yihan integrate team code into the Teams page

[AriaYu927]

Description

This is the 3rd PR of "Create editable 4-letter team code option" task.

Related PRS (if any):

To test this backend PR you need to checkout the #1266 frontend PR.

Main changes explained:

• Update file team.js and teamController.js for adding teamCode property to team object.

How to test:

1. check into current branch on both frontend and backend.
2. do npm run build and npm start to run this PR locally
3. follow test steps in #1266

[DavidC0126]

LGTM. I left my comment on FE PR#1266.

[Haoj1]

@AriaYu927 Great job. Comment is left in #1266

[iTvX]

I left my comment on FE

[GaryB93]

Tested with FE PR#1266. Great work!

[winghojackyli]

Hi @AriaYu927 , I've tested the PR and it worked as intended with the frontend. Comment with video left here: OneCommunityGlobal/HighestGoodNetworkApp#1266 (review)

[vikrambadhan]

Hi, I've tested the PR and it works as intended with the frontend #1266

[Shiwani99]

Hi,
Good Job. Left comments at frontend PR#1266

[wantingxu7]

Hi, tested and commented on FE #1266

[KurtisIvey]

No checks on the backend as to whether the user profile is an owner when trying to change the team code.

I'm able to change team codes to whatever I want to via postman despite using the auth token of an Admin user. From my understanding, only an Owner role should be able to do this .In addition, If the digits for the team code are explicitly stated to be 4 digits, you should have some sort of validation for that.

Would love to also see that sanitizing, validation, and escaping is performed on these inputs in the backend.

[Lin1404]

Hi,
Good Job. Left comments at frontend PR#1266

[StrawberryCalpico]

Hi I just reviewed you PR, more details in Frontend #1266

[malikjahanzaib]

Hi @AriaYu927, I have reviewed this PR and it seems to work as intended. Detailed review on FE PR #1266. Great work!!!

[AriaYu927]

No checks on the backend as to whether the user profile is an owner when trying to change the team code.

I'm able to change team codes to whatever I want to via postman despite using the auth token of an Admin user. From my understanding, only an Owner role should be able to do this .In addition, If the digits for the team code are explicitly stated to be 4 digits, you should have some sort of validation for that.

Would love to also see that sanitizing, validation, and escaping is performed on these inputs in the backend.

Hi @KurtisIvey , this PR has been updated, please check when you get a chance. Thank you!

[RheaWu1212]

Great job. Comment is left in #1266

[KurtisIvey]

Fantastic job!

I'm no longer able to force a team code edit through postman, so the backend is now catching unauthorized user roles. Everything functions as intended. Admin and lower accounts cannot edit due to inactive input and my owner account can without issue.