def confirm(hashid):
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
form = forms.ConfirmForm()
if post.status in [POSTSTATUS.REJECTED, POSTSTATUS.SPAM]:
abort(410)
elif post.status in [POSTSTATUS.DRAFT, POSTSTATUS.PENDING]:
if not (post.edit_key in session.get('userkeys', []) or post.admin_is(g.user)):
abort(403)
else:
# Any other status: no confirmation required (via this handler)
return redirect(url_for('jobdetail', hashid=post.hashid), code=302)
if 'form.id' in request.form and form.validate_on_submit():
# User has accepted terms of service. Now send email and/or wait for payment
# Also (re-)set the verify key, just in case they changed their email
# address and are re-verifying
post.email_verify_key = random_long_key()
msg = Message(subject="Confirmation of your job listing at Hasjob",
recipients=[post.email])
msg.body = render_template("confirm_email.md", post=post)
msg.html = markdown(msg.body)
mail.send(msg)
post.email_sent = True
post.status = POSTSTATUS.PENDING
db.session.commit()
try:
session.get('userkeys', []).remove(post.edit_key)
session.modified = True # Since it won't detect changes to lists
except ValueError:
pass
return render_template('mailsent.html', post=post)
return render_template('confirm.html', post=post, form=form)
def confirm(domain, hashid):
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
form = forms.ConfirmForm()
if post.status in POSTSTATUS.GONE:
abort(410)
elif post.status in POSTSTATUS.UNPUBLISHED and not post.admin_is(g.user):
abort(403)
elif post.status not in POSTSTATUS.UNPUBLISHED:
# Any other status: no confirmation required (via this handler)
return redirect(post.url_for(), code=302)
# We get here if it's (a) POSTSTATUS.UNPUBLISHED and (b) the user is confirmed authorised
if 'form.id' in request.form and form.validate_on_submit():
# User has accepted terms of service. Now send email and/or wait for payment
# Also (re-)set the verify key, just in case they changed their email
# address and are re-verifying
post.email_verify_key = random_long_key()
msg = Message(subject="Confirmation of your job post at Hasjob",
recipients=[post.email])
msg.body = render_template("confirm_email.md", post=post)
msg.html = markdown(msg.body)
mail.send(msg)
post.email_sent = True
post.status = POSTSTATUS.PENDING
db.session.commit()
return render_template('mailsent.html', post=post)
return render_template('confirm.html', post=post, form=form)
def confirm(hashid):
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
form = forms.ConfirmForm()
if post.status in [POSTSTATUS.REJECTED, POSTSTATUS.SPAM]:
abort(410)
elif post.status in [POSTSTATUS.DRAFT, POSTSTATUS.PENDING]:
if not (post.edit_key in session.get('userkeys', [])
or post.admin_is(g.user)):
abort(403)
else:
# Any other status: no confirmation required (via this handler)
return redirect(url_for('jobdetail', hashid=post.hashid), code=302)
if 'form.id' in request.form and form.validate_on_submit():
# User has accepted terms of service. Now send email and/or wait for payment
# Also (re-)set the verify key, just in case they changed their email
# address and are re-verifying
post.email_verify_key = random_long_key()
msg = Message(subject="Confirmation of your job listing at Hasjob",
recipients=[post.email])
msg.body = render_template("confirm_email.md", post=post)
msg.html = markdown(msg.body)
mail.send(msg)
post.email_sent = True
post.status = POSTSTATUS.PENDING
db.session.commit()
try:
session.get('userkeys', []).remove(post.edit_key)
session.modified = True # Since it won't detect changes to lists
except ValueError:
pass
return render_template('mailsent.html', post=post)
return render_template('confirm.html', post=post, form=form)
def confirm(domain, hashid):
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
form = forms.ConfirmForm()
if post.status in POSTSTATUS.GONE:
abort(410)
elif post.status in POSTSTATUS.UNPUBLISHED and not post.admin_is(g.user):
abort(403)
elif post.status not in POSTSTATUS.UNPUBLISHED:
# Any other status: no confirmation required (via this handler)
return redirect(post.url_for(), code=302)
# We get here if it's (a) POSTSTATUS.UNPUBLISHED and (b) the user is confirmed authorised
if 'form.id' in request.form and form.validate_on_submit():
# User has accepted terms of service. Now send email and/or wait for payment
# Also (re-)set the verify key, just in case they changed their email
# address and are re-verifying
post.email_verify_key = random_long_key()
msg = Message(subject="Confirmation of your job post at Hasjob",
recipients=[post.email])
msg.html = email_transform(render_template('confirm_email.html', post=post), base_url=request.url_root)
msg.body = html2text(msg.html)
mail.send(msg)
post.email_sent = True
post.status = POSTSTATUS.PENDING
db.session.commit()
return render_template('mailsent.html', post=post)
return render_template('confirm.html', post=post, form=form)
def unique_long_hash(model=JobApplication):
"""
Returns a long unique hash for a given model
"""
while 1:
hashid = random_long_key()
if model.query.filter_by(hashid=hashid).count() == 0:
break
return hashid
def editjob(hashid, key, domain=None, form=None, validated=False, newpost=None):
if form is None:
form = forms.ListingForm(request.form)
form.job_type.choices = JobType.choices(g.board)
form.job_category.choices = JobCategory.choices(g.board)
if g.board and not g.board.require_pay:
form.job_pay_type.choices = [(-1, u'Confidential')] + PAY_TYPE.items()
post = None
no_email = False
if not newpost:
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
if not ((key is None and g.user is not None and post.admin_is(g.user)) or (key == post.edit_key)):
abort(403)
# Once this post is published, require editing at /domain/<hashid>/edit
if not key and post.status not in POSTSTATUS.UNPUBLISHED and post.email_domain != domain:
return redirect(post.url_for('edit'), code=301)
# Don't allow editing jobs that aren't on this board as that may be a loophole when
# the board allows no pay (except in the 'www' root board, where editing is always allowed)
with db.session.no_autoflush:
if g.board and g.board.not_root and post.link_to_board(g.board) is None and request.method == 'GET':
blink = post.postboards.first()
if blink:
return redirect(post.url_for('edit', subdomain=blink.board.name, _external=True))
else:
return redirect(post.url_for('edit', subdomain=None, _external=True))
# Don't allow email address to be changed once it's confirmed
if post.status in POSTSTATUS.POSTPENDING:
no_email = True
if request.method == 'POST' and post and post.status in POSTSTATUS.POSTPENDING:
# del form.poster_name # Deprecated 2013-11-20
form.poster_email.data = post.email
if request.method == 'POST' and (validated or form.validate()):
form_description = bleach.linkify(bleach.clean(form.job_description.data, tags=ALLOWED_TAGS))
form_perks = bleach.linkify(bleach.clean(form.job_perks_description.data, tags=ALLOWED_TAGS)) if form.job_perks.data else ''
form_how_to_apply = form.job_how_to_apply.data
form_email_domain = get_email_domain(form.poster_email.data)
form_words = get_word_bag(u' '.join((form_description, form_perks, form_how_to_apply)))
similar = False
with db.session.no_autoflush:
for oldpost in JobPost.query.filter(db.or_(
db.and_(
JobPost.email_domain == form_email_domain,
JobPost.status.in_(POSTSTATUS.POSTPENDING)),
JobPost.status == POSTSTATUS.SPAM)).filter(
JobPost.datetime > datetime.utcnow() - agelimit).all():
if not post or (oldpost.id != post.id):
if oldpost.words:
s = SequenceMatcher(None, form_words, oldpost.words)
if s.ratio() > 0.6:
similar = True
break
if similar:
flash("This post is very similar to an earlier post. You may not repost the same job "
"in less than %d days." % agelimit.days, category='interactive')
else:
if newpost:
post = JobPost(**newpost)
db.session.add(post)
if g.board:
post.add_to(g.board)
if g.board.not_root:
post.add_to('www')
post.headline = form.job_headline.data
post.headlineb = form.job_headlineb.data
post.type_id = form.job_type.data
post.category_id = form.job_category.data
post.location = form.job_location.data
post.relocation_assist = form.job_relocation_assist.data
post.description = form_description
post.perks = form_perks
post.how_to_apply = form_how_to_apply
post.company_name = form.company_name.data
post.company_url = form.company_url.data
post.hr_contact = form.hr_contact.data
