habitica/website/server/libs/challenges/index.js

163 lines
4.8 KiB
JavaScript
Raw Permalink Normal View History

// Currently this holds helpers for challenge api,
// but we should break this up into submodules as it expands
import omit from 'lodash/omit';
import { v4 as uuid } from 'uuid';
import { model as Challenge } from '../../models/challenge';
import {
model as Group,
TAVERN_ID,
} from '../../models/group';
import {
2023-08-08 03:26:56 +00:00
BadRequest,
NotFound,
NotAuthorized,
} from '../errors';
const TASK_KEYS_TO_REMOVE = [
'_id', 'completed', 'dateCompleted', 'history',
'id', 'streak', 'createdAt', 'challenge',
];
export function addUserJoinChallengeNotification (user) {
if (user.achievements.joinedChallenge) return;
user.achievements.joinedChallenge = true;
user.addNotification('CHALLENGE_JOINED_ACHIEVEMENT');
}
export function getChallengeGroupResponse (group) {
return {
_id: group._id,
name: group.name,
type: group.type,
privacy: group.privacy,
};
}
export async function createChallenge (user, req, res) {
2019-10-08 14:57:10 +00:00
const groupId = req.body.group;
const { prize } = req.body;
2019-10-08 14:57:10 +00:00
const group = await Group.getGroup({
user, groupId, fields: '-chat', mustBeMember: true,
});
if (!group) throw new NotFound(res.t('groupNotFound'));
if (!group.isMember(user)) throw new NotAuthorized(res.t('mustBeGroupMember'));
2023-08-08 03:26:56 +00:00
if (group.type === 'guild' && group._id !== TAVERN_ID && !group.hasActiveGroupPlan()) {
throw new BadRequest(res.t('featureRetired'));
}
if (group.leaderOnly && group.leaderOnly.challenges && group.leader !== user._id) {
throw new NotAuthorized(res.t('onlyGroupLeaderChal'));
}
if (group._id === TAVERN_ID && prize < 1) {
throw new NotAuthorized(res.t('tavChalsMinPrize'));
}
group.challengeCount += 1;
if (!req.body.summary) {
req.body.summary = req.body.name;
}
req.body.leader = user._id;
Adminpanel and revamped permissions (#13843) * create Admin Panel page with initial content from Hall's admin section * reorganise Admin Panel form and add more accordians * add lastCron to fields returned by api.getHeroes * improve timestamps and authentication section * add party and quest info to Admin Panel, add party to heroAdminFields * move Admin Panel menu item to top of menu, make invisible to non-admins * remove code used for displaying all Heroes * add avatar appearance and drops section in Admin Panel * allow logged-in user to be the default hero loaded * add time zones to timestamp/authentication section * rename Items to Update Items This will allow a new Items section to be added. * add read-only Items display with button to copy data to Update Items section * remove never-used allItemsPaths code that had been copied from Hall * update tests for the attributes added to heroAdminFields * supply names for items and also set information for gear/equipment * remove code that loads subsections of content We use enough of the content that it's easier to load it all and access it through the content object, especially when we're looping through different item types. * add gear names and set details to Avatar Costume/Battle Gear section * make the wiki URLs clickable and make minor item format improvements * add gear sets for Check-In Incentives and animal ears and tails * add gear set for Gold-Purchasable Quest Lines Also merges the existing Mystery of the Masterclassers quest set into it. * fix error with Kickstarter gear set and include wiki link * improve description of check-in incentive gear set * fix description of Items section * fix lint warnings * update another test for the attributes added to heroAdminFields * allow "@" to be included when specifying Username to load * create GetHeroParty API v3 route to fetch a given user's party data Only some data from the party will be loaded (e.g., not private data such as name, description). Includes tests for the route. See the next commit for front-end changes that use this. * display data from a given user's party in admin panel Only some data from the party will be loaded (e.g., not private data such as name, description). Also adds support for finding and displaying errors from the user's data. * use new error handling method for other sections - Time zone differences - Cron bugs - Privilege removal (mute/block) - not a bug but needs to be highlighted * redirect non-admin users away from admin-only page (WIP) This needs more work. Currently, admin users are also redirected if they access the page by direct URL or after reload. * clarify source of items from Check-In Incentives and Lunar Battle quests * replace non-standard form fields with HTML forms * add user's language, remove unused export blocks * convert functions to filters: formatDate, formatTimeZone * improve display of minutes portion of time zone in Admin Panel * move basic details about user to a new component * move Timestamp/Cron/Auth/etc details to a new component - WIP, has errors The automatic expand and error warnings don't reset themselves when you fetch data for a new user. * replace non-standard form fields with HTML forms Most of this was done in 26fdcbbee51937d39a149a20bf7ccd1cf674ca18 * move Timestamp/Cron/Auth/etc details to a new component (fixed) * move Avatar and Drops section to a new component * move Party and Quest section to a new component * move Contributor Details to new component, add checkbox for admin, add preview This adds a markdown-enabled preview of the Contributions textarea. It also removes the code that automatically set contributor.admin to true when the Tier was above 7. That feature wasn't secure because the Tier can be accidentally changed if you scroll while the cursor is over the Tier form field (we accidentally demoted a Socialite once by doing that and if we'd scrolled in the other direction we would have given her admin privileges). Instead there's now a checkbox for giving moderator-level privileges. We'll want that anyway when we move to a system of selected privileges for each admin instead of all admin privileges being given to all mods/staff. There's also a commented-out checkbox for giving Bailey CMS privileges, for when we're ready to use that. The User model doesn't yet have support for it. * move Privileges and Gems section to a new component * rename formatItems to getItemDescription; make other minor fixes * remove an outdated test description This "pended" explanation probably wasn't needed after "x" was removed from "describe" in 2ab76db27cbc2ea6c8e65a407a3fcc51fb015687 * add newsPoster Bailey CMS permission to User model and Admin Panel * move formatDate from mixins to filters * make lint fixes * remove development comments from hall.js I'll be handling the TODO comment and I've left in my "XXX" marker to remind me * fix bug in Hall's castItemVal: mounts are null not false * move Items section to a new component and delete Update Items section The Update Items section is no longer needed because the new Items component has in-place editing. * remove unused imports * add "secret" field to "Privileges, Gem Balance" section. Also move the markdownPreview style from contributorDetails.vue to index.vue since it's used in two components now. * show non-Standard never-owned Pets and Mounts in Items section * redirect non-admin users away from admin-only page This completes the work started in commit a4f9c754ad3886466925de4d8ed9a5ac55d2f999 It now allows admins to access the page when coming from another page on the site or from a direct link, including if the admin user isn't logged in yet. * display memberCount for party * add secret.text field to Contributor Details This is in addition to showing it in the Privileges section because the secret text could be about either troublesome behaviour or contributions. * allow user to be loaded into Admin Panel via a URL This includes: - router config has a child route for the admin panel with a Username/ID as a parameter - loadHero code moved from top-level index page into a new "user support" index page - links in the Hall changed to point to admin panel route - admin panel link added to admin section of user profile modal * keep list of known titles on their own lines * sort heroFields alphabetically No actual changes. * return all flags for use in Admin Panel and fix Hall tests for flags Future Admin Panel changes will display more flags. NB 'flags' wasn't in the tests before, even though two optional flags were being fetched. The tests weren't failing because the test users hadn't been given data for those optional flags. The primary reason for this change now is to fix the tests. * show part of the API Token in the Admin Panel * send full hero object into cronAndAuth.vue This is a prelude to allowing this component to change the hero. * split heroAdminFields string into two: one for fetching data and one for showing it This is because apiToken must be fetched but not shown, while apiTokenObscured is calculated (not fetched) and shown. * let admin change a user's API Token * restore sanity * remove code to show obscured version of API Token It will return with tighter permissions for viewing it. * add Custom Day Start time (CDS) to Timestamps, Time Zone... section * commit lint's automatic fixes - one for admin-panel changes in hall.js The other fixes aren't related to this PR but I figured they may as well go live. * apply fixes from paglias's comments, excluding style/CSS changesd The comments that this PR fixes start at https://github.com/HabitRPG/habitica/pull/12035#pullrequestreview-500422316 Style fixes will be in a future commit. * fix styles/CSS * allow profile modal to close when using admin panel link Also removes an empty components block. * prevent Admin Panel being used without new userSupport privilege Also adds initial support for other contributor.priv privileges and changes Debug Menu to add userSupport privilege * don't do this: this.hero = { ...hero }; * enhance quest error messages * redirect to admin-panel home page when using "Save and Clear Data" The user's ID / name is still in the form for easy refetching. * create ensurePriv function, use in api.getHeroParty * fix lint problems and integration tests * add page title to top-level Admin Panel Also add more details to a router comment (consistent with a similar comment) in case it helps anyone. * fix tests * display Moderation Notes above Contributions * lint fix * remove placeholder code for new privileges I had planned to have each of these implemented in stages, but paglias wanted it all done at once. I'm afraid that's too big a project for me to take on in a single PR so I'm cancelling the plans for adjusting the privileges. * Improve permission handling * Don't report timezone error on first day * fix lint error * . * Fix lint error * fix failing tests * Fix more tests * . * .. * ... * fix(admin): always include permissions when querying user also remove unnecessary failing test case * permission improvements * show transactions in admin panel * fix lint errors * fix permission check * fix(panel): missing mixin, handle empty perms object Co-authored-by: Alys <alice.harris@oldgods.net> Co-authored-by: SabreCat <sabe@habitica.com>
2022-05-03 19:40:56 +00:00
req.body.official = !!(user.hasPermission('challengeAdmin') && req.body.official);
Squashed commit of the following: commit d30dff2311087ff2fe5f3e2a913c594abeee6b0e Author: Sabe Jones <sabe@habitica.com> Date: Tue Feb 27 16:01:11 2024 -0600 fix(challenge): move isOfficial to mount process commit ae52dca3cd0b4fd490f07b1979049803ce2f1e2f Merge: 2b20ff1e46 2c6e82a58a Author: Sabe Jones <sabe@habitica.com> Date: Tue Feb 27 15:20:40 2024 -0600 Merge branch 'release' into phillip/challenges_official commit 2b20ff1e46b1447eac3f9dbdf29566154c9fa656 Author: Sabe Jones <sabe@habitica.com> Date: Wed Feb 14 15:31:22 2024 -0600 fix(tests): correct lint and TypeError commit 5dae5c716f11db4c652e423eab43805ddfac3455 Merge: 29d9edc7aa 1a3c2f64e4 Author: Sabe Jones <sabe@habitica.com> Date: Wed Feb 14 15:01:18 2024 -0600 Merge branch 'release' into phillip/challenges_official commit 29d9edc7aa7445d24f5be24ca923719a4ab5f70d Author: Sabe Jones <sabe@habitica.com> Date: Wed Feb 14 14:41:16 2024 -0600 fix(challenges): don't momentarily show Report on official commit f994d12775107cba7ec816ee522cfeb0c69ef567 Author: Phillip Thelen <phillip@habitica.com> Date: Tue Feb 13 10:08:08 2024 +0100 hide report button for official challenges commit ac06dcaca701b91913d5fc5307626b1616a9e0e8 Author: Phillip Thelen <phillip@habitica.com> Date: Tue Feb 13 10:04:49 2024 +0100 prevent official challenges from being flagged commit a07ce1e6de66a2c833c6f392cf396a7743ca0f97 Author: Phillip Thelen <phillip@habitica.com> Date: Mon Feb 5 19:12:17 2024 +0100 test shouldn’t be exclusive commit 4c2436a1a0fa905530b7e1cd66f75a2b07be5810 Author: Phillip Thelen <phillip@habitica.com> Date: Mon Feb 5 19:11:20 2024 +0100 remove log commit 292f3a578d51fd08c572afc574cc73d08356f46a Author: Phillip Thelen <phillip@habitica.com> Date: Mon Feb 5 19:10:13 2024 +0100 Automatically set official field on challenges if habitica_official cateogory is set
2024-02-28 20:31:05 +00:00
const categories = req.body.categories || [];
categories.forEach(category => {
if (category.slug === 'habitica_official' && !user.hasPermission('challengeAdmin')) {
throw new NotAuthorized(res.t('noPrivAccess'));
} else if (category.slug === 'habitica_official' && user.hasPermission('challengeAdmin')) {
req.body.official = true;
}
});
const challenge = new Challenge(Challenge.sanitize(req.body));
// First validate challenge so we don't save group if it's invalid (only runs sync validators)
