mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-24 08:08:15 -05:00
Merge branch 'master' of https://github.com/codecombat/codecombat
This commit is contained in:
commit
fced3e821a
3 changed files with 7 additions and 5 deletions
|
@ -90,7 +90,7 @@ block content
|
|||
if user.get('jobProfileNotes') || me.isAdmin()
|
||||
h3.experience-header(data-i18n="account_profile.our_notes") Our Notes
|
||||
- var notes = user.get('jobProfileNotes') || '';
|
||||
if !me.isAdmin()
|
||||
if me.isAdmin()
|
||||
textarea#job-profile-notes!= notes
|
||||
else
|
||||
div!= marked(notes)
|
||||
|
|
|
@ -58,7 +58,7 @@ body
|
|||
.footer.clearfix
|
||||
.content
|
||||
p.footer-link-text
|
||||
if pathname == "/"
|
||||
if pathname == "/" || (me.get('permissions') || []).indexOf('employer') != -1
|
||||
a(href='/employers', title='Home', tabindex=-1, data-i18n="nav.employers") Employers
|
||||
else
|
||||
a(href='/', title='Home', tabindex=-1, data-i18n="nav.home") Home
|
||||
|
|
|
@ -47,7 +47,7 @@ UserHandler = class UserHandler extends Handler
|
|||
delete obj[prop] for prop in serverProperties
|
||||
includePrivates = req.user and (req.user.isAdmin() or req.user._id.equals(document._id))
|
||||
delete obj[prop] for prop in privateProperties unless includePrivates
|
||||
includeCandidate = includePrivates or (obj.jobProfileApproved and req.user and ('employer' in (req.user.permissions ? [])) and @employerCanViewCandidate req.user, obj)
|
||||
includeCandidate = includePrivates or (obj.jobProfileApproved and req.user and ('employer' in (req.user.get('permissions') ? [])) and @employerCanViewCandidate req.user, obj)
|
||||
delete obj[prop] for prop in candidateProperties unless includeCandidate
|
||||
return obj
|
||||
|
||||
|
@ -266,8 +266,8 @@ UserHandler = class UserHandler extends Handler
|
|||
selection += ' jobProfileApproved' if req.user.isAdmin()
|
||||
User.find(query).select(selection).exec (err, documents) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
candidates = (@formatCandidate(authorized, doc) for doc in documents)
|
||||
candidates = (candidate for candidate in candidates when @employerCanViewCandidate req.user, candidate)
|
||||
candidates = (candidate for candidate in documents when @employerCanViewCandidate req.user, candidate.toObject())
|
||||
candidates = (@formatCandidate(authorized, candidate) for candidate in candidates)
|
||||
@sendSuccess(res, candidates)
|
||||
|
||||
formatCandidate: (authorized, document) ->
|
||||
|
@ -285,6 +285,8 @@ UserHandler = class UserHandler extends Handler
|
|||
for job in candidate.jobProfile?.work ? []
|
||||
# TODO: be smarter about different ways to write same company names to ensure privacy.
|
||||
# We'll have to manually pay attention to how we set employer names for now.
|
||||
if job.employer?.toLowerCase() is employer.get('employerAt')?.toLowerCase()
|
||||
log.info "#{employer.get('name')} at #{employer.get('employerAt')} can't see #{candidate.jobProfile.name} because s/he worked there."
|
||||
return false if job.employer?.toLowerCase() is employer.get('employerAt')?.toLowerCase()
|
||||
true
|
||||
|
||||
|
|
Loading…
Reference in a new issue