This commit is contained in:
George Saines 2014-04-18 13:02:11 -07:00
commit fced3e821a
3 changed files with 7 additions and 5 deletions

View file

@ -90,7 +90,7 @@ block content
if user.get('jobProfileNotes') || me.isAdmin()
h3.experience-header(data-i18n="account_profile.our_notes") Our Notes
- var notes = user.get('jobProfileNotes') || '';
if !me.isAdmin()
if me.isAdmin()
textarea#job-profile-notes!= notes
else
div!= marked(notes)

View file

@ -58,7 +58,7 @@ body
.footer.clearfix
.content
p.footer-link-text
if pathname == "/"
if pathname == "/" || (me.get('permissions') || []).indexOf('employer') != -1
a(href='/employers', title='Home', tabindex=-1, data-i18n="nav.employers") Employers
else
a(href='/', title='Home', tabindex=-1, data-i18n="nav.home") Home

View file

@ -47,7 +47,7 @@ UserHandler = class UserHandler extends Handler
delete obj[prop] for prop in serverProperties
includePrivates = req.user and (req.user.isAdmin() or req.user._id.equals(document._id))
delete obj[prop] for prop in privateProperties unless includePrivates
includeCandidate = includePrivates or (obj.jobProfileApproved and req.user and ('employer' in (req.user.permissions ? [])) and @employerCanViewCandidate req.user, obj)
includeCandidate = includePrivates or (obj.jobProfileApproved and req.user and ('employer' in (req.user.get('permissions') ? [])) and @employerCanViewCandidate req.user, obj)
delete obj[prop] for prop in candidateProperties unless includeCandidate
return obj
@ -266,8 +266,8 @@ UserHandler = class UserHandler extends Handler
selection += ' jobProfileApproved' if req.user.isAdmin()
User.find(query).select(selection).exec (err, documents) =>
return @sendDatabaseError(res, err) if err
candidates = (@formatCandidate(authorized, doc) for doc in documents)
candidates = (candidate for candidate in candidates when @employerCanViewCandidate req.user, candidate)
candidates = (candidate for candidate in documents when @employerCanViewCandidate req.user, candidate.toObject())
candidates = (@formatCandidate(authorized, candidate) for candidate in candidates)
@sendSuccess(res, candidates)
formatCandidate: (authorized, document) ->
@ -285,6 +285,8 @@ UserHandler = class UserHandler extends Handler
for job in candidate.jobProfile?.work ? []
# TODO: be smarter about different ways to write same company names to ensure privacy.
# We'll have to manually pay attention to how we set employer names for now.
if job.employer?.toLowerCase() is employer.get('employerAt')?.toLowerCase()
log.info "#{employer.get('name')} at #{employer.get('employerAt')} can't see #{candidate.jobProfile.name} because s/he worked there."
return false if job.employer?.toLowerCase() is employer.get('employerAt')?.toLowerCase()
true