From fb80dd7c572908c5c2cfcd6d10099dfa26de2a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9line=20O=27Neil?= Date: Wed, 26 Apr 2017 13:52:27 -0700 Subject: [PATCH] Allow leaving a challenge without having access to the challenge (e.g. after leaving a party or guild) --- .../POST-challenges_challengeId_leave.test.js | 19 ++++++++++--------- .../server/controllers/api-v3/challenges.js | 3 --- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js b/test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js index bb366536cf..7324747b66 100644 --- a/test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js +++ b/test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js @@ -32,18 +32,20 @@ describe('POST /challenges/:challengeId/leave', () => { let group; let challenge; let notInChallengeUser; + let notInGroupLeavingUser; let leavingUser; let taskText; beforeEach(async () => { let populatedGroup = await createAndPopulateGroup({ - members: 2, + members: 3, }); groupLeader = populatedGroup.groupLeader; group = populatedGroup.group; leavingUser = populatedGroup.members[0]; notInChallengeUser = populatedGroup.members[1]; + notInGroupLeavingUser = populatedGroup.members[2]; challenge = await generateChallenge(groupLeader, group); @@ -55,17 +57,16 @@ describe('POST /challenges/:challengeId/leave', () => { await leavingUser.post(`/challenges/${challenge._id}/join`); + await notInGroupLeavingUser.post(`/challenges/${challenge._id}/join`); + await notInGroupLeavingUser.post(`/groups/${group._id}/leave`, { + keepChallenges: 'remain-in-challenges', + }); + await challenge.sync(); }); - it('returns an error when user doesn\'t have permissions to view the challenge', async () => { - let unauthorizedUser = await generateUser(); - - await expect(unauthorizedUser.post(`/challenges/${challenge._id}/leave`)).to.eventually.be.rejected.and.eql({ - code: 404, - error: 'NotFound', - message: t('challengeNotFound'), - }); + it('lets user leave when not a member of the challenge group', async () => { + await expect(notInGroupLeavingUser.post(`/challenges/${challenge._id}/leave`)).to.eventually.be.ok; }); it('returns an error when user isn\'t a member of the challenge', async () => { diff --git a/website/server/controllers/api-v3/challenges.js b/website/server/controllers/api-v3/challenges.js index c19158f38c..bd90d749b7 100644 --- a/website/server/controllers/api-v3/challenges.js +++ b/website/server/controllers/api-v3/challenges.js @@ -190,9 +190,6 @@ api.leaveChallenge = { let challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec(); if (!challenge) throw new NotFound(res.t('challengeNotFound')); - let group = await Group.getGroup({user, groupId: challenge.group, fields: '_id type privacy'}); - if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound')); - if (!challenge.isMember(user)) throw new NotAuthorized(res.t('challengeMemberNotFound')); // Unlink challenge's tasks from user's tasks and save the challenge