const challengeValidationErrors = challenge.validateSync();
if (challengeValidationErrors) throw challengeValidationErrors;
if (prize > 0) {
2019-10-08 14:57:10 +00:00
const groupBalance = group.balance && group.leader === user._id ? group.balance : 0;
const prizeCost = prize / 4;
if (prizeCost > user.balance + groupBalance) {
throw new NotAuthorized(res.t('cantAfford'));
}
if (groupBalance >= prizeCost) {
// Group pays for all of prize
group.balance -= prizeCost;
await user.updateBalance(0, 'create_bank_challenge', challenge._id, challenge.name);
} else if (groupBalance > 0) {
// User pays remainder of prize cost after group
2019-10-08 14:57:10 +00:00
const remainder = prizeCost - group.balance;
group.balance = 0;
await user.updateBalance(-remainder, 'create_challenge', challenge._id, challenge.name);
} else {
// User pays for all of prize
await user.updateBalance(-prizeCost, 'create_challenge', challenge._id, challenge.name);
}
}
Reporting challenges (#14756) * initial commit * update logic to display flagged challenges properly to users and admins * add report button to pages 'My Challenges' and 'Discover Challenges' * allow mods to view flagged messages on challengeDetail view * update showing flagged challenges for group challenges * update showing flagged challenges for a specific challenge * disallow closing a flagged challenge * update notes to reflect apiParams properly * fix css spacing * update challenge en locales * fix spacing * update title of closeChallengeModal * let user know flagged challenges cannot be cloned * fix linting errors * ensure flagged challenges cannot be declared with a winner and cloned via API * define a non user challenge properly * fix logic to check for a nonParticipant and nonLeader user when grabbing flagged challenges * fix linting of max character of 100 / line * remove reporting on 'my challenges' and 'discover challenges' * WIP(challenges): disable clone button and add notes to new functions * WIP(challenges): smol changes * WIP(challenges): clone button only disabled for admin and flagged user; other users can still clone but the flag goes along with the clone * WIP(challenges): stop flags carrying over on cloned challenges * WIP(challenges): typo fixing, undoing a smol change * fix(challenges): improved query logic for flags * WIP(challenges): more smol changes * fix(challenges): refactor queries * fix(challenges): correct My Challenges tab logic * WIP(challenges): fix clone button state * WIP(challenges): really fixed clone button & clear flags from clones * WIP(challenge): implement new design for reporting modal * WIP(challenge): making things pretty * WIP(challenge): conquering the close button * WIP(challenge): fixin some spacing * WIP(challenge): smol fix * WIP(challenge): making sure the button is actually disabled * WIP(challenge): fix blockquote css * fix(tests): no private guilds * fix(lint): curlies etc * fix(test): moderator permission * fix(lint): sure man whatever * fix(lint): bad vim no tabby * fix(test): permissions not contrib lol * fix(challenges): add icon and fix leaky CSS * fix(challenge): correct clone button behavior --------- Co-authored-by: Julius Jung <me@matchajune.io> Co-authored-by: SabreCat <sabe@habitica.com> Co-authored-by: Sabe Jones <sabrecat@gmail.com>
2023-10-24 14:24:56 +00:00
if (challenge.flagCount > 0) {
challenge.flagCount = 0;
challenge.flags = {};
}
2019-10-08 14:57:10 +00:00
const results = await Promise.all([challenge.save({
validateBeforeSave: false, // already validated
}), group.save(), user.save()]);
2019-10-08 14:57:10 +00:00
const savedChal = results[0];
2019-10-08 14:57:10 +00:00
return { savedChal, group };
}
export function cleanUpTask (task) {
2019-10-08 14:57:10 +00:00
const cleansedTask = omit(task, TASK_KEYS_TO_REMOVE);
// Copy checklists but reset to uncomplete and assign new id
if (!cleansedTask.checklist) cleansedTask.checklist = [];
2019-10-08 14:57:10 +00:00
cleansedTask.checklist.forEach(item => {
item.completed = false;
item.id = uuid();
});
if (cleansedTask.type !== 'reward') {
delete cleansedTask.value;
}
return cleansedTask;
}
// Create an aggregation query for querying challenges.
// Ensures that official challenges are listed first.
export function createChallengeQuery (query) {
return Challenge.aggregate()
.match(query)
.addFields({
isOfficial: {
$cond: {
if: { $isArray: '$categories' },
then: {
$gt: [
{
$size: {
$filter: {
input: '$categories',
as: 'cat',
cond: {
$eq: ['$$cat.slug', 'habitica_official'],
},
},
},
},
0,
],
},
else: false,
},
},
})
.sort('-isOfficial -createdAt');
}