From aa918828b6fb917ffbb23e85cc91bc8923cf95b0 Mon Sep 17 00:00:00 2001 From: Danae Natalie Savvidi <d.n.savvidi@student.tudelft.nl> Date: Wed, 12 Feb 2025 15:31:37 +0100 Subject: [PATCH] fix authorization in apply button --- src/main/java/nl/tudelft/tam/security/AuthorisationService.java | 1 + src/main/resources/templates/job_offer/apply.html | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/nl/tudelft/tam/security/AuthorisationService.java b/src/main/java/nl/tudelft/tam/security/AuthorisationService.java index 00a07c14e..8bc84a2cb 100644 --- a/src/main/java/nl/tudelft/tam/security/AuthorisationService.java +++ b/src/main/java/nl/tudelft/tam/security/AuthorisationService.java @@ -242,6 +242,7 @@ public class AuthorisationService { JobOffer jobOffer = jobOfferService.findByIdOrThrow(offerId); return !applicationService.appExistsFor(getAuthPerson().getId(), offerId) && !jobOffer.getHidden() && + !canManageEdition(jobOffer.getEditionId()) && (jobOffer.getDeadline() == null || !LocalDate.now().isAfter(jobOffer.getDeadline())); } diff --git a/src/main/resources/templates/job_offer/apply.html b/src/main/resources/templates/job_offer/apply.html index 6f52595b0..a5d76d06e 100644 --- a/src/main/resources/templates/job_offer/apply.html +++ b/src/main/resources/templates/job_offer/apply.html @@ -78,7 +78,7 @@ th:text="#{general.close}" data-cancel></button> <button - th:unless="${app.exists()}" + th:unless="${app.exists() || !@authorisationService.canSubmitApplication(offer.id)}" type="submit" class="button p-less" th:aria-label="#{jobOffer.apply}" -- GitLab