Resolve "implement access control in job views" (!116) · Merge requests · allgo / allgo

BERJON Matthieu requested to merge 250-implement-access-control-in-job-views into django Sep 12, 2018

There are two mixins that are really similar. One is dedicated to the UI and another one for the API (they don't share exactly the same requirement because of the CSRF protection that needs to be disable on the API part.

Now, a JobAuthorizationMixin has been created. It overrides the dispatch method in order to check if the user can have access to the given job view. If he can't, a 403 HTTP error is sent back.

I added to the JobDetail view a dispatch method in order to restrict the view of a job to its creator and superusers.

Closes #250 (closed)

Edited Sep 27, 2018 by BAIRE Anthony

Resolve "implement access control in job views"

Merge request reports