Saved dashboards currently available to anyone to view

[simonw]

Until full permissions are implemented in #27 this should be considered an urgent bug to fix.

[simonw]

This was a deliberate design decision but I've changed my mind on it:

django-sql-dashboard/test_project/test_dashboard.py

Lines 23 to 36 in 831bd76

	def test_saved_dashboard(client, admin_client, dashboard_db):
	assert client.get("/dashboard/test/").status_code == 404
	dashboard = Dashboard.objects.create(slug="test")
	dashboard.queries.create(sql="select 11 + 33")
	dashboard.queries.create(sql="select 22 + 55")
	response = client.get("/dashboard/test/")
	assert response.status_code == 200
	assert b"44" in response.content
	assert b"77" in response.content
	# The admin user should get >count< links, but anon should not
	assert b">count<" not in response.content
	admin_response = admin_client.get("/dashboard/test/")
	assert admin_response.status_code == 200
	assert b">count<" in admin_response.content