In challenge api, we need to see if a user has access to a challenge. We have a group UUID and a member ID, but because of the security / groups and subgroups layout, it's not easy to see if a user has access to a group.

I propose providing an endpoint with a HEAD where you can just see if a user has access to a group. I'm thinking something like this:

HEAD /v5/groups/:groupUUID?memberId=12345

The response for this call should include a header that says if the user has access to that group UUID. This will prevent the challenge api side having to traverse a whole group tree of data, string matching on UUIDs.