update some urls

2025-11-28 20:25:16 +03:00 · 2025-11-28 20:25:16 +03:00 · a3348e1199
commit a3348e1199
parent 3749fbd3ef
1 changed files with 115 additions and 49 deletions
--- a/recruitment/views.py
+++ b/recruitment/views.py
@ -1196,6 +1196,19 @@ def application_submit_form(request, template_slug):
    """Display the form as a step-by-step wizard"""
    if not request.user.is_authenticated:
        return redirect("application_signup",slug=template_slug)
+    job = get_object_or_404(JobPosting, form_template__slug=template_slug)
+    if request.user.user_type == "candidate":
+        person=request.user.person_profile
+        if job.has_already_applied_to_this_job(person):
+            messages.error(
+                request,
+                _(
+                    "You have already applied to this job: Multiple applications are not allowed."
+                ),
+            )
+            return redirect("job_application_detail", slug=job.slug)
+
+
    template = get_object_or_404(FormTemplate, slug=template_slug, is_active=True)
    stage = template.stages.filter(name="Contact Information")

@ -4514,6 +4527,8 @@ def agency_assignment_detail_admin(request, slug):
    return render(request, "recruitment/agency_assignment_detail.html", context)


+
+#will check the changes application to appliaction in this function
@agency_user_required
 def agency_portal_edit_application(request, candidate_id):
    """Edit a candidate for agency portal"""
@ -4870,6 +4885,14 @@ def message_mark_unread(request, message_id):
@login_required
 def message_delete(request, message_id):
    """Delete a message"""
+    """
+    Deletes a message using a POST request, primarily designed for HTMX.
+    Redirects to the message list on success (either via standard redirect
+    or HTMX's hx-redirect header).
+    """
+
+    # 1. Retrieve the message
+    # Use select_related to fetch linked objects efficiently for checks/logging
    message = get_object_or_404(
        Message.objects.select_related("sender", "recipient"), id=message_id
    )
@ -4877,6 +4900,14 @@ def message_delete(request, message_id):
    # Check if user has permission to delete this message
    if message.sender != request.user and message.recipient != request.user:
        messages.error(request, "You don't have permission to delete this message.")
+
+        # HTMX requests should handle redirection via client-side logic (hx-redirect)
+        if "HX-Request" in request.headers:
+             # Returning 403 or 400 is ideal, but 200 with an empty body is often accepted
+             # by HTMX and the message is shown on the next page/refresh.
+             return HttpResponse(status=403)
+
+        # Standard navigation redirect
        return redirect("message_list")

    if request.method == "POST":
@ -5029,49 +5060,84 @@ def document_delete(request, document_id):
    """Delete a document"""
    document = get_object_or_404(Document, id=document_id)

-    # Check permission - document is now linked to Application or Person via Generic Foreign Key
-    if hasattr(document.content_object, "job"):
-        # Application document
-        if (
-            document.content_object.job.assigned_to != request.user
-            and not request.user.is_superuser
-        ):
-            messages.error(
-                request, "You don't have permission to delete this document."
-            )
-            return JsonResponse({"success": False, "error": "Permission denied"})
-        job_slug = document.content_object.job.slug
-        redirect_url = "applicant_portal_dashboard" if request.user.user_type == "candidate" else "job_detail"
-    elif hasattr(document.content_object, "person"):
-        # Person document
-        if request.user.user_type == "candidate":
-            candidate = request.user.person_profile
-            if document.content_object != candidate:
-                messages.error(
-                    request, "You can only delete your own documents."
-                )
-                return JsonResponse({"success": False, "error": "Permission denied"})
-        redirect_url = "applicant_portal_dashboard"
-    else:
-        # Handle other content object types
-        messages.error(request, "You don't have permission to delete this document.")
-        return JsonResponse({"success": False, "error": "Permission denied"})
+    # Initialize variables for redirection outside of the complex logic
+    is_htmx = "HX-Request" in request.headers

+    # 1. Permission and Context Initialization
+    has_permission = False
+
+    content_object = document.content_object
+
+    # Case A: Document linked to an Application (via content_object)
+    if hasattr(content_object, "job"):
+        # Staff/Superuser checking against Application's Job assignment
+        if (content_object.job.assigned_to == request.user) or request.user.is_superuser:
+            has_permission = True
+
+        # Candidate checking if the Application belongs to them
+        elif request.user.user_type == "candidate" and content_object.person.user == request.user:
+            has_permission = True
+
+        # Determine redirect URL for non-HTMX requests (fallback)
+        if request.user.user_type == "candidate":
+            # Assuming you redirect to the candidate's main dashboard after deleting their app document
+            redirect_view_name = "applicant_portal_dashboard"
+        else:
+            # Assuming you redirect to the job detail page for staff
+            redirect_view_name = "job_detail"
+            redirect_args = [content_object.job.slug] # Pass the job slug
+
+    # Case B: Document linked directly to a Person (e.g., profile document)
+    elif hasattr(content_object, "user"):
+        # Check if the document belongs to the requesting candidate
+        if request.user.user_type == "candidate" and content_object.user == request.user:
+            has_permission = True
+            redirect_view_name = "applicant_portal_dashboard"
+        # Check if the requesting user is staff/superuser (Staff can delete profile docs)
+        elif request.user.is_staff or request.user.is_superuser:
+             has_permission = True
+             # Staff should probably go to the person's profile detail, but defaulting to a safe spot.
+             redirect_view_name = "dashboard"
+
+    # Case C: No clear content object linkage or unhandled type
+    else:
+        has_permission = request.user.is_superuser # Only superuser can delete unlinked docs
+
+
+    # 2. Enforce Permissions
+    if not has_permission:
+        messages.error(request, "Permission denied: You cannot delete this document.")
+        # Return a 403 response for HTMX/AJAX
+        return HttpResponse(status=403)
+
+
+    # 3. Handle POST Request (Deletion)
    if request.method == "POST":
        file_name = document.file.name if document.file else "Unknown"
        document.delete()
        messages.success(request, f'Document "{file_name}" deleted successfully!')

-        # Handle AJAX requests
-        if request.headers.get("X-Requested-With") == "XMLHttpRequest":
-            return JsonResponse(
-                {"success": True, "message": "Document deleted successfully!"}
-            )
+        # --- HTMX / AJAX Response ---
+        if is_htmx or request.headers.get("X-Requested-With") == "XMLHttpRequest":
+            # For HTMX, return a 200 OK. The front-end is expected to use hx-swap='outerHTML'
+            # to remove the element, or hx-redirect to navigate.
+            return HttpResponse(status=200)
+
+        # --- Standard Navigation Fallback ---
        else:
-            return redirect("application_detail", slug=job_slug)
-
-    return JsonResponse({"success": False, "error": "Method not allowed"})
+            try:
+                # Use the calculated redirect view name and arguments
+                if 'redirect_args' in locals():
+                    return redirect(redirect_view_name, *redirect_args)
+                else:
+                    return redirect(redirect_view_name)
+            except NameError:
+                # If no specific redirect_view_name was set (e.g., Case C failure)
+                return redirect("dashboard")

+    # 4. Handle non-POST (e.g., GET)
+    # The delete view should not be accessed via GET.
+    return HttpResponse(status=405) # Method Not Allowed

@login_required
 def document_download(request, document_id):
@ -5114,14 +5180,6 @@ def document_download(request, document_id):

    return JsonResponse({"success": False, "error": "File not found"})

-    if document.file:
-        response = HttpResponse(
-            document.file.read(), content_type="application/octet-stream"
-        )
-        response["Content-Disposition"] = f'attachment; filename="{document.file.name}"'
-        return response
-
-    return JsonResponse({"success": False, "error": "File not found"})


@login_required
@ -5416,8 +5474,10 @@ def compose_application_email(request, job_slug):
    if request.method == 'POST':

        candidate_ids = request.POST.getlist('candidate_ids')
-        candidates=Application.objects.filter(id__in=candidate_ids)
-        form = CandidateEmailForm(job, candidates, request.POST)
+        print("candidate_ids from post:", candidate_ids)
+
+        applications=Application.objects.filter(id__in=candidate_ids)
+        form = CandidateEmailForm(job, applications, request.POST)
        if form.is_valid():
            print("form is   valid ...")
            # Get email addresses
@ -5453,18 +5513,24 @@ def compose_application_email(request, job_slug):
            )

            if email_result["success"]:
-                for candidate in candidates:
-                    if hasattr(candidate, 'person') and candidate.person:
+                for application in applications:
+                    if hasattr(application, 'person') and application.person:
                        try:
+                            print(request.user)
+                            print(application.person.user)
+                            print(subject)
+                            print(message)
+                            print(job)
+
                            Message.objects.create(
                                sender=request.user,
-                                recipient=candidate.person.user,
+                                recipient=application.person.user,
                                subject=subject,
                                content=message,
                                job=job,
                                message_type='email',
                                is_email_sent=True,
-                                email_address=candidate.person.email if candidate.person.email else candidate.email
+                                email_address=application.person.email if application.person.email else application.email
                            )

                        except Exception as e: