Implement proper authorization

Question

Closed this issue 6 years ago · 2 comments

At the moment, all users can see+abort eachover's jobs, which is fine for internal data requests but poor for anything production-grade.

Answer 1 · 2018-08-15T10:44:12.000Z

Blocked by this: The deletion API: because there's no authorisation, it would be risky to allow users to delete any job (need an admin role, etc.)

Answer 2 · 2018-10-20T15:54:57.000Z

This has been kicked back to the 1.x/2.x wishlist, will not be implemented in time for 1.0.0