krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 23:27:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

improve access control for challenges

Browse Source
This commit is contained in:
Matteo Pagliazzi
2016-01-24 12:52:59 +01:00
parent 198d2e6ab5
commit 59f5a80af7
3 changed files with 25 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/src/controllers/api-v3/challenges.js
View File

@@ -192,7 +192,7 @@ api.getChallenge = {
let challenge = await Challenge.findById(challengeId).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
let group = await Group.getGroup({user, groupId: challenge.groupId, fields: '_id type privacy'});
let group = await Group.getGroup({user, groupId: challenge.groupId, fields: '_id type privacy', optionalMembership: true});
if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
res.respond(200, challenge);