Commit 65e6eb1d authored by sebastien letort's avatar sebastien letort

In JobAuthMixin, we can safely provided a wrong job id.

parent af9b6351
......@@ -97,7 +97,11 @@ class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
if user is None:
return False
self.raise_exception = True # to return a 403
job = Job.objects.filter(pk=self.kwargs['pk']).first()
try:
job = Job.objects.get(id=self.kwargs['pk'])
except Job.DoesNotExist:
return False
return user.is_superuser or user == getattr(job, "user", ())
def handle_no_permission(self):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment