Merge pull request #264 from topcoder-platform/develop

one more fix

Author: ThomasKranitsas

src/services/ChallengeService.js

@@ -923,7 +923,7 @@ async function getChallenge (currentUser, id) {
 
   // Check if challenge is task and apply security rules
   if (_.get(challenge, 'task.isTask', false) && _.get(challenge, 'task.isAssigned', false)) {
-    if (!currentUser || !(currentUser.isMachine || helper.hasAdminRole(currentUser)) || _.toString(currentUser.userId) !== _.toString(_.get(challenge, 'task.memberId'))) {
+    if (!currentUser || (!currentUser.isMachine && !helper.hasAdminRole(currentUser) && _.toString(currentUser.userId) !== _.toString(_.get(challenge, 'task.memberId')))) {
       throw new errors.ForbiddenError(`You don't have access to view this challenge`)
     }
   }