gak112 / DearJobTesting

1 stars 0 forks source link

[WEB] [Employer-Application Tracking-Job Seeker Details] Unintended Access to "Add Employment" #977

Closed eraytech closed 11 months ago

eraytech commented 11 months ago

Steps:

  1. Open a web browser and navigate to the website: "https://dearjob.org".
  2. On the website's homepage, locate and click on the "LOGIN" link in the menu tab.
  3. Enter the registered Employer email ID and password, then click on the login button or press enter.
  4. After successful login, click on the "EMPLOYER" menu and select "APPLICATIONS TRACKING".
  5. In the Applicants List page, you will find a list of Applicants.
  6. Click on any applicant's name to view the full profile of the Applicant.
  7. Navigate to the "Employment" section within the Applicant's profile.

Actual Result:

The "Employment" section within the Applicant's profile displays an "Add Employment" option, intended for job seekers to manage their employment history. However, the recruiter also has access to edit and delete the available employment information in the applicant's profile, which is not intended for recruiter access.

Expected Result:

  1. The "Add Employment" option should be restricted or hidden from recruiters to maintain the separation of functionalities meant for job seekers and recruiters.
  2. Recruiters should not be able to edit or delete employment information within the applicant's profile. These functionalities should be exclusive to job seekers for managing their profile details.

image

eraytech commented 11 months ago

verified and working