def update_md5sum(key): # This view is a hack. We need proper SQL migrations instead of this if key == app.config['PERIODIC_KEY']: for post in JobPost.query.all(): if not post.md5sum: post.md5sum = md5sum(post.email) db.session.commit() return Response("Updated md5sum for all posts.\n", content_type='text/plain; charset=utf-8') else: abort(403)
def editjob(hashid, key, form=None, post=None, validated=False): if form is None: form = forms.ListingForm(request.form) form.job_type.choices = [(ob.id, ob.title) for ob in JobType.query.filter_by(public=True).order_by('seq')] form.job_category.choices = [(ob.id, ob.title) for ob in JobCategory.query.filter_by(public=True).order_by('seq')] if post is None: post = JobPost.query.filter_by(hashid=hashid).first_or_404() if not ((key is None and g.user is not None and post.admin_is(g.user)) or (key == post.edit_key)): abort(403) # Don't allow email address to be changed once its confirmed if request.method == 'POST' and post.status >= POSTSTATUS.PENDING: del form.poster_name form.poster_email.data = post.email if request.method == 'POST' and (validated or form.validate()): form_description = bleach.linkify(bleach.clean(form.job_description.data, tags=ALLOWED_TAGS)) form_perks = bleach.linkify(bleach.clean(form.job_perks_description.data, tags=ALLOWED_TAGS)) if form.job_perks.data else '' form_how_to_apply = form.job_how_to_apply.data form_email_domain = get_email_domain(form.poster_email.data) form_words = get_word_bag(u' '.join((form_description, form_perks, form_how_to_apply))) similar = False for oldpost in JobPost.query.filter(db.or_( db.and_( JobPost.email_domain == form_email_domain, JobPost.status.in_([POSTSTATUS.CONFIRMED, POSTSTATUS.REVIEWED, POSTSTATUS.WITHDRAWN, POSTSTATUS.REJECTED])), JobPost.status == POSTSTATUS.SPAM)).filter( JobPost.datetime > datetime.utcnow() - agelimit).all(): if oldpost.id != post.id: if oldpost.words: s = SequenceMatcher(None, form_words, oldpost.words) if s.ratio() > 0.6: similar = True break if similar: flash("This listing is very similar to an earlier listing. You may not relist the same job " "in less than %d days." % agelimit.days, category='interactive') else: post.headline = form.job_headline.data post.type_id = form.job_type.data post.category_id = form.job_category.data post.location = form.job_location.data post.relocation_assist = form.job_relocation_assist.data post.description = form_description post.perks = form_perks post.how_to_apply = form_how_to_apply post.company_name = form.company_name.data post.company_url = form.company_url.data post.hr_contact = form.hr_contact.data # Allow name and email to be set only on new posts if not post.status >= POSTSTATUS.PENDING: post.fullname = form.poster_name.data post.email = form.poster_email.data post.email_domain = form_email_domain post.md5sum = md5sum(post.email) # To protect from gaming, don't allow words to be removed in edited listings once the post # has been confirmed. Just add the new words. if post.status >= POSTSTATUS.CONFIRMED: prev_words = post.words or '' else: prev_words = u'' post.words = get_word_bag(u' '.join((prev_words, form_description, form_perks, form_how_to_apply))) if request.files['company_logo']: # The form's validator saved the processed logo in g.company_logo. thumbnail = g.company_logo logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid) post.company_logo = logofilename else: if form.company_logo_remove.data: post.company_logo = None db.session.commit() userkeys = session.get('userkeys', []) userkeys.append(post.edit_key) session['userkeys'] = userkeys session.permanent = True return redirect(url_for('jobdetail', hashid=post.hashid), code=303) elif request.method == 'POST': flash("Please correct the indicated errors", category='interactive') elif request.method == 'GET': # Populate form from model form.job_headline.data = post.headline form.job_type.data = post.type_id form.job_category.data = post.category_id form.job_location.data = post.location form.job_relocation_assist.data = post.relocation_assist form.job_description.data = post.description form.job_perks.data = True if post.perks else False form.job_perks_description.data = post.perks form.job_how_to_apply.data = post.how_to_apply form.company_name.data = post.company_name form.company_url.data = post.company_url form.poster_name.data = post.fullname form.poster_email.data = post.email form.hr_contact.data = int(post.hr_contact or False) return render_template('postjob.html', form=form, no_email=post.status > POSTSTATUS.DRAFT)
def editjob(hashid, key, form=None, post=None, validated=False): if form is None: form = forms.ListingForm(request.form) form.job_type.choices = [ (ob.id, ob.title) for ob in JobType.query.filter_by(public=True).order_by('seq') ] form.job_category.choices = [ (ob.id, ob.title) for ob in JobCategory.query.filter_by(public=True).order_by('seq') ] if post is None: post = JobPost.query.filter_by(hashid=hashid).first_or_404() if not ((key is None and g.user is not None and post.admin_is(g.user)) or (key == post.edit_key)): abort(403) # Don't allow email address to be changed once its confirmed if request.method == 'POST' and post.status >= POSTSTATUS.PENDING: # del form.poster_name # Deprecated 2013-11-20 form.poster_email.data = post.email if request.method == 'POST' and (validated or form.validate()): form_description = bleach.linkify( bleach.clean(form.job_description.data, tags=ALLOWED_TAGS)) form_perks = bleach.linkify( bleach.clean(form.job_perks_description.data, tags=ALLOWED_TAGS)) if form.job_perks.data else '' form_how_to_apply = form.job_how_to_apply.data form_email_domain = get_email_domain(form.poster_email.data) form_words = get_word_bag(u' '.join( (form_description, form_perks, form_how_to_apply))) similar = False for oldpost in JobPost.query.filter( db.or_( db.and_( JobPost.email_domain == form_email_domain, JobPost.status.in_([ POSTSTATUS.CONFIRMED, POSTSTATUS.REVIEWED, POSTSTATUS.WITHDRAWN, POSTSTATUS.REJECTED ])), JobPost.status == POSTSTATUS.SPAM)).filter( JobPost.datetime > datetime.utcnow() - agelimit).all(): if oldpost.id != post.id: if oldpost.words: s = SequenceMatcher(None, form_words, oldpost.words) if s.ratio() > 0.6: similar = True break if similar: flash( "This listing is very similar to an earlier listing. You may not relist the same job " "in less than %d days." % agelimit.days, category='interactive') else: post.headline = form.job_headline.data post.type_id = form.job_type.data post.category_id = form.job_category.data post.location = form.job_location.data post.relocation_assist = form.job_relocation_assist.data post.description = form_description post.perks = form_perks post.how_to_apply = form_how_to_apply post.company_name = form.company_name.data post.company_url = form.company_url.data post.hr_contact = form.hr_contact.data if form.collaborators.data: post.admins = [] userdata = lastuser.getuser_by_userids(form.collaborators.data) for userinfo in userdata: if userinfo['type'] == 'user': user = User.query.filter_by( userid=userinfo['buid']).first() if not user: # New user on Hasjob. Don't set username right now. It's not relevant # until first login and we don't want to deal with conflicts user = User(userid=userinfo['buid'], fullname=userinfo['title']) db.session.add(user) post.admins.append(user) # Allow name and email to be set only on new posts if not post.status >= POSTSTATUS.PENDING: # post.fullname = form.poster_name.data # Deprecated 2013-11-20 post.email = form.poster_email.data post.email_domain = form_email_domain post.md5sum = md5sum(post.email) # To protect from gaming, don't allow words to be removed in edited listings once the post # has been confirmed. Just add the new words. if post.status >= POSTSTATUS.CONFIRMED: prev_words = post.words or '' else: prev_words = u'' post.words = get_word_bag(u' '.join( (prev_words, form_description, form_perks, form_how_to_apply))) if request.files['company_logo']: # The form's validator saved the processed logo in g.company_logo. thumbnail = g.company_logo logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid) post.company_logo = logofilename else: if form.company_logo_remove.data: post.company_logo = None db.session.commit() userkeys = session.get('userkeys', []) userkeys.append(post.edit_key) session['userkeys'] = userkeys session.permanent = True return redirect(url_for('jobdetail', hashid=post.hashid), code=303) elif request.method == 'POST': flash("Please correct the indicated errors", category='interactive') elif request.method == 'GET': # Populate form from model form.job_headline.data = post.headline form.job_type.data = post.type_id form.job_category.data = post.category_id form.job_location.data = post.location form.job_relocation_assist.data = post.relocation_assist form.job_description.data = post.description form.job_perks.data = True if post.perks else False form.job_perks_description.data = post.perks form.job_how_to_apply.data = post.how_to_apply form.company_name.data = post.company_name form.company_url.data = post.company_url # form.poster_name.data = post.fullname # Deprecated 2013-11-20 form.poster_email.data = post.email form.hr_contact.data = int(post.hr_contact or False) form.collaborators.data = [u.userid for u in post.admins] return render_template('postjob.html', form=form, no_email=post.status > POSTSTATUS.DRAFT, getuser_autocomplete=lastuser.endpoint_url( lastuser.getuser_autocomplete_endpoint), getuser_userids=lastuser.endpoint_url( lastuser.getuser_userids_endpoint))
def editjob(hashid, key, form=None, post=None, validated=False): if form is None: form = forms.ListingForm(request.form) form.job_type.choices = [(ob.id, ob.title) for ob in JobType.query.filter_by(public=True).order_by('seq')] form.job_category.choices = [(ob.id, ob.title) for ob in JobCategory.query.filter_by(public=True).order_by('seq')] if post is None: post = JobPost.query.filter_by(hashid=hashid).first_or_404() if not ((key is None and g.user is not None and post.admin_is(g.user)) or (key == post.edit_key)): abort(403) # Don't allow email address to be changed once its confirmed if post.status > POSTSTATUS.PENDING: no_email = True else: no_email = False if request.method == 'POST' and post.status > POSTSTATUS.PENDING: # del form.poster_name # Deprecated 2013-11-20 form.poster_email.data = post.email if request.method == 'POST' and (validated or form.validate()): form_description = bleach.linkify(bleach.clean(form.job_description.data, tags=ALLOWED_TAGS)) form_perks = bleach.linkify(bleach.clean(form.job_perks_description.data, tags=ALLOWED_TAGS)) if form.job_perks.data else '' form_how_to_apply = form.job_how_to_apply.data form_email_domain = get_email_domain(form.poster_email.data) form_words = get_word_bag(u' '.join((form_description, form_perks, form_how_to_apply))) similar = False for oldpost in JobPost.query.filter(db.or_( db.and_( JobPost.email_domain == form_email_domain, JobPost.status.in_([POSTSTATUS.CONFIRMED, POSTSTATUS.REVIEWED, POSTSTATUS.WITHDRAWN, POSTSTATUS.REJECTED])), JobPost.status == POSTSTATUS.SPAM)).filter( JobPost.datetime > datetime.utcnow() - agelimit).all(): if oldpost.id != post.id: if oldpost.words: s = SequenceMatcher(None, form_words, oldpost.words) if s.ratio() > 0.6: similar = True break if similar: flash("This listing is very similar to an earlier listing. You may not relist the same job " "in less than %d days." % agelimit.days, category='interactive') else: post.headline = form.job_headline.data post.type_id = form.job_type.data post.category_id = form.job_category.data post.location = form.job_location.data post.relocation_assist = form.job_relocation_assist.data post.description = form_description post.perks = form_perks post.how_to_apply = form_how_to_apply post.company_name = form.company_name.data post.company_url = form.company_url.data post.hr_contact = form.hr_contact.data post.pay_type = form.job_pay_type.data if post.pay_type != PAY_TYPE.NOCASH: post.pay_currency = form.job_pay_currency.data post.pay_cash_min = form.job_pay_cash_min.data # TODO: Sanitize post.pay_cash_max = form.job_pay_cash_max.data # TODO: Sanitize else: post.pay_currency = None post.pay_cash_min = None post.pay_cash_max = None if form.job_pay_equity.data: post.pay_equity_min = form.job_pay_equity_min.data # TODO: Sanitize post.pay_equity_max = form.job_pay_equity_max.data # TODO: Sanitize else: post.pay_equity_min = None post.pay_equity_max = None if form.collaborators.data: post.admins = [] userdata = lastuser.getuser_by_userids(form.collaborators.data) for userinfo in userdata: if userinfo['type'] == 'user': user = User.query.filter_by(userid=userinfo['buid']).first() if not user: # New user on Hasjob. Don't set username right now. It's not relevant # until first login and we don't want to deal with conflicts user = User(userid=userinfo['buid'], fullname=userinfo['title']) db.session.add(user) post.admins.append(user) # Allow name and email to be set only on non-confirmed posts if not no_email: # post.fullname = form.poster_name.data # Deprecated 2013-11-20 post.email = form.poster_email.data post.email_domain = form_email_domain post.md5sum = md5sum(post.email) # To protect from gaming, don't allow words to be removed in edited listings once the post # has been confirmed. Just add the new words. if post.status >= POSTSTATUS.CONFIRMED: prev_words = post.words or u'' else: prev_words = u'' post.words = get_word_bag(u' '.join((prev_words, form_description, form_perks, form_how_to_apply))) post.language = identify_language(post) if post.status == POSTSTATUS.MODERATED: post.status = POSTSTATUS.CONFIRMED if request.files['company_logo']: # The form's validator saved the processed logo in g.company_logo. thumbnail = g.company_logo logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid) post.company_logo = logofilename else: if form.company_logo_remove.data: post.company_logo = None db.session.commit() userkeys = session.get('userkeys', []) userkeys.append(post.edit_key) session['userkeys'] = userkeys session.permanent = True return redirect(url_for('jobdetail', hashid=post.hashid), code=303) elif request.method == 'POST': flash("Please correct the indicated errors", category='interactive') elif request.method == 'GET': # Populate form from model form.job_headline.data = post.headline form.job_type.data = post.type_id form.job_category.data = post.category_id form.job_location.data = post.location form.job_relocation_assist.data = post.relocation_assist form.job_description.data = post.description form.job_perks.data = True if post.perks else False form.job_perks_description.data = post.perks form.job_how_to_apply.data = post.how_to_apply form.company_name.data = post.company_name form.company_url.data = post.company_url # form.poster_name.data = post.fullname # Deprecated 2013-11-20 form.poster_email.data = post.email form.hr_contact.data = int(post.hr_contact or False) form.collaborators.data = [u.userid for u in post.admins] form.job_pay_type.data = post.pay_type form.job_pay_currency.data = post.pay_currency form.job_pay_cash_min.data = post.pay_cash_min form.job_pay_cash_max.data = post.pay_cash_max form.job_pay_equity.data = bool(post.pay_equity_min and post.pay_equity_max) form.job_pay_equity_min.data = post.pay_equity_min form.job_pay_equity_max.data = post.pay_equity_max return render_template('postjob.html', form=form, no_email=no_email, getuser_autocomplete=lastuser.endpoint_url(lastuser.getuser_autocomplete_endpoint), getuser_userids=lastuser.endpoint_url(lastuser.getuser_userids_endpoint))