Recruitment_site

招聘网站

Go to file

TianyangZhang 619ca19f87 fix: prevent IDOR in application status update endpoint Replace class-level queryset attribute with get_queryset() method that scopes Application objects to the requesting admin's organization, preventing regular admins from modifying applications belonging to other organizations via pk enumeration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-25 08:31:31 +08:00
docs/superpowers	docs: add recruitment website implementation plan	2026-03-24 16:50:58 +08:00
offer_backend	fix: prevent IDOR in application status update endpoint	2026-03-25 08:31:31 +08:00

TianyangZhang 619ca19f87 fix: prevent IDOR in application status update endpoint

Replace class-level queryset attribute with get_queryset() method that
scopes Application objects to the requesting admin's organization,
preventing regular admins from modifying applications belonging to
other organizations via pk enumeration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-25 08:31:31 +08:00

docs/superpowers

docs: add recruitment website implementation plan

2026-03-24 16:50:58 +08:00

offer_backend

fix: prevent IDOR in application status update endpoint

2026-03-25 08:31:31 +08:00