post.twitter = form.twitter.data
post.pay_type = form.job_pay_type.data
if post.pay_type == -1:
post.pay_type = None
if post.pay_type is not None and post.pay_type != PAY_TYPE.NOCASH:
post.pay_currency = form.job_pay_currency.data
post.pay_cash_min = form.job_pay_cash_min.data
post.pay_cash_max = form.job_pay_cash_max.data
else:
post.pay_currency = None
post.pay_cash_min = None
post.pay_cash_max = None
if form.job_pay_equity.data:
post.pay_equity_min = form.job_pay_equity_min.data
post.pay_equity_max = form.job_pay_equity_max.data
else:
post.pay_equity_min = None
post.pay_equity_max = None
post.admins = form.collaborators.data
# Allow name and email to be set only on non-confirmed posts
if not no_email:
# post.fullname = form.poster_name.data # Deprecated 2013-11-20
if post.email != form.poster_email.data:
# Change the email_verify_key if the email changes
post.email_verify_key = random_long_key()
post.email = form.poster_email.data
post.email_domain = form_email_domain
post.md5sum = md5sum(post.email)
with db.session.no_autoflush:
# This is dependent on the domain's DNS validity already being confirmed
# by the form's email validator
post.domain = Domain.get(post.email_domain, create=True)
# To protect from gaming, don't allow words to be removed in edited posts once the post
# has been confirmed. Just add the new words.
if post.status in POSTSTATUS.POSTPENDING:
prev_words = post.words or u''
else:
prev_words = u''
post.words = get_word_bag(u' '.join((prev_words, form_description, form_perks, form_how_to_apply)))
post.language, post.language_confidence = identify_language(post)
if post.status == POSTSTATUS.MODERATED:
post.status = POSTSTATUS.CONFIRMED
if request.files['company_logo']:
# The form's validator saved the processed logo in g.company_logo.
thumbnail = g.company_logo
logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid)
post.company_logo = logofilename
else:
if form.company_logo_remove.data:
post.company_logo = None
db.session.commit()
tag_jobpost.delay(post.id) # Keywords
tag_locations.delay(post.id) # Locations
post.uncache_viewcounts('pay_label')
session.pop('userkeys', None) # Remove legacy userkeys dict
session.permanent = True
return redirect(post.url_for(), code=303)
elif request.method == 'POST':
flash("Please review the indicated issues", category='interactive')
elif request.method == 'GET':
form.populate_from(post)
return render_template('postjob.html', form=form, no_email=no_email)
def editjob(hashid, key, domain=None, form=None, validated=False, newpost=None):
if form is None:
form = forms.ListingForm(request.form)
form.job_type.choices = JobType.choices(g.board)
form.job_category.choices = JobCategory.choices(g.board)
if g.board and not g.board.require_pay:
form.job_pay_type.choices = [(-1, u'Confidential')] + PAY_TYPE.items()
post = None
no_email = False
if not newpost:
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
if not ((key is None and g.user is not None and post.admin_is(g.user)) or (key == post.edit_key)):
abort(403)
# Once this post is published, require editing at /domain/<hashid>/edit
if not key and post.status not in POSTSTATUS.UNPUBLISHED and post.email_domain != domain:
return redirect(post.url_for('edit'), code=301)
# Don't allow editing jobs that aren't on this board as that may be a loophole when
# the board allows no pay (except in the 'www' root board, where editing is always allowed)
with db.session.no_autoflush:
if g.board and g.board.not_root and post.link_to_board(g.board) is None and request.method == 'GET':
blink = post.postboards.first()
if blink:
return redirect(post.url_for('edit', subdomain=blink.board.name, _external=True))
else:
return redirect(post.url_for('edit', subdomain=None, _external=True))
# Don't allow email address to be changed once it's confirmed
if post.status in POSTSTATUS.POSTPENDING:
no_email = True
if request.method == 'POST' and post and post.status in POSTSTATUS.POSTPENDING:
# del form.poster_name # Deprecated 2013-11-20
form.poster_email.data = post.email
if request.method == 'POST' and (validated or form.validate()):
form_description = bleach.linkify(bleach.clean(form.job_description.data, tags=ALLOWED_TAGS))
form_perks = bleach.linkify(bleach.clean(form.job_perks_description.data, tags=ALLOWED_TAGS)) if form.job_perks.data else ''
form_how_to_apply = form.job_how_to_apply.data
form_email_domain = get_email_domain(form.poster_email.data)
form_words = get_word_bag(u' '.join((form_description, form_perks, form_how_to_apply)))
similar = False
with db.session.no_autoflush:
for oldpost in JobPost.query.filter(db.or_(
db.and_(
JobPost.email_domain == form_email_domain,
JobPost.status.in_(POSTSTATUS.POSTPENDING)),
JobPost.status == POSTSTATUS.SPAM)).filter(
JobPost.datetime > datetime.utcnow() - agelimit).all():
if not post or (oldpost.id != post.id):
if oldpost.words:
s = SequenceMatcher(None, form_words, oldpost.words)
if s.ratio() > 0.6:
similar = True
break
if similar:
flash("This post is very similar to an earlier post. You may not repost the same job "
"in less than %d days." % agelimit.days, category='interactive')
else:
if newpost:
post = JobPost(**newpost)
db.session.add(post)
if g.board:
post.add_to(g.board)
if g.board.not_root:
post.add_to('www')
post.headline = form.job_headline.data
post.headlineb = form.job_headlineb.data
post.type_id = form.job_type.data
post.category_id = form.job_category.data
post.location = form.job_location.data
post.relocation_assist = form.job_relocation_assist.data
post.description = form_description
post.perks = form_perks
post.how_to_apply = form_how_to_apply
post.company_name = form.company_name.data
post.company_url = form.company_url.data
post.hr_contact = form.hr_contact.data
post.twitter = form.twitter.data
post.pay_type = form.job_pay_type.data
if post.pay_type == -1:
post.pay_type = None
if post.pay_type is not None and post.pay_type != PAY_TYPE.NOCASH:
post.pay_currency = form.job_pay_currency.data
post.pay_cash_min = form.job_pay_cash_min.data
post.pay_cash_max = form.job_pay_cash_max.data
else:
post.pay_currency = None
post.pay_cash_min = None
post.pay_cash_max = None
if form.job_pay_equity.data:
post.pay_equity_min = form.job_pay_equity_min.data
post.pay_equity_max = form.job_pay_equity_max.data
else:
post.pay_equity_min = None
post.pay_equity_max = None
post.admins = form.collaborators.data
# Allow name and email to be set only on non-confirmed posts
if not no_email:
# post.fullname = form.poster_name.data # Deprecated 2013-11-20
if post.email != form.poster_email.data:
# Change the email_verify_key if the email changes
post.email_verify_key = random_long_key()
post.email = form.poster_email.data
post.email_domain = form_email_domain
post.md5sum = md5sum(post.email)
with db.session.no_autoflush:
# This is dependent on the domain's DNS validity already being confirmed
# by the form's email validator
post.domain = Domain.get(post.email_domain, create=True)
if not post.domain.is_webmail and not post.domain.title:
post.domain.title, post.domain.legal_title = common_legal_names(post.company_name)
# To protect from gaming, don't allow words to be removed in edited posts once the post
# has been confirmed. Just add the new words.
if post.status in POSTSTATUS.POSTPENDING:
prev_words = post.words or u''
else:
prev_words = u''
post.words = get_word_bag(u' '.join((prev_words, form_description, form_perks, form_how_to_apply)))
post.language, post.language_confidence = identify_language(post)
if post.status == POSTSTATUS.MODERATED:
post.status = POSTSTATUS.CONFIRMED
if request.files['company_logo']:
# The form's validator saved the processed logo in g.company_logo.
thumbnail = g.company_logo
logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid)
post.company_logo = logofilename
else:
if form.company_logo_remove.data:
post.company_logo = None
db.session.commit()
tag_jobpost.delay(post.id) # Keywords
tag_locations.delay(post.id) # Locations
post.uncache_viewcounts('pay_label')
session.pop('userkeys', None) # Remove legacy userkeys dict
session.permanent = True
# cache bust
dogpile.invalidate_region('hasjob_index')
return redirect(post.url_for(), code=303)
elif request.method == 'POST':
flash("Please review the indicated issues", category='interactive')
elif request.method == 'GET':
form.populate_from(post)
return render_template('postjob.html', form=form, no_email=no_email)