diff --git a/hasjob/models/jobpost.py b/hasjob/models/jobpost.py index d8f880fb2..587decd30 100644 --- a/hasjob/models/jobpost.py +++ b/hasjob/models/jobpost.py @@ -221,11 +221,6 @@ def query_listed(cls): def __repr__(self): return ''.format(hashid=self.hashid, headline=self.headline.encode('utf-8')) - def admin_is(self, user): - if user is None: - return False - return user == self.user or bool(self.admins.options(db.load_only('id')).filter_by(id=user.id).count()) - @property def expiry_date(self): return self.datetime + agelimit @@ -343,7 +338,7 @@ def permissions(self, user, inherited=None): perms = super(JobPost, self).permissions(user, inherited) if self.state.PUBLIC: perms.add('view') - if self.admin_is(user): + if user == self.user or user in self.admins: if self.state.UNPUBLISHED: perms.add('view') perms.add('edit') @@ -351,6 +346,12 @@ def permissions(self, user, inherited=None): perms.add('withdraw') return perms + def roles_for(self, actor=None, anchors=()): + roles = super(JobPost, self).roles_for(actor, anchors) + if actor == self.user or actor in self.admins: + roles.add('admin') + return roles + @property def from_webmail_domain(self): return is_public_email_domain(self.email_domain, default=False) diff --git a/hasjob/templates/application.html.jinja2 b/hasjob/templates/application.html.jinja2 index bb9654bbe..46d4d5b62 100644 --- a/hasjob/templates/application.html.jinja2 +++ b/hasjob/templates/application.html.jinja2 @@ -79,16 +79,16 @@ diff --git a/hasjob/templates/detail.html.jinja2 b/hasjob/templates/detail.html.jinja2 index ac22c87a7..5120846e5 100644 --- a/hasjob/templates/detail.html.jinja2 +++ b/hasjob/templates/detail.html.jinja2 @@ -152,7 +152,7 @@ {%- endif %} - {%- if post.admin_is(g.user) %} + {%- if post.current_roles.admin %}    Edit this @@ -223,7 +223,7 @@ {%- endif %} - {%- if is_siteadmin or post.admin_is(g.user) %} + {%- if is_siteadmin or post.current_roles.admin %} {%- if post.pay_type is not none and not post.state.ANNOUNCEMENT %}    {{ post.pay_label() }} @@ -326,7 +326,7 @@

Statistics

Logged-in users: viewed › opened form › applied · Per :
- {%- if post.headlineb and (is_siteadmin or post.admin_is(g.user)) %} + {%- if post.headlineb and (is_siteadmin or post.current_roles.admin) %}

A/B test results

diff --git a/hasjob/templates/respond_email.html.jinja2 b/hasjob/templates/respond_email.html.jinja2 index 5b6f41b13..52f817b4e 100644 --- a/hasjob/templates/respond_email.html.jinja2 +++ b/hasjob/templates/respond_email.html.jinja2 @@ -18,9 +18,9 @@

{%- if job_application.response.REPLIED %} - {{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} has responded to your application for {{ post.headline }}. You can reply to this email to continue the conversation + {{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} has responded to your application for {{ post.headline }}. You can reply to this email to continue the conversation {%- elif job_application.response.REJECTED %} - {{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} has declined your application for {{ post.headline }} + {{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} has declined your application for {{ post.headline }} {%- endif %}

