Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.The resume profile has a workflow field that is triggered by a rule. It is either hidden or visible. This is poor user interface as it doesn't make much sense to include 'incomplete' as a choice that a user can choose. It should be either visible or hidden with the inability to set to visible using a rule that tests if the resume is completed. Also, if a user sets his resume to hidden it will not show on the list of resumes but that doesn't mean there isn't any access control on the profile if they choose to hide it. It's open to anybody in a role with permission to view it even if the person is not looking for work.
Just so people know leaving resumes open to the world is a massive security problem. And, lately with another Drupal job board I built with people leaving their resumes open to the world, their parents are getting calls at 3am with people saying that their son or daughter is in the hospital or jail and they need to send money immediately.
Comments
Comment #1
CD CreditAttribution: CD commentedI second this. All job boards have one standard feature. You have to subscribe and login to see resumes. And it is impossible to see the resumes without paying.
I would be happy to pay for a premium version of this theme that copies the major job boards functions.
Comment #2
Adam S CreditAttribution: Adam S commentedSomeone early last fall created the Commerce Credits module with eRecruiter in mind which took me three weeks to figure out how to use. However, it solves the problem of creating a paid website.
Comment #3
CD CreditAttribution: CD commentedThanks, I'll look into that.
Comment #4
CD CreditAttribution: CD commentedI checked it out is it this module, sorry if it sounds stupid, i just don't want to spend 2 hours working on it and find out its not right http://drupal.org/project/commerce_credits
Comment #5
dasjosee related #1346920: Integrating a payment gateway to charge for job listings?
Comment #6
CD CreditAttribution: CD commentedLooking into it, thanks for the post!
Comment #7
mh86 CreditAttribution: mh86 commentedOnly registered recruiter users can ever access a resume (unless you change the default permissions), but they do not even see the personal information. Furthermore only visible resumes are listed in the resume search.
Nevertheless, we're currently thinking about adding additional access checks to invisible profiles so that they cannot be accessed by recruiters any more.
Comment #8
mh86 CreditAttribution: mh86 commentedand done :-)
now access to resume with state not equals to visible will always be denied, except for the profile owner and for users with administer profiles permissions.