search

RobertWSaunders / engsoc-dash

A central place that engineering students at Queen's University can come to manage various different aspects of their life as a student. :collision: :feet:
MIT License
4 stars 4 forks source link

Calendar shows all scheduled interviews #84

Open maxkaran opened 6 years ago

maxkaran commented 6 years ago

Description

All scheduled interviews for all organizations show up on the calendar when a manager tries to schedule an interview.

Expected Behavior

Should only show the interviews that manager has scheduled.

Actual Behavior

Instead shows all interviews that any manager has scheduled (This is a problem for confidentiality).

Steps to Reproduce

  1. Schedule interviews with different manager accounts. A manager should only be able to see the interviews they have scheduled.

  2. Navigate to any page with the calendar (for example, dash.engsoc.queensu.ca/interviews/manage) and you will see all scheduled interviews, not just the ones pertinent to that specific account.

NOTE: An admin account should be able to see all scheduled interviews, so this behaviour is ok on the dash.engsoc.queensu.ca/interviews/admin page.

NOTE: It seems in the code, the current token used to populate the calendars is @interviews

In app/views/interviews/new.html.erb, line 16 <%= render 'calendar', interviews: @interviews %>

replacing the @interviews variable with an empty JSON as below results with an empty calendar. <%= render 'calendar', interviews: {} %>

Perhaps there is another variable that only holds the relevant interviews? Or a way to check permissions on the interviews?

Just throwing it out there, I am unfamiliar with the code so I realize it may not be that simple!

Environment

RobertWSaunders commented 6 years ago

Will give this a look over thanksgiving!