Resolve "implement access control in job views"
There are two mixins that are really similar. One is dedicated to the UI and another one for the API (they don't share exactly the same requirement because of the CSRF protection that needs to be disable on the API part.
Now, a JobAuthorizationMixin
has been created. It overrides the dispatch
method in order to check if the user can have access to the given job view. If he can't, a 403
HTTP error is sent back.
I added to the JobDetail
view a dispatch
method in order to restrict the view of a job to its creator and superusers.
Closes #250 (closed)