From 4e96e529f4f764bcba80c46024509a83ed45427b Mon Sep 17 00:00:00 2001
From: Sean Morley <98704938+seanmorley15@users.noreply.github.com>
Date: Wed, 9 Jul 2025 23:03:48 -0400
Subject: [PATCH] fix(adventure): enhance collection ownership validation in
 AdventureSerializer (#723)

---
 backend/server/adventures/serializers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/server/adventures/serializers.py b/backend/server/adventures/serializers.py
index 3023e04..622e2eb 100644
--- a/backend/server/adventures/serializers.py
+++ b/backend/server/adventures/serializers.py
@@ -128,7 +128,7 @@ class AdventureSerializer(CustomModelSerializer):
             
         user = self.context['request'].user
         for collection in collections:
-            if collection.user_id != user:
+            if collection.user_id != user and not collection.shared_with.filter(id=user.id).exists():
                 raise serializers.ValidationError(
                     f"Collection '{collection.name}' does not belong to the current user."
                 )