From aa918828b6fb917ffbb23e85cc91bc8923cf95b0 Mon Sep 17 00:00:00 2001
From: Danae Natalie Savvidi <d.n.savvidi@student.tudelft.nl>
Date: Wed, 12 Feb 2025 15:31:37 +0100
Subject: [PATCH] fix authorization in apply button

---
 src/main/java/nl/tudelft/tam/security/AuthorisationService.java | 1 +
 src/main/resources/templates/job_offer/apply.html               | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/nl/tudelft/tam/security/AuthorisationService.java b/src/main/java/nl/tudelft/tam/security/AuthorisationService.java
index 00a07c14e..8bc84a2cb 100644
--- a/src/main/java/nl/tudelft/tam/security/AuthorisationService.java
+++ b/src/main/java/nl/tudelft/tam/security/AuthorisationService.java
@@ -242,6 +242,7 @@ public class AuthorisationService {
 		JobOffer jobOffer = jobOfferService.findByIdOrThrow(offerId);
 		return !applicationService.appExistsFor(getAuthPerson().getId(), offerId) &&
 				!jobOffer.getHidden() &&
+				!canManageEdition(jobOffer.getEditionId()) &&
 				(jobOffer.getDeadline() == null || !LocalDate.now().isAfter(jobOffer.getDeadline()));
 	}
 
diff --git a/src/main/resources/templates/job_offer/apply.html b/src/main/resources/templates/job_offer/apply.html
index 6f52595b0..a5d76d06e 100644
--- a/src/main/resources/templates/job_offer/apply.html
+++ b/src/main/resources/templates/job_offer/apply.html
@@ -78,7 +78,7 @@
                         th:text="#{general.close}"
                         data-cancel></button>
                     <button
-                        th:unless="${app.exists()}"
+                        th:unless="${app.exists() || !@authorisationService.canSubmitApplication(offer.id)}"
                         type="submit"
                         class="button p-less"
                         th:aria-label="#{jobOffer.apply}"
-- 
GitLab