allow challenge leader/owner to view/join/modify challenge in private group they've left - fixes #9753 (#10606)

* rename hasAccess to canJoin for challenges This is so the function won't be used accidentally for other purposes, since hasAccess could be misinterpretted. * add isLeader function for challenges * allow challenge leader to join/modify/end challenge when they're not in the private group it's in * delete duplicate test * clarify title of existing tests * add tests and adjust existing tests to reduce privileges of test users * fix lint errors * remove pointless isLeader check (it's checked in canJoin)
2025-12-14 21:27:23 +01:00 · 2018-09-09 19:53:59 +10:00
parent 67538a368e
commit eb2d320d1f
6 changed files with 115 additions and 49 deletions
--- a/website/server/controllers/api-v3/challenges.js
+++ b/website/server/controllers/api-v3/challenges.js
@@ -251,7 +251,7 @@ api.joinChallenge = {
    if (challenge.isMember(user)) throw new NotAuthorized(res.t('userAlreadyInChallenge'));

    let group = await Group.getGroup({user, groupId: challenge.group, fields: basicGroupFields, optionalMembership: true});
-    if (!group || !challenge.hasAccess(user, group)) throw new NotFound(res.t('challengeNotFound'));
+    if (!group || !challenge.canJoin(user, group)) throw new NotFound(res.t('challengeNotFound'));

    challenge.memberCount += 1;