Skip to content

fix: allow site admins to use administrative hide #708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
anonymoususer72041 wants to merge 2 commits into
base: master
Choose a base branch
from
+28 −28
Open

fix: allow site admins to use administrative hide #708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
916ff44
Allow site admins to use administrative hide
anonymoususer72041 Feb 2, 2026
ffd304d
Update Behat tests for Site Admin Administrative Hide/Show access
anonymoususer72041 Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions modules/candidates/CandidatesUI.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,11 +266,11 @@ public function handleRequest()
break;

/* Administrators can hide a candidate from a site with this action. */
case 'administrativeHideShow':
if ($this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA)
{
CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.');
}
case 'administrativeHideShow':
if ($this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA)
{
CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.');
}
$this->administrativeHideShow();
break;

Expand Down Expand Up @@ -493,11 +493,11 @@ private function show()
return;
}

if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA)
{
$this->listByView('This candidate is hidden - only a CATS Administrator can unlock the candidate.');
return;
}
if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA)
{
$this->listByView('This candidate is hidden - only a Site Administrator can unlock the candidate.');
return;
}

/* We want to handle formatting the city and state here instead
* of in the template.
Expand Down Expand Up @@ -1081,11 +1081,11 @@ private function edit()
CommonErrors::fatal(COMMONERROR_BADINDEX, $this, 'The specified candidate ID could not be found.');
}

if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA)
{
$this->listByView('This candidate is hidden - only a CATS Administrator can unlock the candidate.');
return;
}
if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA)
{
$this->listByView('This candidate is hidden - only a Site Administrator can unlock the candidate.');
return;
}

$users = new Users($this->_siteID);
$usersRS = $users->getSelectList();
Expand Down
4 changes: 2 additions & 2 deletions modules/candidates/Show.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
<p class="note">Candidate Details</p>

<?php if ($this->data['isAdminHidden'] == 1): ?>
<p class="warning">This Candidate is hidden. Only CATS Administrators can view it or search for it. To make it visible by the site users, click <a href="<?php echo(CATSUtility::getIndexName()); ?>?m=candidates&amp;a=administrativeHideShow&amp;candidateID=<?php echo($this->candidateID); ?>&amp;state=0" style="font-weight:bold;">Here.</a></p>
<p class="warning">This Candidate is hidden. Only Site Administrators can view it or search for it. To make it visible by the site users, click <a href="<?php echo(CATSUtility::getIndexName()); ?>?m=candidates&amp;a=administrativeHideShow&amp;candidateID=<?php echo($this->candidateID); ?>&amp;state=0" style="font-weight:bold;">Here.</a></p>
<?php endif; ?>

<table class="detailsOutside">
Expand Down Expand Up @@ -440,7 +440,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
</a>
&nbsp;&nbsp;&nbsp;&nbsp;
<?php endif; ?>
<?php if ($this->getUserAccessLevel('candidates.administrativeHideShow') >= ACCESS_LEVEL_MULTI_SA): ?>
<?php if ($this->getUserAccessLevel('candidates.administrativeHideShow') >= ACCESS_LEVEL_SA): ?>
<?php if ($this->data['isAdminHidden'] == 1): ?>
<a href="<?php echo(CATSUtility::getIndexName()); ?>?m=candidates&amp;a=administrativeHideShow&amp;candidateID=<?php echo($this->candidateID); ?>&amp;state=0">
<img src="images/resume_preview_inline.gif" width="16" height="16" class="absmiddle" alt="delete" border="0" />&nbsp;Administrative Show
Expand Down
6 changes: 3 additions & 3 deletions modules/joborders/JobOrdersUI.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@ public function handleRequest()
*/

case 'administrativeHideShow':
if ($this->getUserAccessLevel('joborders.administrativeHideShow') < ACCESS_LEVEL_MULTI_SA)
if ($this->getUserAccessLevel('joborders.administrativeHideShow') < ACCESS_LEVEL_SA)
{
CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.');
}
Expand Down Expand Up @@ -379,9 +379,9 @@ private function show()
CommonErrors::fatal(COMMONERROR_BADINDEX, $this, 'The specified job order ID could not be found.');
}

if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('joborders.hidden') < ACCESS_LEVEL_MULTI_SA)
if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('joborders.hidden') < ACCESS_LEVEL_SA)
{
$this->listByView('This Job Order is hidden - only a CATS Administrator can unlock the Job Order.');
$this->listByView('This Job Order is hidden - only a Site Administrator can unlock the Job Order.');
return;
}

Expand Down
4 changes: 2 additions & 2 deletions modules/joborders/Show.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use OpenCATS\UI\QuickActionMenu;
<p class="note">Job Order Details</p>

<?php if ($this->data['isAdminHidden'] == 1): ?>
<p class="warning">This Job Order is hidden. Only CATS Administrators can view it or search for it. To make it visible by the site users, click <a href="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&amp;a=administrativeHideShow&amp;jobOrderID=<?php echo($this->jobOrderID); ?>&amp;state=0" style="font-weight:bold;">Here.</a></p>
<p class="warning">This Job Order is hidden. Only Site Administrators can view it or search for it. To make it visible by the site users, click <a href="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&amp;a=administrativeHideShow&amp;jobOrderID=<?php echo($this->jobOrderID); ?>&amp;state=0" style="font-weight:bold;">Here.</a></p>
<?php endif; ?>

<?php if (isset($this->frozen)): ?>
Expand Down Expand Up @@ -332,7 +332,7 @@ use OpenCATS\UI\QuickActionMenu;
</a>
&nbsp;&nbsp;&nbsp;&nbsp;
<?php endif; ?>
<?php if ($this->getUserAccessLevel('joborders.hidden') >= ACCESS_LEVEL_MULTI_SA): ?>
<?php if ($this->getUserAccessLevel('joborders.hidden') >= ACCESS_LEVEL_SA): ?>
<?php if ($this->data['isAdminHidden'] == 1): ?>
<a href="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&amp;a=administrativeHideShow&amp;jobOrderID=<?php echo($this->jobOrderID); ?>&amp;state=0">
<img src="images/resume_preview_inline.gif" width="16" height="16" class="absmiddle" alt="delete" border="0" />&nbsp;Administrative Show
Expand Down
6 changes: 3 additions & 3 deletions test/features/GET_POST_requestsSecurity.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ Scenario Outline: Candidate module actions
| ADMIN | GET | index.php?m=candidates&a=removeFromPipeline | |
| ADMIN | GET | index.php?m=candidates&a=addEditImage | |
| ADMIN | GET | index.php?m=candidates&a=createAttachment | |
| ADMIN | GET | index.php?m=candidates&a=administrativeHideShow | not |
| ADMIN | GET | index.php?m=candidates&a=administrativeHideShow | |
| ADMIN | GET | index.php?m=candidates&a=deleteAttachment | |
| ADMIN | GET | index.php?m=candidates&a=savedLists | |
| ADMIN | GET | index.php?m=candidates&a=emailCandidates | |
Expand Down Expand Up @@ -351,7 +351,7 @@ Scenario Outline: Job Order module actions
| ADMIN | GET | index.php?m=joborders&a=search | |
| ADMIN | GET | index.php?m=joborders&a=search&getback=getback | |
| ADMIN | GET | index.php?m=joborders&a=addActivityChangeStatus | |
| ADMIN | GET | index.php?m=joborders&a=administrativeHideShow | not |
| ADMIN | GET | index.php?m=joborders&a=administrativeHideShow | |
| ADMIN | GET | index.php?m=joborders&a=listByView | |
| ADMIN | GET | index.php?m=joborders&a=considerCandidateSearch | |
| ADMIN | GET | index.php?m=joborders&a=addToPipeline | |
Expand Down Expand Up @@ -1369,4 +1369,4 @@ Scenario Outline: Reports module actions

#When I do GET request "index.php?m=settings&a=ajax_wizardWebsite"
#And the response should <FWebsite> contain "You don't have permission"


6 changes: 3 additions & 3 deletions test/features/moduleSubPagesSecurity.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Feature: Access Level to objects check - sub pages (show, ...)
| EDIT | see | see | | | see | see | not see | see | not see | not see | see | see | | not | | see | not |
| DELETE | see | see | | | see | see | not see | see | see | not see | see | see | | | | see | |
| DEMO | see | see | | | see | see | see | see | see | not see | see | see | | | | see | |
| ADMIN | see | see | | | see | see | see | see | see | not see | see | see | | | | see | |
| ADMIN | see | see | | | see | see | see | see | see | see | see | see | | | | see | |
| MULTI_ADMIN | see | see | | | see | see | see | see | see | see | see | see | | | | see | |
| ROOT | see | see | | | see | see | see | see | see | see | see | see | | | | see | |

Expand Down Expand Up @@ -87,7 +87,7 @@ Feature: Access Level to objects check - sub pages (show, ...)
| EDIT | see | see | | | | see | see | see | see | not see | not see | not see | | | see | not | | not | | not |
| DELETE | see | see | | | | see | see | see | see | see | not see | not see | | | see | | | | | |
| DEMO | see | see | | | | see | see | see | see | see | see | not see | | | see | | | | | |
| ADMIN | see | see | | | | see | see | see | see | see | see | not see | | | see | | | | | |
| ADMIN | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | |
| MULTI_ADMIN | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | |
| ROOT | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | |

Expand Down Expand Up @@ -229,4 +229,4 @@ Feature: Access Level to objects check - sub pages (show, ...)
# no sub pages

##missing checks for quick action menus on Show pages


Loading