nikdoof/test-auth
1
0
Fork 0
mirror of https://github.com/nikdoof/test-auth.git synced 2025-12-14 06:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Various fixes and changes, security problems fixed, bugs resolved.

Browse Source 
* Application status is now policed through APPLICATION_STATUS_ROUTES.
* Blacklisted application cannot be accepted.
* Blacklists are checked case insensitively.
* The template now shows blacklist advisories
* Applications are no longer flagged as Blacklisted unless they have a blacklist entry
This commit is contained in:
Andrew Williams
2011-07-09 11:05:59 +01:00
parent 99a2c14fe6
commit 2b3db4b383
5 changed files with 37 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/hr/views.py
View File

@@ -187,12 +187,14 @@ def update_application(request, applicationid, status):
app = get_object_or_404(Application, id=applicationid)
if not app.status in [APPLICATION_STATUS_REJECTED, APPLICATION_STATUS_COMPLETED]:
if int(status) in APPLICATION_STATUS_ROUTES[app.status]:
perm = check_permissions(request.user, app)
if perm == HR_ADMIN or (perm == HR_VIEWONLY and int(status) <= 1):
if not app.status == status:
app.status = status
app.save(user=request.user)
else:
messages.add_message(request, messages.ERROR, "Invalid status change request")
return HttpResponseRedirect(reverse('hr.views.view_application', args=[applicationid]))
@login_required
@@ -270,6 +272,11 @@ def accept_application(request, applicationid):
if check_permissions(request.user) == HR_ADMIN and request.user.has_perm('hr.can_accept'):
app = Application.objects.get(id=applicationid)
if app.blacklisted:
messages.add_message(request, messages.INFO, "This application has one or more blacklist entries and cannot be accepted.")
return HttpResponseRedirect(reverse('hr.views.view_application', args=[applicationid]))
if request.method == 'POST':
if check_permissions(request.user, app) == HR_ADMIN:
obj = Audit(application=app, user=request.user, event=AUDIT_EVENT_ACCEPTED)
@@ -279,7 +286,7 @@ def accept_application(request, applicationid):
obj.application.status = APPLICATION_STATUS_ACCEPTED
obj.application.save(user=request.user)
send_message(obj.application, 'accepted', note=obj.text)
return HttpResponseRedirect(reverse('hr.views.view_application', args=[applicationid]))
return HttpResponseRedirect(reverse('hr.views.view_application', args=[applicationid]))
form = AdminNoteForm(application=app)
return render_to_response('hr/applications/accept.html', locals(), context_instance=RequestContext(request))