Skip to content

fix: allow site admins to use administrative hide #708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RussH merged 2 commits into from
Apr 22, 2026
Merged

fix: allow site admins to use administrative hide #708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d3a85fd
Allow site admins to use administrative hide
anonymoususer72041 Feb 2, 2026
e7b7d1a
Update Behat tests for Site Admin Administrative Hide/Show access
anonymoususer72041 Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions modules/candidates/CandidatesUI.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@ public function handleRequest()

/* Administrators can hide a candidate from a site with this action. */
case 'administrativeHideShow':
if ($this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA)
if ($this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA)
{
CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.');
}
Expand Down Expand Up @@ -580,9 +580,9 @@ private function show()
return;
}

if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA)
if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA)
{
$this->listByView('This candidate is hidden - only a CATS Administrator can unlock the candidate.');
$this->listByView('This candidate is hidden - only a Site Administrator can unlock the candidate.');
return;
}

Expand Down Expand Up @@ -1169,9 +1169,9 @@ private function edit()
CommonErrors::fatal(COMMONERROR_BADINDEX, $this, 'The specified candidate ID could not be found.');
}

if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_MULTI_SA)
if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('candidates.hidden') < ACCESS_LEVEL_SA)
{
$this->listByView('This candidate is hidden - only a CATS Administrator can unlock the candidate.');
$this->listByView('This candidate is hidden - only a Site Administrator can unlock the candidate.');
return;
}

Expand Down
4 changes: 2 additions & 2 deletions modules/candidates/Show.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;

<?php if ($this->data['isAdminHidden'] == 1): ?>
<div class="warning">
This Candidate is hidden. Only CATS Administrators can view it or search for it. To make it visible by the site users, click
This Candidate is hidden. Only Site Administrators can view it or search for it. To make it visible by the site users, click
<form method="post" action="<?php echo(CATSUtility::getIndexName()); ?>?m=candidates&amp;a=administrativeHideShow" style="display:inline;">
<input type="hidden" name="postback" value="postback" />
<input type="hidden" name="candidateID" value="<?php echo($this->candidateID); ?>" />
Expand Down Expand Up @@ -467,7 +467,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
</a>
&nbsp;&nbsp;&nbsp;&nbsp;
<?php endif; ?>
<?php if ($this->getUserAccessLevel('candidates.administrativeHideShow') >= ACCESS_LEVEL_MULTI_SA): ?>
<?php if ($this->getUserAccessLevel('candidates.administrativeHideShow') >= ACCESS_LEVEL_SA): ?>
<?php if ($this->data['isAdminHidden'] == 1): ?>
<form method="post" action="<?php echo(CATSUtility::getIndexName()); ?>?m=candidates&amp;a=administrativeHideShow" style="display:inline;">
<input type="hidden" name="postback" value="postback" />
Expand Down
6 changes: 3 additions & 3 deletions modules/joborders/JobOrdersUI.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ public function handleRequest()
*/

case 'administrativeHideShow':
if ($this->getUserAccessLevel('joborders.administrativeHideShow') < ACCESS_LEVEL_MULTI_SA)
if ($this->getUserAccessLevel('joborders.administrativeHideShow') < ACCESS_LEVEL_SA)
{
CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.');
}
Expand Down Expand Up @@ -414,9 +414,9 @@ private function show()
CommonErrors::fatal(COMMONERROR_BADINDEX, $this, 'The specified job order ID could not be found.');
}

if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('joborders.hidden') < ACCESS_LEVEL_MULTI_SA)
if ($data['isAdminHidden'] == 1 && $this->getUserAccessLevel('joborders.hidden') < ACCESS_LEVEL_SA)
{
$this->listByView('This Job Order is hidden - only a CATS Administrator can unlock the Job Order.');
$this->listByView('This Job Order is hidden - only a Site Administrator can unlock the Job Order.');
return;
}

Expand Down
4 changes: 2 additions & 2 deletions modules/joborders/Show.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ use OpenCATS\UI\QuickActionMenu;

