Improve security of /status/job* routes #585
Description
I don’t think that the /status/job* filter the lists by what your user should be permitted to see.
I think this was originally by design, as that route is often treated as a system route etc… but job failures in particular can expose details of the data… e.g. if you post a job without setting a graph parameter a sample of triples which aren’t.
I think we probably want to filter the list somehow, but it’s not clear we have enough data to do that at the minute… e.g. the list also contains jobs that have completed/finished ages ago and we will have lost the details on who owned them / their role etc.
I think we may want to restrict the list of jobs to just jobs created by you… and perhaps have an :all filter which requires your user is in the publisher or system role or something like that, but at the minute I think jobs will be exposed to anyone with the access role which could mean people on the mailing list could see limited details of jobs for things that haven’t been published yet.