diff --git a/hasjob/views/helper.py b/hasjob/views/helper.py index 23a610386..341cbdc51 100644 --- a/hasjob/views/helper.py +++ b/hasjob/views/helper.py @@ -46,7 +46,7 @@ def index_is_paginated(): def has_post_stats(post): is_siteadmin = lastuser.has_permission('siteadmin') - return is_siteadmin or post.admin_is(g.user) or (current_auth and g.user.flags.get('is_employer_month')) + return is_siteadmin or post.current_roles.admin or (current_auth and g.user.flags.get('is_employer_month')) @form_validation_success.connect diff --git a/hasjob/views/listing.py b/hasjob/views/listing.py index ba25c8237..4597ca01e 100644 --- a/hasjob/views/listing.py +++ b/hasjob/views/listing.py @@ -58,7 +58,7 @@ def jobdetail(domain, hashid): return redirect(post.url_for(), code=301) if post.state.UNPUBLISHED: - if not (current_auth and post.admin_is(g.user)): + if not (current_auth and post.current_roles.admin): abort(403) if post.state.GONE: abort(410) @@ -147,7 +147,7 @@ def jobdetail(domain, hashid): is_bgroup = getbool(request.args.get('b')) headline = post.headlineb if is_bgroup and post.headlineb else post.headline - if is_siteadmin or post.admin_is(g.user) or (current_auth and g.user.flags.get('is_employer_month')): + if is_siteadmin or post.current_roles.admin or (current_auth and g.user.flags.get('is_employer_month')): post_viewcounts = get_post_viewcounts(post.id) else: post_viewcounts = None @@ -167,7 +167,7 @@ def jobdetail(domain, hashid): def job_viewstats(domain, hashid): is_siteadmin = lastuser.has_permission('siteadmin') post = JobPost.query.filter_by(hashid=hashid).options(db.load_only('id', 'datetime')).first_or_404() - if is_siteadmin or post.admin_is(g.user) or (current_auth and g.user.flags.get('is_employer_month')): + if is_siteadmin or post.current_roles.admin or (current_auth and g.user.flags.get('is_employer_month')): return jsonify({ "unittype": post.viewstats[0], "stats": post.viewstats[1], @@ -416,7 +416,7 @@ def view_application_email_gif(domain, hashid, application): def view_application(domain, hashid, application): post = JobPost.query.filter_by(hashid=hashid).first_or_404() # Transition code until we force all employers to login before posting - if post.user and not (post.admin_is(g.user) or lastuser.has_permission('siteadmin')): + if post.user and not (post.current_roles.admin or lastuser.has_permission('siteadmin')): if not current_auth: return redirect(url_for('login', message=u"You need to be logged in to view candidate applications on Hasjob.")) else: @@ -455,7 +455,7 @@ def view_application(domain, hashid, application): @app.route('/apply//', defaults={'domain': None}, methods=['POST']) def process_application(domain, hashid, application): post = JobPost.query.filter_by(hashid=hashid).first_or_404() - if post.user and not post.admin_is(g.user): + if post.user and not post.current_roles.admin: if not current_auth: return redirect(url_for('login')) else: @@ -488,7 +488,7 @@ def process_application(domain, hashid, application): base_url=request.url_root) email_text = html2text(email_html) - sender_name = g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name + sender_name = g.user.fullname if post.current_roles.admin else post.fullname or post.company_name sender_formatted = u'{sender} (via {site})'.format( sender=sender_name, site=app.config['SITE_TITLE']) @@ -587,7 +587,7 @@ def send_reject_mail(reject_type, post, banned_posts=[]): mail.send(msg) post = JobPost.query.filter_by(hashid=hashid).first_or_404() - if post.state.UNPUBLISHED and not post.admin_is(g.user): + if post.state.UNPUBLISHED and not post.current_roles.admin: abort(403) if post.state.GONE: abort(410) @@ -775,7 +775,7 @@ def confirm_email(domain, hashid, key): def withdraw(domain, hashid, key): post = JobPost.query.filter_by(hashid=hashid).first_or_404() form = forms.WithdrawForm() - if not ((key is None and current_auth and post.admin_is(g.user)) or (key == post.edit_key)): + if not ((key is None and current_auth and post.current_roles.admin) or (key == post.edit_key)): abort(403) if post.state.WITHDRAWN: flash("Your job post has already been withdrawn", "info") @@ -812,7 +812,7 @@ def editjob(hashid, key, domain=None, form=None, validated=False, newpost=None): if not newpost: post = JobPost.query.filter_by(hashid=hashid).first_or_404() - if not ((key is None and current_auth and post.admin_is(g.user)) or (key == post.edit_key)): + if not ((key is None and current_auth and post.current_roles.admin) or (key == post.edit_key)): abort(403) # Once this post is published, require editing at /domain//edit @@ -994,7 +994,7 @@ def newjob(): archived_post = JobPost.get(request.args['template']) if not archived_post: abort(404) - if not archived_post.admin_is(g.user): + if not archived_post.current_roles.admin: abort(403) if archived_post.state.LISTED: flash("This post is currently active and cannot be posted again.") @@ -1029,7 +1029,7 @@ def close(domain, hashid, key): post = JobPost.get(hashid) if not post: abort(404) - if not post.admin_is(g.user): + if not post.current_roles.admin: abort(403) if request.method == 'GET' and post.state.CLOSED: return redirect(post.url_for('reopen'), code=303) @@ -1053,7 +1053,7 @@ def reopen(domain, hashid, key): post = JobPost.query.filter_by(hashid=hashid).first_or_404() if not post: abort(404) - if not post.admin_is(g.user): + if not post.current_roles.admin: abort(403) # Only closed posts can be reopened if not post.state.CLOSED: