update jobs query set and auth

null-open-security-community · Dec 30, 2024 · 9a9f515 · 9a9f515
1 parent d6126a6
commit 9a9f515
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/apps/jobs/utils/user_permissions.py b/apps/jobs/utils/user_permissions.py
@@ -52,6 +52,6 @@ def is_user_employer(user_id):
 
         # check if the user_id belongs to any user
         user_data = User.objects.filter(
-            user_id=user_id, user_type__iexact=values.EMPLOYER
+            id=user_id, user_type__iexact=values.EMPLOYER
         )
         return True if user_data.exists() else False
diff --git a/apps/jobs/views.py b/apps/jobs/views.py
@@ -15,7 +15,7 @@
 from apps.userprofile.models import UserProfile
 from apps.applicants.models import Applicants
 from apps.jobs.models import Company, ContactMessage, Job
-from apps.accounts.permissions import IsEmployer
+from apps.accounts.permissions import IsEmployer, IsJobSeeker
 from apps.jobs.serializers import CompanySerializer, ContactUsSerializer, JobSerializer, JobsCountByCategoriesSerializer, CompanyStatsResponseSerializer
 from apps.jobs.utils.validators import validationClass
 from apps.utils.responses import InternalServerError
@@ -56,7 +56,7 @@ class JobViewSets(viewsets.ModelViewSet):
     def get_queryset(self):
         queryset = super().get_queryset()
 
-        if self.request.user.is_authenticated:
+        if self.request.user.is_authenticated and self.request.user.user_type != "Employer":
             queryset = queryset.annotate(
                 has_applied=Case(
                     When(applicants__user=UserProfile.objects.get(user=self.request.user), then=Value(True)),
@@ -104,15 +104,15 @@ def update(self, request, *args, **kwargs):
 
         # check if the user_id present in the request belongs to Employer or Moderator
         if not (
-            UserTypeCheck.is_user_employer(request.user_id)
+            UserTypeCheck.is_user_employer(request.user.id)
             or Moderator().has_permission(request)
         ):
             return response.create_response(
                 response.PERMISSION_DENIED
                 + " You don't have permissions to update a job",
                 status.HTTP_401_UNAUTHORIZED,
             )
-
+        
         return super().update(request, *args, **kwargs)
 
     def destroy(self, request, pk, *args, **kwargs):