zcdsj
/
Recruitment_site
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Recruitment_site/offer_backend/apps/applications
History
TianyangZhang 619ca19f87 fix: prevent IDOR in application status update endpoint 
Replace class-level queryset attribute with get_queryset() method that
scopes Application objects to the requesting admin's organization,
preventing regular admins from modifying applications belonging to
other organizations via pk enumeration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-03-25 08:31:31 +08:00
..
migrations feat: add Application model with status tracking and email notifications 2026-03-24 17:46:14 +08:00
tests feat: add Application model with status tracking and email notifications 2026-03-24 17:46:14 +08:00
__init__.py feat: add custom User model with role-based permissions 2026-03-24 17:11:40 +08:00
apps.py feat: add custom User model with role-based permissions 2026-03-24 17:11:40 +08:00
emails.py feat: add Application model with status tracking and email notifications 2026-03-24 17:46:14 +08:00
models.py feat: add Application model with status tracking and email notifications 2026-03-24 17:46:14 +08:00
serializers.py feat: add Application model with status tracking and email notifications 2026-03-24 17:46:14 +08:00
urls.py feat: add Application model with status tracking and email notifications 2026-03-24 17:46:14 +08:00
views.py fix: prevent IDOR in application status update endpoint 2026-03-25 08:31:31 +08:00