TianyangZhang
619ca19f87
fix: prevent IDOR in application status update endpoint
...
Replace class-level queryset attribute with get_queryset() method that
scopes Application objects to the requesting admin's organization,
preventing regular admins from modifying applications belonging to
other organizations via pk enumeration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-25 08:31:31 +08:00
TianyangZhang
0ccd943255
feat: add Application model with status tracking and email notifications
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:46:14 +08:00
TianyangZhang
cc39c22e87
feat: add Resume model with JSONB fields and file upload
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:43:24 +08:00
TianyangZhang
f5d753d441
fix: fix jobs view filter backend and defensive queryset
...
- Replace inline __import__ with proper DjangoFilterBackend import
- Add SearchFilter to JobPublicViewSet filter_backends
- Add defensive check for missing organization_id in get_queryset
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:41:58 +08:00
TianyangZhang
f228ff0697
feat: add Job model with search/filter and role-based access
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:39:58 +08:00
TianyangZhang
cc2cd40532
fix: fix organizations view queryset and add API tests
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:37:54 +08:00
TianyangZhang
7e089bd5ec
feat: add Organization model with tree structure
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:34:56 +08:00
TianyangZhang
c3466f4866
feat: add custom User model with role-based permissions
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:11:40 +08:00
TianyangZhang