File

@@ -93,6 +93,7 @@ schema.methods.canModify = function canModifyChallenge (user) {
schema.methods.canJoin = function canJoinChallenge (user, group) {
// for when leader has left private group that contains the challenge
if (this.isLeader(user)) return true;
if (!group) return false;
if (group.type === 'guild' && group.privacy === 'public') {
return group._id === TAVERN_ID;
}