frontend/src/pages/ClubSettings/VisibilityJoin/index.js:98 fetches the current settings from GET /c/visjoin/get.
Updates post to POST /c/visjoin/post (frontend/src/pages/ClubSettings/VisibilityJoin/index.js:228), honouring business rules that restrict open joins to public clubs.
Backend enforcement lives in backend/r/cbs.js:384 (get) and :390 (post).
The guidelines editor submits markdown/HTML snippets via POST /c/editgl (frontend/src/pages/ClubSettings/ClubGuidelines.js:95), with validation handled in backend/r/cbs.js:355.
Members see the published copy inside the clubfront, and edits are versioned in the database for audit purposes.
frontend/src/pages/ClubSettings/LockCb.js:27 reads lock status using GET /c/cbpres/lockstatus; toggles post to POST /c/cbpres/lock (frontend/src/pages/ClubSettings/LockCb.js:53).
Soft deactivation leverages POST /c/deactcb at frontend/src/pages/ClubSettings/DeactivateCb.js:44, with reactivation sharing the same code path through /c/actcb.
These endpoints are defined at backend/r/cbs.js:310, :315, :332 and :338, all wrapped in a 5-second debounce to avoid rapid toggling.
Changes to visibility immediately adjust privilege availability (see frontend/src/pages/ClubSettings/RoleAccessEdit.js:198), preventing conflicting states such as members posting when content is secret.
The server double-checks the current visibility before accepting RBAC edits to avoid privilege escalation via stale data.
ClubActivities pulls structured logs from the activity controller so presidents can trace who changed what. When a lock or guideline update occurs, an entry is appended and shown chronologically.