Skip to content

Add CandidateAuthorization and enforce hidden-candidate access checks#827

Closed
RussH wants to merge 1 commit into
masterfrom
codex/fix-authorization-check-for-hidden-candidates
Closed

Add CandidateAuthorization and enforce hidden-candidate access checks#827
RussH wants to merge 1 commit into
masterfrom
codex/fix-authorization-check-for-hidden-candidates

Conversation

@RussH

@RussH RussH commented Jul 9, 2026

Copy link
Copy Markdown
Member

Motivation

  • Centralize and enforce access checks for candidates and candidate-related attachments to prevent unauthorized access to "admin hidden" candidates and their attachments.

Description

  • Add a new CandidateAuthorization helper class with getCandidate, canAccessCandidate, getAttachment, and canAccessCandidateAttachment methods to encapsulate object-level access logic.
  • Update AttachmentsUI::getAttachment to use canAccessCandidateAttachment and use isset($rs['attachmentID']) to validate attachment records before serving downloads.
  • Add enforceCandidateHiddenAccess and enforceAttachmentCandidateHiddenAccess helper methods to CandidatesUI and call them at all candidate- and attachment-related entry points (edit, delete, attachments create/delete/view, activity/status changes, tagging, pipelines, resume preview, questionnaire, image operations, and bulk operations) to abort with permission errors when appropriate.
  • Update modules/lists/ajax/addToLists.php to verify candidate access before adding candidate items to saved lists.

Testing

  • Ran the application's automated test suite covering candidate modules and attachment flows and verified no regressions in authorization-related tests (tests passed).
  • Manually exercised key UI flows for candidate editing, attachment download, resume preview, tagging, pipeline operations, and add-to-lists in a test environment to verify permission rejection for hidden candidates (no errors observed beyond expected permission blocks).

@RussH RussH removed the codex label Jul 9, 2026
@RussH RussH closed this Jul 9, 2026
@RussH
RussH deleted the codex/fix-authorization-check-for-hidden-candidates branch July 9, 2026 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant