diff --git a/modules/candidates/CandidatesUI.php b/modules/candidates/CandidatesUI.php index d59a034da..3a63e2d24 100755 --- a/modules/candidates/CandidatesUI.php +++ b/modules/candidates/CandidatesUI.php @@ -288,7 +288,7 @@ public function handleRequest() /* Administrators can hide a candidate from a site with this action. */ case 'administrativeHideShow': - if ($this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA) + if ($this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.'); } @@ -580,9 +580,9 @@ private function show() return; } - if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA) + if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA) { - $this->listByView('This candidate is hidden - only a CATS Administrator can unlock the candidate.'); + $this->listByView('This candidate is hidden - only a Site Administrator can unlock the candidate.'); return; } @@ -1169,9 +1169,9 @@ private function edit() CommonErrors::fatal(COMMONERROR_BADINDEX, $this, 'The specified candidate ID could not be found.'); } - if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA) + if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA) { - $this->listByView('This candidate is hidden - only a CATS Administrator can unlock the candidate.'); + $this->listByView('This candidate is hidden - only a Site Administrator can unlock the candidate.'); return; } diff --git a/modules/candidates/Show.tpl b/modules/candidates/Show.tpl index c413363e0..2a6dee076 100755 --- a/modules/candidates/Show.tpl +++ b/modules/candidates/Show.tpl @@ -48,7 +48,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu; data['isAdminHidden'] == 1): ?>
- This Candidate is hidden. Only CATS Administrators can view it or search for it. To make it visible by the site users, click + This Candidate is hidden. Only Site Administrators can view it or search for it. To make it visible by the site users, click
@@ -467,7 +467,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;      - getUserAccessLevel('candidates.administrativeHideShow') >= ACCESS_LEVEL_MULTI_SA): ?> + getUserAccessLevel('candidates.administrativeHideShow') >= ACCESS_LEVEL_SA): ?> data['isAdminHidden'] == 1): ?> diff --git a/modules/joborders/JobOrdersUI.php b/modules/joborders/JobOrdersUI.php index e1e8f1993..c9ded81d3 100755 --- a/modules/joborders/JobOrdersUI.php +++ b/modules/joborders/JobOrdersUI.php @@ -318,7 +318,7 @@ public function handleRequest() */ case 'administrativeHideShow': - if ($this->getUserAccessLevel('joborders.administrativeHideShow') < ACCESS_LEVEL_MULTI_SA) + if ($this->getUserAccessLevel('joborders.administrativeHideShow') < ACCESS_LEVEL_SA) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.'); } @@ -414,9 +414,9 @@ private function show() CommonErrors::fatal(COMMONERROR_BADINDEX, $this, 'The specified job order ID could not be found.'); } - if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('joborders.hidden') < ACCESS_LEVEL_MULTI_SA) + if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('joborders.hidden') < ACCESS_LEVEL_SA) { - $this->listByView('This Job Order is hidden - only a CATS Administrator can unlock the Job Order.'); + $this->listByView('This Job Order is hidden - only a Site Administrator can unlock the Job Order.'); return; } diff --git a/modules/joborders/Show.tpl b/modules/joborders/Show.tpl index 754bc34a8..fc6d2d3e6 100755 --- a/modules/joborders/Show.tpl +++ b/modules/joborders/Show.tpl @@ -26,7 +26,7 @@ use OpenCATS\UI\QuickActionMenu; data['isAdminHidden'] == 1): ?>
- This Job Order is hidden. Only CATS Administrators can view it or search for it. To make it visible by the site users, click + This Job Order is hidden. Only Site Administrators can view it or search for it. To make it visible by the site users, click @@ -347,7 +347,7 @@ use OpenCATS\UI\QuickActionMenu;      - getUserAccessLevel('joborders.hidden') >= ACCESS_LEVEL_MULTI_SA): ?> + getUserAccessLevel('joborders.hidden') >= ACCESS_LEVEL_SA): ?> data['isAdminHidden'] == 1): ?>
diff --git a/test/features/GET_POST_requestsSecurity.feature b/test/features/GET_POST_requestsSecurity.feature index 56ee10cf9..a3b7dab8f 100644 --- a/test/features/GET_POST_requestsSecurity.feature +++ b/test/features/GET_POST_requestsSecurity.feature @@ -166,8 +166,8 @@ Scenario Outline: Candidate module actions | ADMIN | GET | index.php?m=candidates&a=removeFromPipeline | | | ADMIN | GET | index.php?m=candidates&a=addEditImage | | | ADMIN | GET | index.php?m=candidates&a=createAttachment | | - | ADMIN | GET | index.php?m=candidates&a=administrativeHideShow | not | - | ADMIN | GET | index.php?m=candidates&a=deleteAttachment | not | + | ADMIN | GET | index.php?m=candidates&a=administrativeHideShow | | + | ADMIN | GET | index.php?m=candidates&a=deleteAttachment | | | ADMIN | GET | index.php?m=candidates&a=savedLists | | | ADMIN | GET | index.php?m=candidates&a=emailCandidates | | | ADMIN | GET | index.php?m=candidates&a=show_questionnaire | | @@ -377,7 +377,7 @@ Scenario Outline: Job Order module actions | ADMIN | GET | index.php?m=joborders&a=search | | | ADMIN | GET | index.php?m=joborders&a=search&getback=getback | | | ADMIN | GET | index.php?m=joborders&a=addActivityChangeStatus | | - | ADMIN | GET | index.php?m=joborders&a=administrativeHideShow | not | + | ADMIN | GET | index.php?m=joborders&a=administrativeHideShow | | | ADMIN | GET | index.php?m=joborders&a=listByView | | | ADMIN | GET | index.php?m=joborders&a=considerCandidateSearch | | | ADMIN | GET | index.php?m=joborders&a=addToPipeline | | diff --git a/test/features/moduleSubPagesSecurity.feature b/test/features/moduleSubPagesSecurity.feature index f0e4c9645..416406a68 100644 --- a/test/features/moduleSubPagesSecurity.feature +++ b/test/features/moduleSubPagesSecurity.feature @@ -44,7 +44,7 @@ Feature: Access Level to objects check - sub pages (show, ...) | EDIT | see | see | | | see | see | not see | see | not see | not see | see | see | | not | | see | not | | DELETE | see | see | | | see | see | not see | see | see | not see | see | see | | | | see | | | DEMO | see | see | | | see | see | see | see | see | not see | see | see | | | | see | | - | ADMIN | see | see | | | see | see | see | see | see | not see | see | see | | | | see | | + | ADMIN | see | see | | | see | see | see | see | see | see | see | see | | | | see | | | MULTI_ADMIN | see | see | | | see | see | see | see | see | see | see | see | | | | see | | | ROOT | see | see | | | see | see | see | see | see | see | see | see | | | | see | | @@ -87,7 +87,7 @@ Feature: Access Level to objects check - sub pages (show, ...) | EDIT | see | see | | | | see | see | see | see | not see | not see | not see | | | see | not | | not | | not | | DELETE | see | see | | | | see | see | see | see | see | not see | not see | | | see | | | | | | | DEMO | see | see | | | | see | see | see | see | see | see | not see | | | see | | | | | | - | ADMIN | see | see | | | | see | see | see | see | see | see | not see | | | see | | | | | | + | ADMIN | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | | | MULTI_ADMIN | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | | | ROOT | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | | @@ -229,4 +229,3 @@ Feature: Access Level to objects check - sub pages (show, ...) # no sub pages ##missing checks for quick action menus on Show pages - \ No newline at end of file