krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow challenge leader/owner to view/join/modify challenge in private group they've left - fixes #9753 (#10606)

Browse Source 
* rename hasAccess to canJoin for challenges

This is so the function won't be used accidentally for other
purposes, since hasAccess could be misinterpretted.

* add isLeader function for challenges

* allow challenge leader to join/modify/end challenge when they're not in the private group it's in

* delete duplicate test

* clarify title of existing tests

* add tests and adjust existing tests to reduce privileges of test users

* fix lint errors

* remove pointless isLeader check (it's checked in canJoin)
This commit is contained in:
Alys
2018-09-09 19:53:59 +10:00
committed by Matteo Pagliazzi
parent 67538a368e
commit eb2d320d1f
6 changed files with 115 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
website/server/models/challenge.js
View File

@@ -66,6 +66,11 @@ schema.statics.sanitizeUpdate = function sanitizeUpdate (updateObj) {
return this.sanitize(updateObj, noUpdate);
};
// Returns true if user is the leader/owner of the challenge
schema.methods.isLeader = function isChallengeLeader (user) {
return this.leader === user._id;
};
// Returns true if user is a member of the challenge
schema.methods.isMember = function isChallengeMember (user) {
return user.challenges.indexOf(this._id) !== -1;
@@ -73,20 +78,21 @@ schema.methods.isMember = function isChallengeMember (user) {
// Returns true if the user can modify (close, selectWinner, ...) the challenge
schema.methods.canModify = function canModifyChallenge (user) {
return user.contributor.admin || this.leader === user._id;
return user.contributor.admin || this.isLeader(user);
};
// Returns true if user has access to the challenge (can join)
schema.methods.hasAccess = function hasAccessToChallenge (user, group) {
// Returns true if user can join the challenge
schema.methods.canJoin = function canJoinChallenge (user, group) {
if (group.type === 'guild' && group.privacy === 'public') return true;
if (this.isLeader(user)) return true; // for when leader has left private group that contains the challenge
return user.getGroups().indexOf(this.group) !== -1;
};
// Returns true if user can view the challenge
// Different from hasAccess because you can see challenges of groups you've been removed from if you're partecipating in them
// Different from canJoin because you can see challenges of groups you've been removed from if you're participating in them
schema.methods.canView = function canViewChallenge (user, group) {
if (this.isMember(user)) return true;
return this.hasAccess(user, group);
return this.canJoin(user, group);
};
// Sync challenge to user, including tasks and tags.