Allow leaving a challenge without having access to the challenge (e.g. after leaving a party or guild)

2025-12-16 22:27:26 +01:00 · 2017-04-26 13:52:27 -07:00
parent 78816dd4cb
commit fb80dd7c57
2 changed files with 10 additions and 12 deletions
--- a/test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js
+++ b/test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js
@@ -32,18 +32,20 @@ describe('POST /challenges/:challengeId/leave', () => {
    let group;
    let challenge;
    let notInChallengeUser;
+    let notInGroupLeavingUser;
    let leavingUser;
    let taskText;

    beforeEach(async () => {
      let populatedGroup = await createAndPopulateGroup({
-        members: 2,
+        members: 3,
      });

      groupLeader = populatedGroup.groupLeader;
      group = populatedGroup.group;
      leavingUser = populatedGroup.members[0];
      notInChallengeUser = populatedGroup.members[1];
+      notInGroupLeavingUser = populatedGroup.members[2];

      challenge = await generateChallenge(groupLeader, group);

@@ -55,17 +57,16 @@ describe('POST /challenges/:challengeId/leave', () => {

      await leavingUser.post(`/challenges/${challenge._id}/join`);

+      await notInGroupLeavingUser.post(`/challenges/${challenge._id}/join`);
+      await notInGroupLeavingUser.post(`/groups/${group._id}/leave`, {
+        keepChallenges: 'remain-in-challenges',
+      });
+
      await challenge.sync();
    });

-    it('returns an error when user doesn\'t have permissions to view the challenge', async () => {
-      let unauthorizedUser = await generateUser();
-
-      await expect(unauthorizedUser.post(`/challenges/${challenge._id}/leave`)).to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('challengeNotFound'),
-      });
+    it('lets user leave when not a member of the challenge group', async () => {
+      await expect(notInGroupLeavingUser.post(`/challenges/${challenge._id}/leave`)).to.eventually.be.ok;
    });

    it('returns an error when user isn\'t a member of the challenge', async () => {
--- a/website/server/controllers/api-v3/challenges.js
+++ b/website/server/controllers/api-v3/challenges.js
@@ -190,9 +190,6 @@ api.leaveChallenge = {
    let challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
    if (!challenge) throw new NotFound(res.t('challengeNotFound'));

-    let group = await Group.getGroup({user, groupId: challenge.group, fields: '_id type privacy'});
-    if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
-
    if (!challenge.isMember(user)) throw new NotAuthorized(res.t('challengeMemberNotFound'));

    // Unlink challenge's tasks from user's tasks and save the challenge