Implement proper authorization
Closed this issue · 2 comments
adamkewley commented
At the moment, all users can see+abort eachover's jobs, which is fine for internal data requests but poor for anything production-grade.
adamkewley commented
Blocked by this: The deletion API: because there's no authorisation, it would be risky to allow users to delete any job (need an admin role, etc.)
adamkewley commented
This has been kicked back to the 1.x
/2.x
wishlist, will not be implemented in time for 1.0.0