Restrict results to only models with fields from smart_selects
Issue #201 pointed out that the URL endpoints allowed anybody to list arbitrary objects by tweaking the URL parameters.
This release adds checks to the views to ensure that queries return an HTTP 403 (Permission denied) for models that do not have smart_selects fields defined.
Please keep in mind that it is still possible to query models with smart_selects fields.