Commit 65e6eb1d authored by sebastien letort's avatar sebastien letort
Browse files

In JobAuthMixin, we can safely provided a wrong job id.

parent af9b6351
......@@ -97,7 +97,11 @@ class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
if user is None:
return False
self.raise_exception = True # to return a 403
job = Job.objects.filter(pk=self.kwargs['pk']).first()
job = Job.objects.get(id=self.kwargs['pk'])
except Job.DoesNotExist:
return False
return user.is_superuser or user == getattr(job, "user", ())
def handle_no_permission(self):
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment