Recruitment_site

Commit Graph

Author	SHA1	Message	Date
TianyangZhang	619ca19f87	fix: prevent IDOR in application status update endpoint Replace class-level queryset attribute with get_queryset() method that scopes Application objects to the requesting admin's organization, preventing regular admins from modifying applications belonging to other organizations via pk enumeration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-25 08:31:31 +08:00
TianyangZhang	0ccd943255	feat: add Application model with status tracking and email notifications Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-24 17:46:14 +08:00

Author

SHA1

Message

Date

TianyangZhang

619ca19f87

fix: prevent IDOR in application status update endpoint

Replace class-level queryset attribute with get_queryset() method that
scopes Application objects to the requesting admin's organization,
preventing regular admins from modifying applications belonging to
other organizations via pk enumeration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-25 08:31:31 +08:00

TianyangZhang

0ccd943255

feat: add Application model with status tracking and email notifications

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-24 17:46:14 +08:00

2 Commits