Updated test syntax and added get user challenges tests

test/api/v3/integration/challenges/GET-challenges_group_groupid.test.js

@@ -30,15 +30,19 @@ describe('GET challenges/group/:groupId', () => {
     it('should return group challenges for non member', async () => {
       let challenges = await nonMember.get(`/challenges/groups/${publicGuild._id}`);
 
-      expect(_.findIndex(challenges, {_id: challenge._id})).to.be.above(-1);
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
-      expect(_.findIndex(challenges, {_id: challenge2._id})).to.be.above(-1);
+      expect(foundChallenge1).to.exist;
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
     });
 
     it('should return group challenges for member', async () => {
       let challenges = await user.get(`/challenges/groups/${publicGuild._id}`);
 
-      expect(_.findIndex(challenges, {_id: challenge._id})).to.be.above(-1);
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
-      expect(_.findIndex(challenges, {_id: challenge2._id})).to.be.above(-1);
+      expect(foundChallenge1).to.exist;
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
     });
   });
 
@@ -75,8 +79,10 @@ describe('GET challenges/group/:groupId', () => {
     it('should return group challenges for member', async () => {
       let challenges = await user.get(`/challenges/groups/${privateGuild._id}`);
 
-      expect(_.findIndex(challenges, {_id: challenge._id})).to.be.above(-1);
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
-      expect(_.findIndex(challenges, {_id: challenge2._id})).to.be.above(-1);
+      expect(foundChallenge1).to.exist;
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
     });
   });
 });

test/api/v3/integration/challenges/GET-challenges_user.test.js

@@ -0,0 +1,72 @@
+import {
+  generateUser,
+  generateChallenge,
+  createAndPopulateGroup,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('GET challenges/user', () => {
+  let user, member, nonMember, challenge, challenge2;
+
+  before(async () => {
+    let { group, groupLeader, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'TestGuild',
+        type: 'guild',
+        privacy: 'public',
+      },
+      members: 1,
+    });
+
+    user = groupLeader;
+
+    member = members[0];
+    nonMember = await generateUser();
+
+    challenge = await generateChallenge(user, group);
+    challenge2 = await generateChallenge(user, group);
+  });
+
+  it('should return challenges user has joined', async () => {
+    await nonMember.post(`/challenges/${challenge._id}/join`);
+
+    let challenges = await nonMember.get(`/challenges/user`);
+
+    let foundChallenge = _.find(challenges, { _id: challenge._id });
+    expect(foundChallenge).to.exist;
+  });
+
+  it('should return challenges user has created', async () => {
+    let challenges = await user.get(`/challenges/user`);
+
+    let foundChallenge1 = _.find(challenges, { _id: challenge._id });
+    expect(foundChallenge1).to.exist;
+    let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+    expect(foundChallenge2).to.exist;
+  });
+
+  it('should return challenges in user\'s group', async () => {
+    let challenges = await member.get(`/challenges/user`);
+
+    let foundChallenge1 = _.find(challenges, { _id: challenge._id });
+    expect(foundChallenge1).to.exist;
+    let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+    expect(foundChallenge2).to.exist;
+  });
+
+  it('should not return challenges user doesn\'t have access to', async () => {
+    let { group, groupLeader } = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'TestPrivateGuild',
+        type: 'guild',
+        privacy: 'private',
+      },
+    });
+
+    let privateChallenge = await generateChallenge(groupLeader, group);
+
+    let challenges = await nonMember.get(`/challenges/user`);
+
+    let foundChallenge = _.find(challenges, { _id: privateChallenge._id });
+    expect(foundChallenge).to.not.exist;
+  });
+});

website/src/controllers/api-v3/challenges.js

@@ -121,7 +121,8 @@ api.joinChallenge = {
     let challenge = await Challenge.findOne({ _id: req.params.challengeId });
     if (!challenge) throw new NotFound(res.t('challengeNotFound'));
 
-    if (!challenge.hasAccess(user)) throw new NotFound(res.t('challengeNotFound'));
+    let group = await Group.getGroup({user, groupId: challenge.groupId, fields: '_id type privacy', optionalMembership: true});
+    if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
 
     if (_.contains(user.challenges, challenge._id)) throw new NotAuthorized(res.t('userAlreadyInChallenge'));
 
@@ -172,16 +173,16 @@ api.leaveChallenge = {
 };
 
 /**
- * @api {get} /challenges Get challenges for a user
+ * @api {get} /challenges/user Get challenges for a user
  * @apiVersion 3.0.0
- * @apiName GetChallenges
+ * @apiName GetUserChallenges
  * @apiGroup Challenge
  *
  * @apiSuccess {Array} challenges An array of challenges
  */
-api.getChallenges = {
+api.getUserChallenges = {
   method: 'GET',
-  url: '/challenges',
+  url: '/challenges/user',
   middlewares: [authWithHeaders(), cron],
   async handler (req, res) {
     let user = res.locals.user;