<?php if ($this->data['isAdminHidden'] == 1): ?>
<div class="warning">
This Job Order is hidden. Only CATS Administrators can view it or search for it. To make it visible by the site users, click
This Job Order is hidden. Only Site Administrators can view it or search for it. To make it visible by the site users, click
<form method="post" action="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&amp;a=administrativeHideShow" style="display:inline;">
<input type="hidden" name="postback" value="postback" />
<input type="hidden" name="jobOrderID" value="<?php echo($this->jobOrderID); ?>" />
Expand Down Expand Up @@ -347,7 +347,7 @@ use OpenCATS\UI\QuickActionMenu;
</form>
&nbsp;&nbsp;&nbsp;&nbsp;
<?php endif; ?>
<?php if ($this->getUserAccessLevel('joborders.hidden') >= ACCESS_LEVEL_MULTI_SA): ?>
<?php if ($this->getUserAccessLevel('joborders.hidden') >= ACCESS_LEVEL_SA): ?>
<?php if ($this->data['isAdminHidden'] == 1): ?>
<form method="post" action="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&amp;a=administrativeHideShow" style="display:inline;">
<input type="hidden" name="postback" value="postback" />
Expand Down
6 changes: 3 additions & 3 deletions test/features/GET_POST_requestsSecurity.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,8 @@ Scenario Outline: Candidate module actions
| ADMIN | GET | index.php?m=candidates&a=removeFromPipeline | |
| ADMIN | GET | index.php?m=candidates&a=addEditImage | |
| ADMIN | GET | index.php?m=candidates&a=createAttachment | |
| ADMIN | GET | index.php?m=candidates&a=administrativeHideShow | not |
| ADMIN | GET | index.php?m=candidates&a=deleteAttachment | not |
| ADMIN | GET | index.php?m=candidates&a=administrativeHideShow | |
| ADMIN | GET | index.php?m=candidates&a=deleteAttachment | |
| ADMIN | GET | index.php?m=candidates&a=savedLists | |
| ADMIN | GET | index.php?m=candidates&a=emailCandidates | |
| ADMIN | GET | index.php?m=candidates&a=show_questionnaire | |
Expand Down Expand Up @@ -377,7 +377,7 @@ Scenario Outline: Job Order module actions
| ADMIN | GET | index.php?m=joborders&a=search | |
| ADMIN | GET | index.php?m=joborders&a=search&getback=getback | |
| ADMIN | GET | index.php?m=joborders&a=addActivityChangeStatus | |
| ADMIN | GET | index.php?m=joborders&a=administrativeHideShow | not |
| ADMIN | GET | index.php?m=joborders&a=administrativeHideShow | |
| ADMIN | GET | index.php?m=joborders&a=listByView | |
| ADMIN | GET | index.php?m=joborders&a=considerCandidateSearch | |
| ADMIN | GET | index.php?m=joborders&a=addToPipeline | |
Expand Down
5 changes: 2 additions & 3 deletions test/features/moduleSubPagesSecurity.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Feature: Access Level to objects check - sub pages (show, ...)
| EDIT | see | see | | | see | see | not see | see | not see | not see | see | see | | not | | see | not |
| DELETE | see | see | | | see | see | not see | see | see | not see | see | see | | | | see | |
| DEMO | see | see | | | see | see | see | see | see | not see | see | see | | | | see | |
| ADMIN | see | see | | | see | see | see | see | see | not see | see | see | | | | see | |
| ADMIN | see | see | | | see | see | see | see | see | see | see | see | | | | see | |
| MULTI_ADMIN | see | see | | | see | see | see | see | see | see | see | see | | | | see | |
| ROOT | see | see | | | see | see | see | see | see | see | see | see | | | | see | |

Expand Down Expand Up @@ -87,7 +87,7 @@ Feature: Access Level to objects check - sub pages (show, ...)
| EDIT | see | see | | | | see | see | see | see | not see | not see | not see | | | see | not | | not | | not |
| DELETE | see | see | | | | see | see | see | see | see | not see | not see | | | see | | | | | |
| DEMO | see | see | | | | see | see | see | see | see | see | not see | | | see | | | | | |
| ADMIN | see | see | | | | see | see | see | see | see | see | not see | | | see | | | | | |
| ADMIN | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | |
| MULTI_ADMIN | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | |
| ROOT | see | see | | | | see | see | see | see | see | see | see | | | see | | | | | |

Expand Down Expand Up @@ -229,4 +229,3 @@ Feature: Access Level to objects check - sub pages (show, ...)
# no sub pages

##missing checks for quick action menus on Show pages

Loading