diff --git a/package-lock.json b/package-lock.json
index 917cea0311..d0a504c345 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "habitica",
-  "version": "4.241.2",
+  "version": "4.241.4",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 2b811f98f1..9782bda4df 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.241.2",
+  "version": "4.241.4",
   "main": "./website/server/index.js",
   "dependencies": {
     "@babel/core": "^7.18.13",
diff --git a/test/api/v3/integration/user/POST-user_class_cast_spellId.test.js b/test/api/v3/integration/user/POST-user_class_cast_spellId.test.js
index 18f2c19685..eeda226b45 100644
--- a/test/api/v3/integration/user/POST-user_class_cast_spellId.test.js
+++ b/test/api/v3/integration/user/POST-user_class_cast_spellId.test.js
@@ -152,9 +152,9 @@ describe('POST /user/class/cast/:spellId', () => {
 
     await expect(groupLeader.post(`/user/class/cast/pickPocket?targetId=${groupTask._id}`))
       .to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('groupTasksNoCast'),
+        code: 404,
+        error: 'NotFound',
+        message: t('messageTaskNotFound'),
       });
   });
 
diff --git a/test/api/v4/user/POST-user_class_cast_spellId.test.js b/test/api/v4/user/POST-user_class_cast_spellId.test.js
index 6bfa705d0c..8602cb7c2a 100644
--- a/test/api/v4/user/POST-user_class_cast_spellId.test.js
+++ b/test/api/v4/user/POST-user_class_cast_spellId.test.js
@@ -137,9 +137,9 @@ describe('POST /user/class/cast/:spellId', () => {
 
     await expect(groupLeader.post(`/user/class/cast/pickPocket?targetId=${groupTask._id}`))
       .to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('groupTasksNoCast'),
+        code: 404,
+        error: 'NotFound',
+        message: t('messageTaskNotFound'),
       });
   });
 
diff --git a/website/client/src/store/getters/tasks.js b/website/client/src/store/getters/tasks.js
index fbee4bd06e..859201de84 100644
--- a/website/client/src/store/getters/tasks.js
+++ b/website/client/src/store/getters/tasks.js
@@ -84,7 +84,8 @@ export function canEdit (store) {
     const user = store.state.user.data;
     const userId = user.id || user._id;
 
-    const isUserAdmin = user.permissions && user.permissions.challengeAdmin;
+    const isUserAdmin = user.permissions
+      && (user.permissions.challengeAdmin || user.permissions.fullAccess);
     const isUserGroupLeader = group && (group.leader
       && group.leader._id === userId);
     const isUserGroupManager = group && (group.managers
diff --git a/website/server/libs/spells.js b/website/server/libs/spells.js
index 6132ec5f26..4a132f290b 100644
--- a/website/server/libs/spells.js
+++ b/website/server/libs/spells.js
@@ -21,6 +21,7 @@ async function castTaskSpell (res, req, targetId, user, spell, quantity = 1) {
   if (!targetId) throw new BadRequest(res.t('targetIdUUID'));
 
   const task = await Tasks.Task.findOne({
+    userId: user._id,
     _id: targetId,
   }).exec();
   if (!task) throw new NotFound(res.t('messageTaskNotFound'));
diff --git a/website/server/libs/user/index.js b/website/server/libs/user/index.js
index 8e19db0ea8..35068ad3f9 100644
--- a/website/server/libs/user/index.js
+++ b/website/server/libs/user/index.js
@@ -138,7 +138,7 @@ export async function update (req, res, { isV3 = false }) {
     if (!Array.isArray(groupsToMirror)) {
       throw new BadRequest('Groups to copy tasks from must be an array.');
     }
-    const memberGroups = user.guilds;
+    const memberGroups = _.clone(user.guilds);
     if (user.party._id) memberGroups.push(user.party._id);
     for (const targetGroup of groupsToMirror) {
       if (memberGroups.indexOf(targetGroup) === -1) {
diff --git a/website/server/middlewares/cron.js b/website/server/middlewares/cron.js
index ce087ef1f4..7c837c9632 100644
--- a/website/server/middlewares/cron.js
+++ b/website/server/middlewares/cron.js
@@ -74,19 +74,10 @@ async function cronAsync (req, res) {
     }
 
     const tasks = await Tasks.Task.find({
-      $and: [
-        {
-          $or: [
-            { userId: user._id },
-            { userId: { $exists: false }, 'group.assignedUsers': user._id },
-          ],
-        },
-        {
-          $or: [ // Exclude completed todos
-            { type: 'todo', completed: false },
-            { type: { $in: ['habit', 'daily', 'reward'] } },
-          ],
-        },
+      userId: user._id,
+      $or: [ // Exclude completed todos
+        { type: 'todo', completed: false },
+        { type: { $in: ['habit', 'daily'] } },
       ],
     }).exec();