Commit 9e4c7fb3 authored by Chris Lamb's avatar Chris Lamb
Browse files

Correct permission logic when viewing jobs as an staff member and clarify on...

Correct permission logic when viewing jobs as an staff member and clarify on the page. (Closes: #39)
parent b911583d
......@@ -28,8 +28,8 @@ def view(request, job_type=None):
def job(request, slug, prefix=None):
job = get_object_or_404(Job, slug=slug)
if job.state != StateEnum.LIVE and \
(request.user != job.user or not request.user.is_staff):
if not (job.state == StateEnum.LIVE or request.user == job.user or
request.user.is_staff):
raise Http404()
if job.state == StateEnum.REMOVED:
......
......@@ -7,7 +7,16 @@
{% block container %}
{% if request.user.is_staff and job.state.name == "WAITING_FOR_APPROVAL" %}
{% if request.user.is_staff %}
{% switch job.state.name %}
{% case "NEW" %}
<div class="card bg-light mb-3">
<div class="card-body">
<h5 class="card-title">This draft job has not been submitted for approval.</h5>
</div>
</div>
{% endcase %}
{% case "WAITING_FOR_APPROVAL" %}
<div class="card bg-light mb-3">
<div class="card-body">
<h5 class="card-title">This job is pending approval.</h5>
......@@ -15,7 +24,9 @@
<a href="{% url "admin:reject" job.slug %}" class="card-link">Reject</a>
</div>
</div>
{% endif %}
{% endcase %}
{% endswitch %}
{% endif %}
{% if request.user == job.user %}
{% switch job.state.name %}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment