added roles to deprecate admin_is

hasjob/models/jobpost.py

@@ -221,11 +221,6 @@ def query_listed(cls):
     def __repr__(self):
         return '<JobPost {hashid} "{headline}">'.format(hashid=self.hashid, headline=self.headline.encode('utf-8'))
 
-    def admin_is(self, user):
-        if user is None:
-            return False
-        return user == self.user or bool(self.admins.options(db.load_only('id')).filter_by(id=user.id).count())
-
     @property
     def expiry_date(self):
         return self.datetime + agelimit
@@ -343,14 +338,20 @@ def permissions(self, user, inherited=None):
         perms = super(JobPost, self).permissions(user, inherited)
         if self.state.PUBLIC:
             perms.add('view')
-        if self.admin_is(user):
+        if user == self.user or user in self.admins:
             if self.state.UNPUBLISHED:
                 perms.add('view')
             perms.add('edit')
             perms.add('manage')
             perms.add('withdraw')
         return perms
 
+    def roles_for(self, actor=None, anchors=()):
+        roles = super(JobPost, self).roles_for(actor, anchors)
+        if actor == self.user or actor in self.admins:
+            roles.add('admin')
+        return roles
+
     @property
     def from_webmail_domain(self):
         return is_public_email_domain(self.email_domain, default=False)

hasjob/templates/application.html.jinja2

@@ -79,16 +79,16 @@
         </form>
         <div id="appl-response" class="hidden">
           <p>
-            <strong>From:</strong> {{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} (via {{ config['SITE_TITLE'] }}) &lt;{{ config['MAIL_SENDER'] }}&gt;<br>
-            <span class="appl-msg-reply hidden"><strong>Reply-To:</strong> {{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} &lt;{{ post.email }}&gt;<br></span>
+            <strong>From:</strong> {{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} (via {{ config['SITE_TITLE'] }}) &lt;{{ config['MAIL_SENDER'] }}&gt;<br>
+            <span class="appl-msg-reply hidden"><strong>Reply-To:</strong> {{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} &lt;{{ post.email }}&gt;<br></span>
             <strong>To:</strong> {{ job_application.fullname }}<br>
             <strong>Subject:</strong> <span class="appl-msg-reply hidden">Job response:</span><span class="appl-msg-reject hidden">Job declined:</span> {{ post.headline }}
           </p>
           <p class="appl-msg-reply hidden">
-            <em>{{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} has responded to your application for {{ post.headline }}:</em>
+            <em>{{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} has responded to your application for {{ post.headline }}:</em>
           </p>
           <p class="appl-msg-reject hidden">
-            <em>{{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} has declined your application for {{ post.headline }}:</em>
+            <em>{{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} has declined your application for {{ post.headline }}:</em>
           </p>
           {% include "inc/replyform.html.jinja2" %}
         </div>

hasjob/templates/detail.html.jinja2

@@ -152,7 +152,7 @@
                 </div>
               </div>
             {%- endif %}
-            {%- if post.admin_is(g.user) %}
+            {%- if post.current_roles.admin %}
               <a class="list-group-item" href="{{ post.url_for('edit') }}">
                 <i class="fa fa-fw fa-pencil"></i>&nbsp;&nbsp; Edit this
               </a>
@@ -223,7 +223,7 @@
                 </div>
               </div>
             {%- endif %}
-            {%- if is_siteadmin or post.admin_is(g.user) %}
+            {%- if is_siteadmin or post.current_roles.admin %}
               {%- if post.pay_type is not none and not post.state.ANNOUNCEMENT %}
                 <span class="list-group-item">
                   <i class="fa fa-fw fa-money"></i>&nbsp;&nbsp; {{ post.pay_label() }}
@@ -326,7 +326,7 @@
       <h2>Statistics</h2>
       <div>Logged-in users: <span id="post-viewed">⋯</span> viewed › <span id="post-opened">⋯</span> opened form › <span id="post-applied">⋯</span> applied &middot; Per <span id="post-stats-unit"></span>:</div>
       <div id="viewstats-chart"></div>
-      {%- if post.headlineb and (is_siteadmin or post.admin_is(g.user)) %}
+      {%- if post.headlineb and (is_siteadmin or post.current_roles.admin) %}
         <h2>A/B test results</h2>
         <table class="table">
           <thead>

hasjob/templates/respond_email.html.jinja2

@@ -18,9 +18,9 @@
   </div>
   <p>
   {%- if job_application.response.REPLIED %}
-    <em>{{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} has responded to your application for <a href="{{ post.url_for(_external=true) }}">{{ post.headline }}</a>. You can reply to this email to continue the conversation</em>
+    <em>{{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} has responded to your application for <a href="{{ post.url_for(_external=true) }}">{{ post.headline }}</a>. You can reply to this email to continue the conversation</em>
   {%- elif job_application.response.REJECTED %}
-    <em>{{ g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name }} has declined your application for <a href="{{ post.url_for(_external=true) }}">{{ post.headline }}</a></em>
+    <em>{{ g.user.fullname if post.current_roles.admin else post.fullname or post.company_name }} has declined your application for <a href="{{ post.url_for(_external=true) }}">{{ post.headline }}</a></em>
   {%- endif %}
   </p>
   <hr>

hasjob/views/helper.py

@@ -46,7 +46,7 @@ def index_is_paginated():
 
 def has_post_stats(post):
     is_siteadmin = lastuser.has_permission('siteadmin')
-    return is_siteadmin or post.admin_is(g.user) or (current_auth and g.user.flags.get('is_employer_month'))
+    return is_siteadmin or post.current_roles.admin or (current_auth and g.user.flags.get('is_employer_month'))
 
 
 @form_validation_success.connect

hasjob/views/listing.py

@@ -58,7 +58,7 @@ def jobdetail(domain, hashid):
         return redirect(post.url_for(), code=301)
 
     if post.state.UNPUBLISHED:
-        if not (current_auth and post.admin_is(g.user)):
+        if not (current_auth and post.current_roles.admin):
             abort(403)
     if post.state.GONE:
         abort(410)
@@ -147,7 +147,7 @@ def jobdetail(domain, hashid):
 
     is_bgroup = getbool(request.args.get('b'))
     headline = post.headlineb if is_bgroup and post.headlineb else post.headline
-    if is_siteadmin or post.admin_is(g.user) or (current_auth and g.user.flags.get('is_employer_month')):
+    if is_siteadmin or post.current_roles.admin or (current_auth and g.user.flags.get('is_employer_month')):
         post_viewcounts = get_post_viewcounts(post.id)
     else:
         post_viewcounts = None
@@ -167,7 +167,7 @@ def jobdetail(domain, hashid):
 def job_viewstats(domain, hashid):
     is_siteadmin = lastuser.has_permission('siteadmin')
     post = JobPost.query.filter_by(hashid=hashid).options(db.load_only('id', 'datetime')).first_or_404()
-    if is_siteadmin or post.admin_is(g.user) or (current_auth and g.user.flags.get('is_employer_month')):
+    if is_siteadmin or post.current_roles.admin or (current_auth and g.user.flags.get('is_employer_month')):
         return jsonify({
             "unittype": post.viewstats[0],
             "stats": post.viewstats[1],
@@ -416,7 +416,7 @@ def view_application_email_gif(domain, hashid, application):
 def view_application(domain, hashid, application):
     post = JobPost.query.filter_by(hashid=hashid).first_or_404()
     # Transition code until we force all employers to login before posting
-    if post.user and not (post.admin_is(g.user) or lastuser.has_permission('siteadmin')):
+    if post.user and not (post.current_roles.admin or lastuser.has_permission('siteadmin')):
         if not current_auth:
             return redirect(url_for('login', message=u"You need to be logged in to view candidate applications on Hasjob."))
         else:
@@ -455,7 +455,7 @@ def view_application(domain, hashid, application):
 @app.route('/apply/<hashid>/<application>', defaults={'domain': None}, methods=['POST'])
 def process_application(domain, hashid, application):
     post = JobPost.query.filter_by(hashid=hashid).first_or_404()
-    if post.user and not post.admin_is(g.user):
+    if post.user and not post.current_roles.admin:
         if not current_auth:
             return redirect(url_for('login'))
         else:
@@ -488,7 +488,7 @@ def process_application(domain, hashid, application):
                     base_url=request.url_root)
                 email_text = html2text(email_html)
 
-                sender_name = g.user.fullname if post.admin_is(g.user) else post.fullname or post.company_name
+                sender_name = g.user.fullname if post.current_roles.admin else post.fullname or post.company_name
                 sender_formatted = u'{sender} (via {site})'.format(
                     sender=sender_name,
                     site=app.config['SITE_TITLE'])
@@ -587,7 +587,7 @@ def send_reject_mail(reject_type, post, banned_posts=[]):
         mail.send(msg)
 
     post = JobPost.query.filter_by(hashid=hashid).first_or_404()
-    if post.state.UNPUBLISHED and not post.admin_is(g.user):
+    if post.state.UNPUBLISHED and not post.current_roles.admin:
         abort(403)
     if post.state.GONE:
         abort(410)
@@ -775,7 +775,7 @@ def confirm_email(domain, hashid, key):
 def withdraw(domain, hashid, key):
     post = JobPost.query.filter_by(hashid=hashid).first_or_404()
     form = forms.WithdrawForm()
-    if not ((key is None and current_auth and post.admin_is(g.user)) or (key == post.edit_key)):
+    if not ((key is None and current_auth and post.current_roles.admin) or (key == post.edit_key)):
         abort(403)
     if post.state.WITHDRAWN:
         flash("Your job post has already been withdrawn", "info")
@@ -812,7 +812,7 @@ def editjob(hashid, key, domain=None, form=None, validated=False, newpost=None):
 
     if not newpost:
         post = JobPost.query.filter_by(hashid=hashid).first_or_404()
-        if not ((key is None and current_auth and post.admin_is(g.user)) or (key == post.edit_key)):
+        if not ((key is None and current_auth and post.current_roles.admin) or (key == post.edit_key)):
             abort(403)
 
         # Once this post is published, require editing at /domain/<hashid>/edit
@@ -994,7 +994,7 @@ def newjob():
         archived_post = JobPost.get(request.args['template'])
         if not archived_post:
             abort(404)
-        if not archived_post.admin_is(g.user):
+        if not archived_post.current_roles.admin:
             abort(403)
         if archived_post.state.LISTED:
             flash("This post is currently active and cannot be posted again.")
@@ -1029,7 +1029,7 @@ def close(domain, hashid, key):
     post = JobPost.get(hashid)
     if not post:
         abort(404)
-    if not post.admin_is(g.user):
+    if not post.current_roles.admin:
         abort(403)
     if request.method == 'GET' and post.state.CLOSED:
         return redirect(post.url_for('reopen'), code=303)
@@ -1053,7 +1053,7 @@ def reopen(domain, hashid, key):
     post = JobPost.query.filter_by(hashid=hashid).first_or_404()
     if not post:
         abort(404)
-    if not post.admin_is(g.user):
+    if not post.current_roles.admin:
         abort(403)
     # Only closed posts can be reopened
     if not post.state.CLOSED: